The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2018-1292

Within the \'getReportType\' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn\'t have authorization for by way of the \'reportName\' parameter.

04/20/2018

CVE-2018-1291

Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter \'orderBy\' which are appended directly with SQL statements. A hacker/user can inject/draft the \'orderBy\' query parameter by way of the "order" param in such a way to read/update the data for which he doesn\'t have authorization.

04/20/2018

CVE-2018-1290

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class.

04/20/2018

CVE-2018-1289

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter \'orderBy\' and \'sortOrder\' which are appended directly with SQL statements. A hacker/user can inject/draft the \'orderBy\' and \'sortOrder\' query parameter in such a way to read/update the data for which he doesn\'t have authorization.

04/20/2018

CVE-2018-10250

iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.

04/20/2018

CVE-2018-10249

baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account.

04/20/2018

CVE-2018-10248

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.

04/20/2018

CVE-2018-10245

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.

04/20/2018

CVE-2018-1292

Within the \'getReportType\' method in Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, a hacker could inject SQL to read/update data for which he doesn\'t have authorization for by way of the \'reportName\' parameter.

04/20/2018

CVE-2018-1291

Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating exposes different REST end points to query domain specific entities with a Query Parameter \'orderBy\' which are appended directly with SQL statements. A hacker/user can inject/draft the \'orderBy\' query parameter by way of the "order" param in such a way to read/update the data for which he doesn\'t have authorization.

04/20/2018

CVE-2018-1290

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class.

04/20/2018

CVE-2018-1289

In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter \'orderBy\' and \'sortOrder\' which are appended directly with SQL statements. A hacker/user can inject/draft the \'orderBy\' and \'sortOrder\' query parameter in such a way to read/update the data for which he doesn\'t have authorization.

04/20/2018

CVE-2018-10250

iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.

04/20/2018

CVE-2018-10249

baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account.

04/20/2018

CVE-2018-10248

An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can delete any article via index.php?m=content&f=content&v=recycle_delete.

04/20/2018

CVE-2018-10245

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example, use the awstats.pl framename and update parameters.

04/20/2018

CVE-2017-8315

Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier was found vulnerable to an XML External Entity attack. An attacker can exploit the vulnerability by implementing malicious code on Androidmanifest.xml.

04/20/2018

CVE-2018-6960

VMware Horizon DaaS (7.x before 8.0.0) contains a broken authentication vulnerability that may allow an attacker to bypass two-factor authentication. Note: In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.

04/20/2018

CVE-2018-10238

bvlc.c in skarg BACnet Protocol Stack 0.8.5 has a buffer overflow in BACnet/IP BVLC packet processing because of a lack of packet-size validation.

04/20/2018

CVE-2018-10201

An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\\ or ..../ or ....\\ as a directory-traversal pattern to TCP port 8667.

04/20/2018

Security News 1 - 20 of 131001
First | Prev. | 1 2 3 4 5 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015