CVE-2015-1245

The connected documents confirm CVE-2015-1245 in Google Chrome is a use-after-free in pdfium from OpenPDFInReaderView::Update, caused by a pdfium button with an invalid tab association. This can lead to a denial of service via heap memory corruption, with the potential for unspecified impact. The...

chromium-browser: Use-after-free in PDFium

Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/locationbar/openpdfinreaderview.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other...

CVE-2013-4793

The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request...

SA-CONTRIB-2014-087 - Drupal Commerce - Information disclosure

Drupal Commerce is used to build eCommerce websites and applications of all sizes. The commerceorder module can be used to create new user accounts where email addresses are used as user names. Since user names are not considered private information in Drupal this is an information disclosure of...

ThinkSAAS 最新版SQL注入之二

简要描述： ThinkSAAS 最新版2.1，官方2月15日更新，SQL注入第二弹 详细说明： 上传资料处/app/attach/action/upload.php： case "do": $userid = intval$GET'userid'; $albumid = intval$GET'albumid'; if$userid=='0' || $albumid == 0 echo '00000'; exit; $attachid = $new'attach'-create'attach',array 'userid' = $userid,...

ThinkSAAS 最新版SQL注入之一

简要描述： ThinkSAAS 最新版2.1，官方2月15日更新，SQL注入第一弹 详细说明： 文件/app/photo/action/album.php //批量修改执行 case "infodo": //用户是否登录 $userid = aac'user'-isLogin; $albumid = intval$POST'albumid'; $albumface = tsClean$POST'albumface';//进行了过滤，但未过滤完全 $arrPhotoId = intval$POST'photoid'; $arrPhotoDesc = $POST'photodesc';...

Thinksaas SQL注入漏洞

简要描述： Thinksaas SQL注入5 详细说明： Thinksaas SQL注入5 积分兑换——物品编辑处，sql注入。 第一处：/app/redeem/action/edit.php case "do": $goodsid = intval$POST'goodsid'; $cateid = intval$POST'cateid'; $title = trim$POST'title';//问题在这里 $content = trim$POST'content';//问题在这里 $nums = intval$POST'nums'; $scores =...

WordPress Mz-Jajak 2.1 SQL Injection

Exploit Title: WordPress Mz-jajak plugin query"UPDATE " . $tablename . " SET ".$answert."=".$answert."+1 WHERE id=".$id; $rows = $wpdb-getresults"SELECT FROM " . $tablename . " WHERE id=".$id; Greetz: T0r3x, m1l05, JuMp-Er, EsC, UNICORN, Xermes, s4r4d0...

INSECT Pro 2.7 - Penetration testing tool download

INSECT Pro 2.7 - Penetration testing tool download INSECT Pro 2.7 - Ultimate is here! This penetration security auditing and testing software solutionis designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active...

DmxReady Links Manager 1.2 SQL Injection

Exploit Title: DmxReady Links Manager v1.2 SQL Injection Vulnerability Google Dork: inurl:inclinksmanager.asp Date: 03.07.2011 Author: Bellatrix Software Link: http://www.dmxready.com/?product=links-manager Version: v1.2 Language: ASP Price : $99.97 Tested on: Windows XP Sp3 Greetz : VoLqaN ,...

DmxReady News Manager 1.2 - SQL Injection

DmxReady News Manager 1.2 - SQL Injection Exploit Title: DmxReady News Manager v1.2 SQL Injection Vulnerability Google Dork: inurl:incnewsmanager.asp Date: 03.07.2011 Author: Bellatrix Software Link: http://www.dmxready.com/?product=news-manager Version: v1.2 Language: ASP Price : $99.97 Tested o...

CVE-2009-3720

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...

Panda Security ActiveScan 2.0 (Update) Remote BOF Exploit

Exploit for unknown platform in category remote exploits ========================================================= Panda Security ActiveScan 2.0 Update Remote BOF Exploit ========================================================= Author: Karol Wiesek There exists two vulnerabilities in Panda...

LDAP server update function vulnerable to buffer overflow

Overview Some LDAP servers contain a buffer overflow vulnerability in the update processing. Impact A remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user running the LDAP server. Solution None...

CVE-2008-0227

yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service crash via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp...