79 matches found
GHSA-MCX4-F5F5-4859 Prevent cache poisoning via a Response Content-Type header in Symfony
Description ----------- When a Response does not contain a Content-Type header, Symfony falls back to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can lead to a...
Prevent cache poisoning via a Response Content-Type header in Symfony
Description ----------- When a Response does not contain a Content-Type header, Symfony falls back to the format defined in the Accept header of the request, leading to a possible mismatch between the response's content and Content-Type header. When the response is cached, this can lead to a...
Security Bulletin: Jetson AGX Xavier, TK1, TX1, TX2, and Nano L4T- December 2019
NVIDIA has released a software security update for Jetson AGX Xavier, TK1,TX1, TX2, and Nano in the NVIDIA® Tegra® Linux Driver Package L4T. The update addresses issues that may lead to code execution, denial of service, escalation of privileges, or information disclosure. To protect your system,...
Xavier PHP Management Panel Buffer Overflow Vulnerability
Xavier PHP Management Panel is a website user management system. A buffer overflow vulnerability exists in Xavier PHP Management Panel version 3.0. The vulnerability arises when a web system or product performs an operation in memory without properly validating data boundaries, resulting in an...
CVE-2019-14228
Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF...
CVE-2019-14228
Xavier PHP Management Panel 3.0 is affected by a Reflected POST-based XSS in the username parameter during new user registration via admin/includes/adminprocess.php. The XSS reflects on the error page when registration fails, and the vulnerability is exacerbated by the absence of CSRF protection ...
Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow Shellcode (61 bytes)
Exploit Title: Linux/x86 - chmod 666 /etc/passwd & chmod 666 /etc/shadow 61 bytes Date: 10/07/2019 Exploit Author: Xavier Invers Fornells Contact: email protected Tested on: Debian 4.19.28 Architecture: x86 Size: 61 bytes chmod.nasm global start section .text start: push byte 15 pop eax push byte...
Xavier PHP Management Panel SQL Injection Vulnerability
Xavier PHP Management Panel is a PHP-based web content protection script. A SQL injection vulnerability exists in Xavier PHP Management Panel version 2.4. A remote attacker can inject malicious SQL commands into the admin/adminuseredit.php file by sending the 'usertoedit' parameter or the...
Sql injection
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the logid parameter to admin/editgroup.php...
CVE-2017-15949
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the logid parameter to admin/editgroup.php...
CVE-2017-15949
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the logid parameter to admin/editgroup.php...
CVE-2017-15949
Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the logid parameter to admin/editgroup.php...
CVE-2017-15949
CVE-2017-15949 affects Xavier PHP Management Panel 2.4. The vulnerability is an SQL injection in the admin/adminuseredit.php endpoint (parameter: usertoedit) and in admin/editgroup.php (parameter: log_id). Exploitation could allow an attacker to inject SQL commands and potentially take control of...
This Week in Security News
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...
Beware! Over 800 Android Apps on Google Play Store Contain 'Xavier' Malware
Over 800 different Android apps that have been downloaded millions of times from Google Play Store found to be infected with malicious ad library that silently collects sensitive user data and can perform dangerous operations. Dubbed "Xavier," the malicious ad library, initially emerged in...
Xavier SQL Injection Vulnerability
Xavier - PHP is a login script and user management administration panel. Xavier suffers from a SQL injection vulnerability. Allows attackers to exploit the vulnerability to obtain sensitive information...
Xavier 2.4 - SQL Injection Vulnerability
Exploit for php platform in category web applications Document Title: =============== Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities Vulnerability Class: ==================== SQL Injection Current Estimated Price: ======================== 1.000€ - 2.000€ Product & Service Introduction:...
Xavier 2.4 - SQL Injection
Xavier 2.4 - SQL Injection Document Title: =============== Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2076 Release Date: ============= 2017-06-06 Vulnerability Laboratory ID VL-ID:...
Xavier 2.4 - SQL Injection
Document Title: =============== Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2076 Release Date: ============= 2017-06-06 Vulnerability Laboratory ID VL-ID: ==================================== 20...
Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities
Document Title: =============== Xavier v2.4 PHP MP - SQL Injection Web Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2076 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15949 CVE-ID: ======= CVE-2017-15949 Release Date:...