EasySNS Minimalist Community getgrouptopic method has SQL injection vulnerability

EasySNS Minimalist Community Group Edition is a new database architecture and program structure to form an interactive community with a group as the basic unit. EasySNS Minimalist Community getgrouptopic method has a SQL injection vulnerability, which can be exploited by attackers to obtain...

Machine Learning: Identify the Unpredictable – Whiteboard Wednesday [Video]

When it comes to identifying insider threats, the fundamental challenge is how to determine when data access appears out of the ordinary for a typical user or system, and of those instances, which ones are dangerous versus merely unusual. A lot of solutions today serve up so many policy violation...

Debian DLA-1146-1 : mosquitto security update

mosquitto's persistence file mosquitto.db was created in a world-readable way thus allowing local users to obtain sensitive MQTT topic information. While the application has been fixed to set proper permissions by default, you still have to manually fix the permissions on any existing file. For...

CVE-2014-2023

Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to 1 unsubscribeforum.php or 2 unsubscribetopic.php in mobiquo/functions/...

ALPINE-CVE-2017-7650

In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access...

DEBIAN-CVE-2017-7650

In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by clients that set their username/client id to '' or '+'. This allows locally or remotely connected clients to access MQTT topics that they do have the rights to. The same issue may be present in third party authentication/access...

[ASA-201707-16] mosquitto: information disclosure

Arch Linux Security Advisory ASA-201707-16 ========================================== Severity: Medium Date : 2017-07-16 CVE-ID : CVE-2017-9868 Package : mosquitto Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-353 Summary ======= The package mosquitto before...

Mosquitto Information Disclosure Vulnerability

Eclipse Mosquitto is an open source messaging agent software from the Eclipse Foundation . A security vulnerability exists in Eclipse Mosquitto 1.4.12 and earlier versions, which stems from the program setting the mosquitto.db file as globally readable. A local attacker could exploit the...

Information disclosure

In Mosquitto through 1.4.12, mosquitto.db aka the persistence file is world readable, which allows local users to obtain sensitive MQTT topic information...

CVE-2017-9868

In Mosquitto through 1.4.12, mosquitto.db aka the persistence file is world readable, which allows local users to obtain sensitive MQTT topic information...

DEBIAN-CVE-2017-9868

In Mosquitto through 1.4.12, mosquitto.db aka the persistence file is world readable, which allows local users to obtain sensitive MQTT topic information...

SQL Injection Vulnerability in Topic Parameter of Zaoyang City Shanshui Digital Studio's Website Building System

Zaoyang Shanshui Digital Studio website building system is a website building system. A SQL injection vulnerability exists in the topic parameter of the Zaoyang City Landscape Digital Studio website builder system. Allow attackers to exploit the vulnerability to obtain sensitive information from...

MyBB MyCode Module Cross-Site Scripting Vulnerability

MyBB is the very best international free forum software. MyBB MyCode module there is a station scripting vulnerability, an attacker can use the vulnerability in the published topic, in the content of the email=2 "onmouseover="alertdocument.locationhover me/email can be triggered by cross-site...

factbites.com XSS vulnerability

Vulnerable URL: http://www.factbites.com/topics/SDS"'--!confirmOPENBUGBOUNTY...

CVE-2017-6479

FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php search-by-topic parameter...

CVE-2017-6479

FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php search-by-topic parameter...

SQL Injection Vulnerability in Ocean CMS tid Parameter

Ocean CMS is an open source website builder. An SQL injection vulnerability exists in the admintopicvod.php page of Ocean CMS 6.46 utf-8 official. The lack of filtering of the 'tid' parameter allows an attacker to exploit the vulnerability to obtain sensitive information about the database...

Duomi (DuomiCms) movie and TV management system topic and tid parameters exist SQL injection vulnerability

Duomi DuomiCms film and television management system is a set of specialized video on demand system. A SQL injection vulnerability exists in DuomiCms. The lack of filtering of the 'topic' and 'tid' parameters allows an attacker to exploit the vulnerability to obtain sensitive information from the...

Fortinet Connect Elevation of Privilege Vulnerability

Fortinet Connect is a device-based and user-based policy deployment network security access device developed by Fiat Fortinet. A security vulnerability exists in Fortinet Connect that stems from the program failing to adequately validate uploaded files. The vulnerability can be exploited to execu...

Mobile Application Security Training Platform: Security Shepherd

The OWASP Security Shepherd project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen...