CVE-2018-6363

SQL Injection exists in Task Rabbit Clone 1.0 via the singleblog.php id parameter...

CVE-2018-6363

Task Rabbit Clone 1.0 has a SQL injection in single_blog.php via the id parameter. The vulnerability (CVE-2018-6363) is documented with high/critical impact in CVSS metrics (C/H I/H A/H on networks, low attack complexity, no auth). Related references indicate public exploit activity (e.g., Packet...

CVE-2018-6363

SQL Injection exists in Task Rabbit Clone 1.0 via the singleblog.php id parameter...

Security update for MozillaThunderbird (important)

This update for MozillaThunderbird to version 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation bsc1077291. - CVE-2018-5096: Use-after-free while editing form elements bsc1077291. - CVE-2018-5097:...

Task Rabbit Clone 1.0 SQL Injection

Exploit Title: Task Rabbit Clone 1.0 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://migrateshop.com/ Software Link: http://migrateshop.com/product/task-rabbit-clone-php-script/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsan Sencan...

Task Rabbit Clone 1.0 - 'id' SQL Injection

Exploit Title: Task Rabbit Clone 1.0 - SQL Injection Dork: N/A Date: 27.01.2018 Vendor Homepage: http://migrateshop.com/ Software Link: http://migrateshop.com/product/task-rabbit-clone-php-script/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsan Sencan...

OPENSUSE-SU-2018:0257-1 Security update for MozillaThunderbird

This update for MozillaThunderbird to version 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation bsc1077291. - CVE-2018-5096: Use-after-free while editing form elements bsc1077291. - CVE-2018-5097:...

OPENSUSE-SU-2018:0256-1 Security update for MozillaThunderbird

This update for MozillaThunderbird to version 52.6 fixes several issues. These security issues were fixed: - CVE-2018-5095: Integer overflow in Skia library during edge builder allocation bsc1077291. - CVE-2018-5096: Use-after-free while editing form elements bsc1077291. - CVE-2018-5097:...

Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon

This bug is similar to Jann Horn's issue https://bugs.chromium.org/p/project-zero/issues/detail?id=851 -- credit should go to him. The hardware service manager allows the registration of HAL services. These services are used by the vendor domain and other core processes, including systemserver,...

January 3, 2018—KB4056892 (OS Build 16299.192)

January 3, 2018—KB4056892 OS Build 16299.192 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses issue that may uninstall some Microsoft Store apps on systems that have KB4054517...

CHM Help Files Deliver Brazilian Banking Trojan

Security researchers are warning of a new spam campaign targeting Brazilian institutions that contain Compiled HTML file attachments that are used to deliver a banking Trojan. Spam messages contain a malicious CHM attachment called “comprovante.chm”, wrote Rodel Mendrez, senior security researche...

CVE-2013-6465

Multiple cross-site scripting XSS vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs...

Open-Xchange: [IDOR] Deleting other people's tasks

Description When creating tasks each task is assigned with an id value. Using this id it's possible to delete any task created in the same instance even if you don't actually have access to viewing or editing the task. Steps to Reproduce 1 Login to https://sandbox.open-xchange.com/ with user1 2...

CVE-2017-16962

The WebMail components Crystal, pronto, and pronto4 in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via 1 the location or details field of a Google Calendar invitation, 2 a crafted Outlook.com calendar aka Hotmail Calendar invitation, 3 e-mail granting access to a directory that h...

Horde Groupware Cross-Site Scripting Vulnerability (CNVD-2017-37743)

Horde Groupware is a free, enterprise-grade, browser-based collaboration suite. A cross-site scripting vulnerability exists in Horde Groupware 5.2.19. A cross-site scripting attack can be performed via the Color field in the "Create Task List" action, which can lead to remote code execution...

Cross site scripting

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

UBUNTU-CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...