Security News

CVE-2017-15977

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
Categories: Security News

CVE-2017-15978

National Vulnerability Database - Tue, 10/31/2017 - 03:29
AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.
Categories: Security News

CVE-2017-15979

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.
Categories: Security News

CVE-2017-15980

National Vulnerability Database - Tue, 10/31/2017 - 03:29
US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter.
Categories: Security News

CVE-2017-15981

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
Categories: Security News

CVE-2017-15982

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
Categories: Security News

CVE-2017-15983

National Vulnerability Database - Tue, 10/31/2017 - 03:29
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
Categories: Security News

CVE-2017-15984

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Creative Management System (CMS) Lite 1.4 allows SQL Injection via the S parameter to index.php.
Categories: Security News

CVE-2017-15985

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
Categories: Security News

CVE-2017-15986

National Vulnerability Database - Tue, 10/31/2017 - 03:29
CPA Lead Reward Script allows SQL Injection via the username parameter.
Categories: Security News

CVE-2017-15987

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.
Categories: Security News

CVE-2017-15988

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.
Categories: Security News

CVE-2017-15989

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.
Categories: Security News

CVE-2017-15990

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.
Categories: Security News

CVE-2017-15991

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982.
Categories: Security News

CVE-2017-15992

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
Categories: Security News

CVE-2017-15993

National Vulnerability Database - Tue, 10/31/2017 - 03:29
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.
Categories: Security News

CVE-2017-1000255

National Vulnerability Database - Mon, 10/30/2017 - 16:29
On Linux running on PowerPC hardware (Power8 or later) a user process can craft a signal frame and then do a sigreturn so that the kernel will take an exception (interrupt), and use the r1 value *from the signal frame* as the kernel stack pointer. As part of the exception entry the content of the signal frame is written to the kernel stack, allowing an attacker to overwrite arbitrary locations with arbitrary values. The exception handling does produce an oops, and a panic if panic_on_oops=1, but only after kernel memory has been over written. This flaw was introduced in commit: "5d176f751ee3 (powerpc: tm: Enable transactional memory (TM) lazily for userspace)" which was merged upstream into v4.9-rc1. Please note that kernels built with CONFIG_PPC_TRANSACTIONAL_MEM=n are not vulnerable.
Categories: Security News

CVE-2017-10151

National Vulnerability Database - Mon, 10/30/2017 - 16:29
Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.1.9, 11.1.2.1.0, 11.1.2.2.0, 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Identity Manager. While the vulnerability is in Oracle Identity Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Identity Manager. CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Categories: Security News

CVE-2012-4449

National Vulnerability Database - Mon, 10/30/2017 - 15:29
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack.
Categories: Security News

Pages