CVE-2016-1249

The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service out-of-bounds read via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression...

xercms \XerCMS\Services\admin\member.php the background file contains any SQL statement execution vulnerability

In the D:\phpStudy\WWW\xercms\XerCMS\Services\admin\forms. in php updateTemplate（）function function updateTemplate $sname = g'sname';$data = stripslashesp'content'; fileputcontentsINC.' Data/forms/template/'.$ sname.'. htm',$data; $this-tips'finish',dreferer; You can see fileputcontentsINC.'...

CVE-2017-5218

A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The APDocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable c...

Community Builder versions 2.1 and previous

Community Builder Versions 2.1.0 and previous contain versions of 3rd party libraries with known vulnerabilities: PHPMailer and Guzzle Release 2.1.1 updates to version 5.2.22 of PHP Mailer provides custom fix for Guzzle library Developer states that this is precautionary only, and that these...

MariaDB Server 10.1.x < 10.1.21 Multiple Vulnerabilities

Binary data 9915.prm...

Denial Of Service (DoS)

mss is vulnerable to denial of service DoS. It uses an assert statement to check if the display is opened on a Linux system. Assert is usually used to test conditions that should have never happened and is to crash early in the case of a corrupt program state. Therefore, a malicious user can...

Fedora Update for trytond-account-statement FEDORA-2016-d961441913

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: kernel

Issue Overview: CVE-2016-8645 kernel: a BUG statement can be hit in net/ipv4/tcpinput.c It was discovered that the Linux kernel since 3.6-rc1 with net.ipv4.tcpfastopen; set to 1 can hit BUG statement in tcpcollapse function after making a number of certain syscalls leading to a possible system...

CVE-2016-1251

There is a vulnerability of type use-after-free affecting DBD::mysql aka DBD-mysql or the Database Interface DBI MySQL driver for Perl 3.x and 4.x before 4.041 when used with mysqlserverprepare=1. Mitigation This problem is only exposed when the user uses server-side prepared statement support...

CVE-2016-1249

The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service out-of-bounds read via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression...

Facebook Bug Declares Millions of Users Dead, Including Zuckerberg!

Last night, Facebook declared everyone dead, including the company's CEO Mark Zuckerberg, in a massive memorial 'remembering' profile glitch. Well, that's awkward. Despite being very much alive, Facebook users, when logged on to their accounts on Friday afternoon, found their accounts turned to a...

MariaDB Server 10.1.x < 10.1.18 Multiple DoS

Binary data 9688.prm...

BlockChain.info Domain Hijacked; Site Goes Down; 8 Million Bitcoin Wallets Inaccessible

UPDATE: The site is back and working. Blockchain team released a statement via Twitter, which has been added at the end of this article. If you are fascinated with the idea of digital currency, then you might have heard about BlockChain.Info. It’s Down! Yes, Blockchain.info, the world's most...

CVE-2016-7435

The 1 SCTCREFRESHEXPORTTABCOMP, 2 SCTCREFRESHCHECKENV, and 3 SCTCTMSMAINTAINALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security...

MariaDB 10.1.x < 10.1.11 sql/sql_yacc.yy SELECT Statement Keyword Handling DoS

The version of MariaDB running on the remote host is 10.1.x prior to 10.1.11. It is, therefore, affected by a denial of service vulnerability due to a flaw in sqlyacc.yy that is triggered when handling keywords in SELECT statements. An authenticated, remote attacker can exploit this to crash the...

On Python vulnerabilities mining those have to mention the thing-vulnerability warning-the black bar safety net

! Foreword Python because of its in the development of larger, more complex application aspects of the unique convenience, so that it in a computer environment becomes more and more indispensable. Although its obvious speech intelligibility and the use friendliness allows the software engineers a...

JVN#85213412: Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection

Multiple games provided by AKABEi SOFT2 LTD. contain an OS command injection vulnerability CWE-78 due to an issue in loading saved data. Impact When specially crafted saved data is loaded, an arbitrary OS command may be executed. Solution Apply a Workaround The following workaround can mitigate t...

PHP 'pgsql_statement.c' Denial of Service Vulnerability

PHP is an open source general-purpose computer scripting language. PHP 'pgsqlstatement.c' has a denial of service vulnerability that allows attackers to cause a denial of service by exploiting this vulnerability...

Gratipay: Cross Site Scripting In Profile Statement

Hey Sir, I Have found Cross Site ScriptingXSS Vulnerabilities in updating profile statement, This is Advance XSS Script, You can see it XSS-Gratipay.txt You can also see it live here: https://gratipay.com/MuhaddiMu/ Steps to produce: 1 Login To Your Account. 2 Click on Edit Statement 3 Copy and...

Trend Micro Control Manager AdHocQuery_CustomProfiles SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within AdHocQueryCustomProfiles.aspx. The issue lies in the failure to sanitize...