2 results (0.018 seconds)

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction. El motor de análisis Sophos AV versiones anteriores a 14-01-2020 permite una omisión de la detección de virus por medio de un archivo ZIP diseñado. Esto afecta a Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server y Secure Web Gateway. • https://blog.zoller.lu/p/release-mode-coordinated-disclosure-ref.html https://community.sophos.com/b/security-blog/posts/sophos-comments-to-cve-2020-9363 • CWE-436: Interpretation Conflict •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. Vulnerabilidad de inyección SQL en login.php en Allomani Mobile v2.5 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "username" en una acción de login. • https://www.exploit-db.com/exploits/9273 http://www.exploit-db.com/exploits/9273 http://www.vupen.com/english/advisories/2009/2029 https://exchange.xforce.ibmcloud.com/vulnerabilities/52012 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •