External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path at the /admin/compass endpoint, which passes data from GET requests to the pathToLogFile function. An attacker who can convince an authenticated user to follow a link containing a malicious file nam...

Tainted Data Can Teach Algorithms the Wrong Lessons

Researchers show how AI programs can be sabotaged by even subtle tweaks to the data used to train them...

UBUNTU-CVE-2018-16396

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats...

Clipbucket 2.7 RC3 0.9 - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Clipbucket 2.7 RC3 0.9 Blind SQL Injection Date : 20 February 2015 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://clip-bucket.com/ Software Link :...

Elemata CMS RC3.0 (global.php, id param) - SQL Injection

No description provided by source. Exploit Title : Elemata CMS RC3.0 SQL Injection Date : 23 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.elemata.com/ Software Link : http://jaist.dl.sourceforge.net/project/elematacms/Elemata%203.x/ElemataRC3.0.zip...

Elemata CMS RC3.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Elemata CMS RC3.0 SQL Injection Date : 23 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.elemata.com/ Software Link :...

mkCMS 3.6 PHP Code Injection

Exploit Title : mkCMS PHP Code Injection Date : 11 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://mkcms.milankragujevic.com/ Software Link : http://jaist.dl.sourceforge.net/project/milan-cms/Releases/mkCMS-v3.6.zip Version : 3.6 Tested on : Window and...

Fobuc Guestbook 0.9 - SQL Injection

Exploit Title : Fobuc Guestbook 0.9 SQL Injection Date : 11 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://sourceforge.net/projects/fobuc/ Software Link : http://jaist.dl.sourceforge.net/project/fobuc/0.9/Release/FOBUC0.9.zip Version : 0.9 Tested on :...

PHP4DVD 2.0 Code Injection Vulnerability

PHP4DVD version 2.0 suffers from a remote PHP code injection vulnerability. Exploit Title : PHP4DVD PHP Code Injection Date : 31 May 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://php4dvd.sourceforge.net/ Software Link :...

PHP4DVD 2.0 Code Injection

Exploit Title : PHP4DVD PHP Code Injection Date : 31 May 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://php4dvd.sourceforge.net/ Software Link : http://downloads.sourceforge.net/project/php4dvd/php4dvd-2.0.zip Version : 2.0 Tested on : Window and Linux...

perl: lc(), uc() routines are laundering tainted data

The 1 lc, 2 lcfirst, 3 uc, and 4 ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection...

Perl Laundering Security Bypass Vulnerability - Windows

Perl is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Perl Laundering Security Bypass Vulnerability (Windows)

The host is installed with Perl and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: gbperlsecbypassvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Perl Laundering Security Bypass Vulnerability Windows Authors: Madhuri D Copyright: Copyright c 2011 Greenbone Networks GmbH,...