Dr.COM APG Anti-Proxy Gateway suffers from SQL Injection Vulnerability

Dr.COM APG Anti-Proxy Gateway Anti-Proxy Gateway is a network behavior analysis and management gateway device designed and developed by Guangzhou Hotspot specifically for broadband shared access management, which mainly provides wired and wireless broadband operators with a real-time control box...

Synology Media Server SQL Injection Vulnerability

Synology Media Server is a set of media server software from Synology. A SQL injection vulnerability exists in Synology Media Server versions prior to 1.7.6-2842 and 1.4-2654. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the 'ObjectID' parameter...

SQL Injection Vulnerability in UQCMS Cloud Business B2B2C Multi-store System

UQCMS cloud business system is a program using PHP + MYSQL, template using smarty template B2B2C e-commerce software. UQCMS cloud business B2B2C multi-store system SQL injection vulnerability, the vulnerability stems from the program on the function filtering is not rigorous. Attackers can use th...

Advantech WebAccess SQL Injection Vulnerability (CNVD-2018-11441)

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. An SQL injection vulnerability exists in Advantech WebAcce...

CVE-2018-10655

DLPnpAuditor.exe in DeviceLock Plug and Play Auditor freeware 5.72 has a Unicode Buffer Overflow SEH...

CVE-2018-8914

SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter...

SQL Injection Vulnerability in YHCMS Version V2.6.5 R20160808

YHCMS is a professional marketing enterprise building system based on PHP+MYSQL as the core development. A SQL injection vulnerability exists in YHCMS version V2.6.5 R20160808. The vulnerability originates from the system's parameter filtering is not rigorous. An attacker can exploit the...

SQL Injection Vulnerability in Nagios XI 5.4.12 and Prior Versions

Nagios is an open source, free network monitoring tool that effectively monitors the status of hosts, switches routers and other network devices, printers, etc. for Windows, Linux and Unix. Nagios XI 5.4.12 and earlier versions suffer from a SQL injection vulnerability that can be exploited by...

SQL Injection Vulnerability in Nagios XI 5.4.12 and Prior (CNVD-2018-09748)

Nagios is an open source, free network monitoring tool that effectively monitors the status of hosts, switches routers and other network devices, printers, etc. for Windows, Linux and Unix. Nagios XI 5.4.12 and earlier versions suffer from a SQL injection vulnerability that can be exploited by...

CVE-2018-9102

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient input validation for...

Apache Fineract SQL Injection Vulnerability (CNVD-2018-09808)

Apache Fineract is a set of open source digital financial services platform of the U.S. Apache Apache Software Foundation. The platform can provide users with data management, loan and savings portfolio management and real-time financial data and other functions. An SQL injection vulnerability...

SQL Injection Vulnerability in Duoduocms V8.3_UTF8_20180131 Official Version

DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuoRebate duoduocms V8.3UTF820180131 official version of the existence of SQL injection vulnerability. The vulnerability stems from the system on the parameters of the...

Debian DSA-4178-1 : libreoffice - security update

Two vulnerabilities were discovered in LibreOffice's code to parse MS Word and Structured Storage files, which could result in denial of service and potentially the execution of arbitrary code if a malformed file is opened. C Tenable Network Security, Inc. The descriptive text and package checks ...

[SECURITY] [DSA 4178-1] libreoffice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4178-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 20, 2018 https://www.debian.org/security/faq -...

CVE-2018-10119

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service use-after-free with write access or possibly have unspecified other impact via a crafted...

Zoho ManageEngine Desktop Central Database Query Type Restriction Under-Execution Vulnerability

ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A security...

Debian: Security Advisory (DSA-4178-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KLA11596 SB vulnerability in LibreOffice

Use after free vulnerability was found in Structured Storage parser. Malicious users can exploit this vulnerability via writing to recently freed data to bypass security restrictions. Original advisories CVE-2018-10119 Use After Free in Structured Storage parser Related products LibreOffice CVE...

CVE-2018-10119

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service use-after-free with write access or possibly have unspecified other impact via a crafted...

DEBIAN-CVE-2018-10119

sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x before 6.0.1.1 uses an incorrect integer data type in the StgSmallStrm class, which allows remote attackers to cause a denial of service use-after-free with write access or possibly have unspecified other impact via a crafted...