Monthly Archive: December 2017

Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. Date published : 2017-12-24 https://github.com/d4wner/Vulnerabilities-Report/blob/master/ready-made-job-site-script.md

Readymade Job Site Script has CSRF via the /job URI. Date published : 2017-12-24 https://github.com/d4wner/Vulnerabilities-Report/blob/master/ready-made-job-site-script.md

Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter. Date published : 2017-12-24 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade-Video-Sharing-Script.md

Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. Date published : 2017-12-24 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade-Video-Sharing-Script.md

Readymade Video Sharing Script has CSRF via user-profile-edit.php. Date published : 2017-12-24 https://github.com/d4wner/Vulnerabilities-Report/blob/master/Readymade-Video-Sharing-Script.md

cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, Ouman EH-net, Alliance System WS100 –> AWU 500, Sauter ERW100F001, Carlo Gavazzi SIU-DLG, AEDILIS SMART-1, SYXTHSENSE WebBiter, ABB SREA, and ASCON DY WebServer...

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of...

A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response. Date published : 2017-12-24 https://www.exploit-db.com/exploits/43391/ https://www.exploit-db.com/exploits/45087/

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function GetImagePixelCache in magick/cache.c, which allows attackers to cause a denial of service via a crafted MNG image file that is processed...

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPSDChannelZip in coders/psd.c, which allows attackers to cause a denial of service via a crafted psd image file. Date published :...

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPICTImage in coders/pict.c, which allows attackers to cause a denial of service via a crafted PICT image file. Date published :...

In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in the function WriteOnePNGImage in coders/png.c, which allows attackers to cause a denial of service via a crafted PNG image file. Date published :...

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadPGXImage in coders/pgx.c, which allows attackers to cause a denial of service via a crafted PGX image file. Date published :...

In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file. Date published :...