The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2018-18955

In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.

11/16/2018

CVE-2018-18806

School Equipment Monitoring System 1.0 allows SQL injection via the login screen, related to include/user.vb.

11/16/2018

CVE-2018-18805

PointOfSales 1.0 allows SQL injection via the login screen, related to LoginForm1.vb.

11/16/2018

CVE-2018-18804

Bakeshop Inventory System 1.0 has SQL injection via the login screen, related to include/publicfunction.vb.

11/16/2018

CVE-2018-18803

Curriculum Evaluation System 1.0 allows SQL Injection via the login screen, related to frmCourse.vb and includes/user.vb.

11/16/2018

CVE-2018-18801

The BSEN Ordering software 1.0 has SQL Injection via student/index.php?view=view&id=[SQL] or index.php?q=single-item&id=[SQL].

11/16/2018

CVE-2018-18799

School Attendance Monitoring System 1.0 has CSRF via event/controller.php?action=photos.

11/16/2018

CVE-2018-18797

School Attendance Monitoring System 1.0 has CSRF via /user/user/edit.php.

11/16/2018

CVE-2018-18796

Library Management System 1.0 has SQL Injection via the "Search for Books" screen.

11/16/2018

CVE-2018-18795

School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id parameter.

11/16/2018

CVE-2018-18794

School Event Management System 1.0 allows CSRF via user/controller.php?action=edit.

11/16/2018

CVE-2018-18793

School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos.

11/16/2018

CVE-2018-18763

SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.

11/16/2018

CVE-2018-18761

SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.

11/16/2018

CVE-2018-18760

RhinOS 3.0 build 1190 allows CSRF.

11/16/2018

CVE-2018-18759

Modbus Slave 7.0.0 in modbus tools has a Buffer Overflow.

11/16/2018

CVE-2018-18756

Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008.

11/16/2018

CVE-2018-18755

K-iwi Framework 1775 has SQL Injection via the admin/user/group/update user_group_id parameter or the admin/user/user/update user_id parameter.

11/16/2018

CVE-2018-1797

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using Enterprise bundle Archives (EBA) could allow a local attacker to traverse directories on the system. By persuading a victim to extract a specially-crafted ZIP archive containing "dot dot slash" sequences (../), an attacker could exploit this vulnerability to write to arbitrary files on the system. Note: This vulnerability is known as "Zip-Slip". IBM X-Force ID: 149427.

11/16/2018

CVE-2018-16396

An issue was discovered in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. It does not taint strings that result from unpacking tainted strings with some formats.

11/16/2018

Security News 81 - 100 of 147631
First | Prev. | 3 4 5 6 7 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015