33 matches found
EUVD-2015-7479
Malware in sbrugna...
EUVD-2015-7481
Malware in sbrugna...
EUVD-2015-7480
Malware in sbrugna...
EUVD-2015-7478
Malware in sbrugna...
EUVD-2015-7477
Malicious code in bioql PyPI...
CVE-2015-7567
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter...
Sql injection
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter...
CVE-2015-7567
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter...
CVE-2015-7567
Summary: CVE-2015-7567 is a SQL injection vulnerability in Yeager CMS 1.2.1 that allows remote attackers to execute arbitrary SQL via the "passwordreset&token" parameter. The issue stems from improper input handling in the authentication/password reset flow (root cause: unsafely constructed SQL f...
Unrestricted file upload
Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension...
CVE-2015-7571
Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension...
CVE-2015-7571
Vulnerability CVE-2015-7571 affects Yeager CMS 1.2.1. Unrestricted file upload can lead to remote code execution by uploading an executable file; fixed version is listed as 1.3 in vulnerability references. The available sources describe the issue and indicate upgrade/patch as remediation, but exp...
CVE-2015-7571
Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension...
Sql injection
SQL injection vulnerability in "yeager/y.php/tabUSERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedirorderby" parameter...
Server side request forgery (ssrf)
Multiple server-side request forgery SSRF vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodblite/tests/testadodblite.php, libs/org/adodblite/tests/testdatadictionary.php, or...
Sql injection
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter...
CVE-2015-7569
SQL injection vulnerability in "yeager/y.php/tabUSERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedirorderby" parameter...
CVE-2015-7568
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter...
CVE-2015-7570
Multiple server-side request forgery SSRF vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodblite/tests/testadodblite.php, libs/org/adodblite/tests/testdatadictionary.php, or...
CVE-2015-7569
SQL injection vulnerability in "yeager/y.php/tabUSERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedirorderby" parameter...