10441 matches found
Koha SQL Injection Vulnerability
Koha is the first open source library automation system. Koha suffers from an SQL injection vulnerability that could be exploited by an attacker to access or modify database data...
WordPress wp-powerplaygallery plugin 'upload.php' has multiple SQL injection vulnerabilities
WordPress is a blogging platform developed using the PHP language. WordPress wp-powerplaygallery plugin version 3.3 and earlier, there are multiple sql injection vulnerabilities in the implementation of upload.php, which can be exploited by an attacker to access or modify data, etc...
Helpdesk Pro Plugin SQL Injection Vulnerabilities
Joomla! is a well-known content management system in foreign countries. Joomla! is a software system developed using the PHP language coupled with a MySQL database, which can be implemented on a variety of different platforms such as Linux, Windows, MacOSX and so on. A SQL injection vulnerability...
Zenphoto has multiple unspecified vulnerabilities
ZenPhoto is a compact photo album software with RSS output, FTP upload method, Tag function, comment reply and other features. The following security vulnerabilities exist in versions of Zenphoto prior to 1.4.9, which can be exploited by attackers to take control of the application, access or...
Microsoft SQL Server Privilege Vulnerability
Microsoft SQL Server is the United States Microsoft Microsoft company develops and maintains a set of applications in the Microsoft Windows system under the large commercial database system. An elevation of privilege vulnerability exists in Microsoft SQL Server, which can be exploited by an...
Thetis vulnerable to SQL injection
Overview Thetis provided by Sysphonic Co., Ltd. is an open source groupware and SNS. Thetis contains a SQL injection CWE-89 vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An attack...
Merethis Centreon 'isUserAdmin()' Function SQL Injection Vulnerability
Merethis Centreon is an open source IT monitoring software from Merethis France that needs to be paired with Nagios to manage Nagios via the web web and to enable monitoring of networks, operating systems and applications via third-party components. A SQL injection vulnerability exists in Merethi...
Subrion CMS 'salt' SQL Injection Vulnerability
Subrion CMS is an open source content management system CMS. A SQL injection vulnerability exists in Subrion CMS. An attacker could exploit this vulnerability to take control of the application and access or modify data...
Cisco IM and Presence Service SQL Injection Vulnerability
Cisco IM and Presence Service provides enterprise-class instant messaging and network presence services. Cisco IM and Presence Service fails to properly validate user input within a sql query, which can be exploited by an authenticated, remote attacker to read, modify, or delete entries within...
concrete5 'Access.php' SQL Injection Vulnerability
concrete5 is a free content management system CMS developed by Portland Labs in the United States. The system allows editing and layout directly on the page. A SQL injection vulnerability exists in concrete5 that stems from the program failing to adequately filter user-submitted input before...
Authentication flaw
Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request...
CVE-2014-4882
CVE-2014-4882 affects Aptexx Resident Anywhere. The vulnerability is an authentication bypass where an unauthenticated remote attacker can access or modify data via a direct account URL, potentially exposing user name, contact, and payment-related information. CERT/CC details indicate sensitive d...
Samsung Galaxy S Mobile Phone Remote Code Execution Vulnerability
Samsung Galaxy is a series of mid-range and high-end smartphones from Samsung.Swiftkey keyboard is a keyboard application that comes pre-installed with system privileges on Galaxy S series phones. Samsung Galaxy S4 Mini, S4, S5, S6 series smartphones fail to validate Swiftkey language pack...
TickFa SQL Injection Vulnerability
TickFa is an online customer support system. TickFa suffers from a SQL injection vulnerability due to the failure of the program's ticket.php script to correctly 'tid' parameter input, which allows remote attackers to exploit the vulnerability by submitting a specially crafted SQL query to...
CVE-2015-4190
Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683...
Code injection
Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683...
CVE-2015-4190
CVE-2015-4190 affects Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances. The root cause is a design flaw/default host keys that enable a man-in-the-middle attack, allowing an unauthenticated remote attacker to modify data during login or data exchange via u...
CVE-2015-4190
Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683...
Cisco Cloud Portal Default SSH HOST Key Man-in-the-Middle Attack Vulnerability
Cisco Cloud Portal is a cloud portal for data center services. Cisco Cloud Portal has a security vulnerability due to the system using a default host key for SSH communication. A remote attacker could modify the target system data through a man-in-the-middle attack...
IBM Marketing Operations Arbitrary File Upload Vulnerability
IBM Marketing Operations formerly known as IBM Unica Marketing Operations is a suite of marketing management software from the American company IBM. The software supports streamlining of production processes, tracking of budgets and expenditures, and improved teamwork. IBM Marketing Operations...