Search the Community
Showing results for tags 'library'.
-
TCPDF library Universal POI Payload to Arbitrary File Deletion [+] Author: Filippo Roncari [+] Target: TCPDF library [+] Version: <= 5.9 and probably others [tested on v5.9] [+] Vendor: http://www.tcpdf.org [+] Accessibility: Remote [+] Severity: High [+] CVE: n/a [+] Advisory URL: n/a [+] Contacts: f.roncari@securenetwork.it / f@unsec.it [+] Summary TCPDF library is one of the world's most used open source PHP libraries, included in thousands of CMS and Web applications worldwide. More information at: http://en.wikipedia.org/wiki/TCPDF. A universal Object Injection payload for vulnerabl
-
======================================================================= title: SQL Injection product: WordPress Tune Library Plugin vulnerable version: 1.5.4 (and probably below) fixed version: 1.5.5 CVE number: CVE-2015-3314 impact: CVSS Base Score 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) homepage: https://wordpress.org/plugins/tune-library/ found: 2015-01-09 by: Hannes Trunde mail: hannes.trunde@gmail.com twitter: @hannestrunde ================================================
-
Until yesterday, a popular networking library for iOS and OS X used in apps such as Pinterest and Simple was susceptible to SSL man-in-the-middle (MiTM) attacks. The developer behind the framework AFNetworking on Thursday pushed a fix for the issue, a logic flaw. The flaw had lingered in the wild for more than two months but it took some repeated poking from Github users and two researchers, Simone Bovi and Mauro Gentile at the software security firm Minded Security, for the developer to finally address it. Bovi and Gentile stumbled upon the issue while doing mobile application security analys
-
GE has released a fix for a vulnerability in a library that’s used in several of its products deployed in critical infrastructure areas. The flaw in the HART Device Type Manager library could allow an attacker to crash affected applications or run arbitrary code. The vulnerability in the DTM library affects four of GE’s products, as well as one product manufactured by MACTek. According to an advisory from ICS-CERT, GE has released an updated library that addresses the problem. “The vulnerability causes a buffer overflow in the HART Device DTM crashing the Field Device Tool (FDT) Frame Applicat
-
- application
- dtm
-
(and 3 more)
Tagged with:
-
XSSYA is a python tool that attempts malicious payloads for bypassing web application firewalls. Changes: Library contains 41 payloads now to enhance detection level. Various other updates. Download
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 PHP Code Execution in jui_filter_rules Parsing Library ====================================================== Researcher: Timo Schmid <tschmid@ernw.de> Description =========== jui_filter_rules[1] is a jQuery plugin which allows users to generate a ruleset which could be used to filter datasets inside a web application. The plugin also provides a PHP library to turn the user submitted ruleset into SQL where statements for server side filtering. This PHP library contains a feature which allows to convert the submitted filter values wit