CVE-2017-1002025

Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement...

CVE-2017-1002025

Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement...

Potential Phishing Scams Related to Equifax Data Breach

The Federal Trade Commission FTC has released an alert on phishing attacks related to the Equifax data breach. Phishing attacks try to trick message recipients into sharing sensitive information with cyber criminals. FTC warns consumers to be wary of calls or emails purporting to be from Equifax...

openSUSE Security Update : freeradius-server (openSUSE-2017-972)

This update for freeradius-server fixes the following issues : - update to 3.0.15 bsc1049086 - Bind the lifetime of program name and python path to the module - CVE-2017-10978: FR-GV-201: Check input / output length in makesecret bsc1049086 - CVE-2017-10983: FR-GV-206: Fix read overflow when...

Threat Outbreak Alert RuleID30308: Email Messages Distributing Malicious Software on August 23, 2017

Medium Alert ID: 54920 First Published: 2017 August 23 15:00 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID30308 may contain the following files: Name |...

CVE-2017-11722

The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service out-of-bounds read and application crash via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging...

Remote Code Execution (RCE)

OrientDB Core is vulnerable to remote code execution RCE attacks. Permissions are not enforced on a user executing a statement to the ORole structure containing a where, fetchplan or order by statement. By executing a groovy function where the groovy wrapper doesn't have a sandbox, any system...

Ruby: Ruby 2.4.1 has "Stack consistency error" and aborts when processing return statement within a case statement

Hi, I found the following file causes a ruby bug stating "Stack consistency error" and aborts. File: 0case when 0 return end xxd -g1 output of file 00000000: 30 3e 63 61 73 65 0a 77 68 65 6e 20 30 0a 72 65 0case.when 0.re 00000010: 74 75 72 6e 20 65 6e 64 0a turn end. ruby output: crash.rb:3: BUG...

Barracuda WAF V360 Firmware 8.0.1.014 Early Boot Root Shell

KL-001-2017-010 : Barracuda WAF Early Boot Root Shell Title: Barracuda WAF Early Boot Root Shell Advisory ID: KL-001-2017-010 Publication Date: 2017.07.06 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-010.txt 1. Vulnerability Details Affected Vendor: Barracuda Affect...

PT-2017-2461 · Oracle +3 · Dbd::Mysql +3

Name of the Vulnerable Software and Affected Versions: DBD::mysql module versions through 4.043 Description: The issue allows remote attackers to cause a denial of service, potentially leading to an application crash, by triggering certain error responses from a MySQL server or a loss of network...

Sql injection

New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLANALL ON protecti...

CVE-2017-9246

New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLANALL ON protecti...

Sql injection

DISPUTED BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and...

Design/Logic Flaw

DISPUTED BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...

CVE-2017-9441

Multiple cross-site scripting XSS vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the 1 title or 2 version or 3 authorname parameter in manifest.json. This issue exists ...

CVE-2017-9443

BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and...

Code Execution Vulnerability in FineCMS Frontend

FineCMS is a content management system based on PHP+MySql. A code execution vulnerability exists in the frontend of FineCMS version 5.x, which can be exploited by an attacker to execute arbitrary code via a constructed statement...

CVE-2017-2513

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute...

CVE-2017-2513

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. A use-after-free vulnerability allows remote attackers to execute...

Memory corruption

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial o...