321 matches found
Microsoft Releases Zero IE8 Security Updates Before "Pwn2Own" !
Microsoft has opted not to release any patches to its Internet Explorer 8 browser prior to this year's Pwn2Own browser exploit challenge, which is set to run from March 9 to March 11 at the CanSecWest security conference. There's been no indication as to why Microsoft's not making one last effort...
Rae Media Real Estate Multi Agent SQL Injection Vulnerability
Exploit for asp platform in category web applications Multi Agent System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...
Rae Media Real Estate Multi Agent SQL Injection
Multi Agent System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...
Rae Media Real Estate Single Agent - SQL Injection
source: https://www.securityfocus.com/bid/45211/info Real Estate Single is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...
Rae Media Real Estate Multi Agent - SQL Injection
source: https://www.securityfocus.com/bid/45212/info Multi Agent System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...
Rae Media Real Estate Single Agent - SQL Injection
Rae Media Real Estate Single Agent - SQL Injection source: https://www.securityfocus.com/bid/45211/info Real Estate Single is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
WordPress Plugin FCChat Widget 2.1.7 - path Cross-Site Scripting
WordPress Plugin FCChat Widget 2.1.7 - path Cross-Site Scripting source: https://www.securityfocus.com/bid/46009/info The FCChat Widget plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this...
Habari 0.6.5 Cross Site Scripting / Path Disclosure
================================ Vulnerability ID: HTB22731 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinhabari.html Product: Habari Vendor: Habari http://habariproject.org/en/ Vulnerable Version: 0.6.5 Vendor Notification: 02 December 2010 Vulnerability Type: XSS Cross Site...
GetSimple CMS 2.03 Path Disclosure
Vulnerability ID: HTB22730 Reference: http://www.htbridge.ch/advisory/pathdisclosureingetsimplecms.html Product: GetSimple CMS Vendor: http://get-simple.info/ http://get-simple.info/ Vulnerable Version: 2.03 Vendor Notification: 02 December 2010 Vulnerability Type: Path disclosure Status: Not...
Habari Blog - Multiple Vulnerabilities
Vulnerability ID: HTB22732 Reference: http://www.htbridge.ch/advisory/pathdisclosureinhabari.html Product: Habari Vendor: Habari http://habariproject.org/en/ Vulnerable Version: 0.6.5 Vendor Notification: 02 December 2010 Vulnerability Type: Path disclosure Status: Fixed by Vendor Risk level: Low...
XSS vulnerability in ImpressCMS
Vulnerability ID: HTB22766 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinimpresscms.html Product: ImpressCMS Vendor: The ImpressCMS Project http://www.impresscms.org Vulnerable Version: 1.2.3 Final and probably prior versions Vendor Notification: Vulnerability Type: XSS Cross Site...
Path disclosure in Habari
Vulnerability ID: HTB22732 Reference: http://www.htbridge.ch/advisory/pathdisclosureinhabari.html Product: Habari Vendor: Habari http://habariproject.org/en/ Vulnerable Version: 0.6.5 Vendor Notification: 02 December 2010 Vulnerability Type: Path disclosure Status: Fixed by Vendor Risk level: Low...
XSS vulnerability in Frog CMS
Vulnerability ID: HTB22682 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinfrogcms.html Product: Frog CMS Vendor: Philippe Archambault http://www.madebyfrog.com/ Vulnerable Version: 0.9.5 and probably prior versions Vendor Notification: 09 November 2010 Vulnerability Type: Stored XSS...
SQL Injection in CLANSPHERE
Vulnerability ID: HTB22694 Reference: http://www.htbridge.ch/advisory/sqlinjectioninclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability Type: SQL Injection Status: Fixed by Vendor Risk...
CompactCMS 1.4.1 SQL Injection
Vulnerability ID: HTB22697 Reference: http://www.htbridge.ch/advisory/sqlinjectionincompactcms.html Product: CompactCMS Vendor: compactcms.nl http://www.compactcms.nl/ Vulnerable Version: 1.4.1 Vendor Notification: 02 November 2010 Vulnerability Type: SQL Injection Status: Fixed by Vendor Risk...
CompactCMS 1.4.1 SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================ CompactCMS 1.4.1 SQL Injection Vulnerability ============================================ Product: CompactCMS Vendor: compactcms.nl http://www.compactcms.nl/ Vulnerable Version: 1.4.1 Vendor...
Researcher Publishes Android Browser Exploit
UPDATE: A researcher at security firm Alert Logic has published code that could be used to compromise some versions of Google’s Android Operating System. The exploit, if properly adapted, could make Android phones vulnerable to remote attacks and compromises. Researcher MJ Keith published a Rever...
BBcode XSS in eoCMS
Vulnerability ID: HTB22677 Reference: http://www.htbridge.ch/advisory/bbcodexssineocms.html Product: eoCMS Vendor: eocms.com http://eocms.com Vulnerable Version: 0.9.04 Vendor Notification: 21 October 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed, Vendor Alerted, Awaiting...
DBHcms 1.1.4 - dbhcms_userSearchString SQL Injection
DBHcms 1.1.4 - dbhcmsuserSearchString SQL Injection Vulnerability ID: HTB22651 Reference: http://www.htbridge.ch/advisory/sqlinjectionindbhcms.html Product: DBHcms Vendor: drbenhur.com http://www.drbenhur.com/ Vulnerable Version: 1.1.4 and probably prior versions Vendor Notification: 13 October...
4Site CMS 2.6 Cross Site Scripting
Vulnerability ID: HTB22639 Reference: http://www.htbridge.ch/advisory/sqlinjectionin4sitecms.html Product: 4site CMS Vendor: Method Lab http://www.4site.ru/ Vulnerable Version: 2.6 and probably prior versions Vendor Notification: 05 October 2010 Vulnerability Type: XSS Cross Site Scripting Status...