170 matches found
libreswan security and bug fix update
3.29-6.0.1 - Add libreswan-oracle.patch to detect Oracle Linux distro 3.29-6 - Resolves: rhbz1714331 support NSS based IKE KDFs require updated nss for rhbz 1738689, memleak fix 3.29-5 - Resolves: rhbz1714331 support NSS based IKE KDFs so libreswan does not need FIPS certification 3.29-4 -...
AZADMIN CMS Of HIDEA 1.0 SQL Injection
Sql Injection on AZADMIN CMS of HIDEA v1.0 + Date: 24/06/2019 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.hidea.com/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable Files: newsdet.php + Dork :...
OPENSUSE-SU-2019:0244-1 Security update for python-Jinja2
This update for python-Jinja2 fixes the following issues: - Update to 2.8 - Added target parameter to urlize function. - Added support for followsymlinks to the file system loader. - The truncate filter now counts the length. - Added equalto filter that helps with select filters. - Changed cache...
qdPM 9.1 - search_by_extrafields[] SQL Injection
qdPM 9.1 - searchbyextrafields SQL Injection =========================================================================================== Exploit Title: qdPM 9.1 - 'searchbyextrafields' SQL Injection Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...
Joomla vWishlist 1.0.1 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component vWishlist 1.0.1 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Joomla! Component vWishlist 1.0.1 - SQL Injection
Exploit Title: Joomla! Component vWishlist 1.0.1 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/extension-specific/virtuemart-extensions/vwishlist/ Version: 1.0.1...
CVE-2018-20405
BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue...
CVE-2018-20405
BigTree CMS 4.3 contains an information disclosure in the admin/news input path: authenticated access can trigger a syntax error that reveals the server path. This is described across multiple sources (NVD/CNVD/OSV). Root cause: path disclosure through a crafted admin/news input that triggers a s...
CVE-2018-20405
BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue...
CVE-2018-20405
BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error. NOTE: This has been disputed with the following reasoning: "The issue reported requires full developer level access to the content management system where cross site scripting is not an issue...
openSUSE: Security Advisory for dpdk (openSUSE-SU-2018:4003-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for dpdk (moderate)
This update for dpdk to version 16.11.8 provides the following security fix: - CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt host application ovs-dpdk memory which could have lead all VM to lose connectivity bsc1089638 and following non-security fixes: - Enable the broadcom...
openSUSE Security Update : dpdk (openSUSE-2018-1484)
This update for dpdk to version 16.11.8 provides the following security fix : - CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt host application ovs-dpdk memory which could have lead all VM to lose connectivity bsc1089638 and following non-security fixes : - Enable the broadco...
SUSE SLES12 Security Update : dpdk (SUSE-SU-2018:3923-1)
This update for dpdk to version 16.11.8 provides the following security fix : CVE-2018-1059: restrict untrusted guest to misuse virtio to corrupt host application ovs-dpdk memory which could have lead all VM to lose connectivity bsc1089638 and following non-security fixes: Enable the broadcom...
OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...
Joomla! Component EkRishta 2.10 - 'username' SQL Injection
Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Date: 2018-06-11 Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win 10 POC : SQLi : Parameter : username...
Joomla EkRishta 2.10 SQL Injection
Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Date: 2018-06-11 Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win 10 POC : SQLi : Parameter : username...
Joomla EkRishta 2.10 Component - username SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win ...
Auto Car 1.2 - car_title SQL Injection Cross-Site Scripting
Auto Car 1.2 - cartitle SQL Injection Cross-Site Scripting Exploit Title: Auto car 1.2 - 'cartitle' SQL Injection / Cross-Site Scripting Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/auto-car-car-listing-script/19221368?srank=1159 Version: 1.2...
Auto Car 1.2 Cross Site Scripting / SQL Injection
Exploit Title: Auto car 1.2 - 'cartitle' SQL Injection / Cross-Site Scripting Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/auto-car-car-listing-script/19221368?srank=1159 Version: 1.2 Tested on: Win 10 POC 1: SQLi: Parameter: cartitle Type:...