CVE-2017-9834

SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watuproquestions parameter in a watuprosubmit action to wp-admin/admin-ajax.php...

gikix.com XSS vulnerability

Vulnerable URL: http://gikix.com/index.php?l=en';prompt'OPENBUGBOUNTY Details: Description| Value ---|--- Patched:| No Latest check for patch:| 23.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 35350 VIP website status:| Yes Check gikix.com SSL connection:|...

SQL Injection Vulnerability in Hanchao B2B2C Multi-User Mall System Submit_service Method

Hanchao B2B2C multi-user mall system is a PHP multi-user mall website system source code developed in PHP + MySQL. Hanchao B2B2C multi-user mall system submitservice method exists SQL injection vulnerability, due to the system failed to strictly filter the parameters provided by the user. An...

The vulnerability of the Linux operating system’s DRM driver allows a violator to trigger a service failure or exert other effects.

The vulnerability of the vc4getbcl function in the VideoCore DRM driver for the Linux operating system is due to a numerical overflow. Exploiting this vulnerability could allow an attacker, operating locally, to cause a service failure or other adverse effects through a specially crafted call to...

Google Android Broadcom Wi-Fi driver elevation of privilege vulnerability (CNVD-2017-04967)

Google Android is a mobile operating system based on the Linux open kernel. Google Android has a security vulnerability in the Broadcom Wi-Fi driver implementation that allows remote attackers to exploit the vulnerability to submit special applications with elevated privileges...

Multiple Jensen of Scandinavia Air:Link Open Redirect Vulnerabilities

Air:Link 3G, Air:Link 5000AC, Air:Link 59300 are routers from Jensen of Scandinavia, Norway. An open redirect vulnerability exists in the handling of the 'submit-url' parameter on the /goform/ page of multiple Jensen of Scandinavia Air:Link products. An attacker can construct a malicious URI, tri...

CVE-2016-10315

Jensen of Scandinavia AS Air:Link 3G AL3G version 2.23m Rev. 3, Air:Link 5000AC AL5000AC version 1.13, and Air:Link 59300 AL59300 version 1.04 Rev. 4 devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/ pages...

Open redirect

Jensen of Scandinavia AS Air:Link 3G AL3G version 2.23m Rev. 3, Air:Link 5000AC AL5000AC version 1.13, and Air:Link 59300 AL59300 version 1.04 Rev. 4 devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/ pages...

CVE-2016-10315

Jensen of Scandinavia AS Air:Link 3G AL3G version 2.23m Rev. 3, Air:Link 5000AC AL5000AC version 1.13, and Air:Link 59300 AL59300 version 1.04 Rev. 4 devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/ pages...

Privilege escalation

Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions...

NVIDIA Windows GPU Display Driver Elevation of Privilege Vulnerability

The NVIDIA Windows GPU Display Driver is a set of graphics processor GPU graphics card drivers for Windows. A security vulnerability exists in the 'SubmitCommandVirtual DDI DxgkDdiSubmitCommandVirtual ' function implementation of nvlddmkm.sys in the NVIDIA Windows GPU Display Driver. An attacker...

CVE-2016-4311

Cross-site request forgery CSRF vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request...

CVE-2016-4311

Cross-site request forgery CSRF vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request...

Linux Kernel Integer Overflow Vulnerability (CNVD-2017-01299)

The Linux Kernel is the kernel of the Linux operating system. A security vulnerability exists in the drivers/gpu/drm/vc4/vc4gem.c/vc4getbcl function in the VideoCore DRM driver in versions of Linux kernel prior to 4.9.7. A local user can cause a denial of service by calling the internally...

DEBIAN-CVE-2017-5576

Integer overflow in the vc4getbcl function in drivers/gpu/drm/vc4/vc4gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4SUBMITCL ioctl call...

DEBIAN-CVE-2017-5577

The vc4getbcl function in drivers/gpu/drm/vc4/vc4gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service incorrect pointer dereference and OOPS via inconsistent size valu...

UBUNTU-CVE-2017-5577

The vc4getbcl function in drivers/gpu/drm/vc4/vc4gem.c in the VideoCore DRM driver in the Linux kernel before 4.9.7 does not set an errno value upon certain overflow detections, which allows local users to cause a denial of service incorrect pointer dereference and OOPS via inconsistent size valu...

HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download

''' Exploit Title: HelpDeskZ fetchRow"SELECT , COUNTid AS total FROM ".TABLEPREFIX."attachments WHERE id=".$db-realescapestring$params2." AND ticketid=".$params0." AND msgid=".$params3; third argument AND msgid=".$params3; sent to fetchRow query with out any senitization Steps to reproduce:...

PT-2017-2021 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.9.7 Description: The issue is caused by an integer overflow in the vc4 get bcl function of the VideoCore DRM driver. This can be exploited by a local attacker using a specially crafted VC4 SUBMIT CL ioctl call...

Malware exploit: Filestealer 1.3

FileStealer v1.3 Type: Upload vulnerability Author: Xylitol !-- FileStealer v1.3 panel upload vulnerability -- !-- Panel hash: be19e93878130b2f57d42d4dcf5ffcf0 -- form method="POST" action="http://localhost/panel/up.php" enctype="multipart/form-data" File: input type="file" name="file" / br / HWI...