Trend Micro Control Manager cgiCMUIDispatcher SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within cgiCMUIDispatcher.exe. The issue lies in the failure to sanitize user-supplied...

CVE-2016-6149

SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941...

CVE-2016-6149

SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941...

CVE-2016-6148

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service process termination or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136...

CVE-2016-6148

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service process termination or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136...

CVE-2016-6149

SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain sensitive information by leveraging the EXPORT statement to export files, aka SAP Security Note 2252941...

CVE-2016-6149

CVE-2016-6149 affects SAP HANA SPS09 (1.00.091.00.14186593). The issue arises when using the EXPORT statement, enabling local users to obtain sensitive information via file export, constituting an information disclosure vulnerability. Connected sources confirm the root cause as a local export cap...

CVE-2016-6148

CVE-2016-6148 affects SAP HANA DB 1.00.73.00.389160, with a remote code execution/DoS risk reported via vectors related to an IMPORT statement (SAP Security Note 2233136). Documents confirm the vulnerability allows remote attackers to terminate the process or execute arbitrary code, but no specif...

CVE-2016-6148

SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a denial of service process termination or execute arbitrary code via vectors related to an IMPORT statement, aka SAP Security Note 2233136...

Accela Civic Platform Citizen Access portal contains multiple vulnerabilities

Overview Accela Civic Platform Citizen Access portal contains cross-site scripting and arbitrary file upload vulnerabilities. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' - CVE-2016-5660Accela Civic Platform Citizen Access portal contains ...

Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select

More info at https://framework.zend.com/security/advisory/ZF2016-02...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.6.3-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

STOP Sharing that Facebook Privacy and Permission Notice, It's a HOAX

Recently, you may have seen some of your Facebook friends started posting a Facebook "Privacy Notice" clarifying that they no longer give Facebook permission to use their photos, personal information, and so on. The Privacy message looks something like this: "From Monday, 27th June, 2016, 1528 IS...

SolarWinds Storage Resource Monitor Profiler Server RulesMetaData addNewRule SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RulesMetaData's addNewRule method which is reachable through t...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.6.2-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Negin Group CMS - (v) Multiple Web Vulnerabilities

Document Title: =============== Negin Group CMS - v Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1831 Release Date: ============= 2016-04-24 Vulnerability Laboratory ID VL-ID: ==================================== 1831 Comm...

IBM DB2 LUW Denial of Service Vulnerability (CNVD-2016-02177)

IBM DB2 LUW is a set of U.S. IBM's relational database management system running in the LUW Linux, UNIX and Windows platform. A security vulnerability exists in IBM DB2 LUW. A remote attacker can exploit this vulnerability to cause a denial of service service interruption with the help of a...

Gratipay: prevent %2f spoofed URLs in profile statement

https://gratipay.com%[email protected] on clicking on this url this link will take to the google.com or any other malicious url. On seeing it will look like the link will take to the gratipay but onclicking the url it will redirect to the malicious site.Attacker with the help social engg. techniques...

Security Researcher Goes Missing, Who Investigated Bangladesh Bank Hack

Tanvir Hassan Zoha, a 34-year-old security researcher, who spoke to media on the $81 Million Bangladesh Bank cyber theft, has gone missing since Wednesday night, just days after accusing Bangladesh's central bank officials of negligence. Zoha was investigating a recent cyber attack on Bangladesh'...

DTE Energy Insight app vulnerable to information exposure

Overview The DTE Energy Insight app API allows an authenticated user to obtain and query certain limited customer information from other customers. Description CWE-200: Information Exposure- CVE-2016-1562The DTE Energy Insight app lets DTE Energy customers track their energy usage. This informati...