10441 matches found
Design/Logic Flaw
IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to upload arbitrary GIFAR files, and consequently modify data, via unspecified vectors...
CVE-2014-8887
CVE-2014-8887 affects IBM Marketing Operations 7.x/8.x (before 8.5.0.7.2), 8.6.x (before 8.6.0.8), 9.0.x (before 9.0.0.4.1), 9.1.0.x (before 9.1.0.5), and 9.1.1.x (before 9.1.1.2). A remote authenticated attacker can upload arbitrary GIFAR files and modify data via unspecified vectors. The root c...
IBM Security SiteProtector System SQL Injection Vulnerability
The IBM Security SiteProtector System is a centralized management system that unifies the management and analysis of network, server and endpoint security agents and devices. A SQL injection vulnerability exists in IBM Security SiteProtector System, which allows remote attackers to exploit the...
Multiple SQL Injection Vulnerabilities in WordPress GigPress Plugin 'handlers.php'
WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.GigPress is a real-time gig listing and management plugin for musicians and other performers. Multiple SQL injection vulnerabilities exis...
WordPress Wp Image Zoom Plugin - SQL Injection
Because of this vulnerability, attackers can compromise the application, access or modify data. zoom.php id parameter is vulnerable. Solution Update plugin...
Nodes Studio CMS Information Disclosure Vulnerability
Nodes Studio CMS is a content management system. Nodes Studio CMS has an unspecified security vulnerability that allows remote attackers to obtain sensitive cookie information, take control of the application, and access or modify data...
KPPW最新版SQL注入漏洞,修补不严
简要描述: KPPW最新版SQL注入漏洞,修补不严 详细说明: 1.看了http://wooyun.org/bugs/wooyun-2010-086216。这篇帖子,正巧也在审计KPPW,也就去看了用一下最新版对于爆出问题的修补方式。最新版为了防止该漏洞,添加了一个验证。 if$gUserInfo'uid' != $pk'uid' kekezu::showmsg'无权操作',NULL,NULL,NULL,'error'; return false; 2.$gUserInfo'uid'是用户id,是我们不可控的。所以这里不能再用xfkxfk大牛的方法构造uid了。那么我们再看一下save函...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The vulnerability of the libuno-cli-cppuhelper1.0-cil package within the office software suite OpenOffice is related to the lack of mechanisms for privilege control and access management. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its...
Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the libxml2-devel-2.4.19 package of the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of these vulnerabilities can be carried out remotely...
The vulnerability of the Windows operating system, which allows a remote attacker to escalate their privileges
The Microsoft Windows operating system contains a vulnerability related to improper verification and application of impersonation levels. This allows attackers to bypass security checks and elevate their privileges, including gaining administrator account information. If exploited successfully,...
The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the glibc-locale-32bit package in the SUSE Linux Enterprise operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
Unspecified Vulnerability in Oracle Fusion Middleware WebCenter Portal Component (CNVD-2015-02540)
Oracle Fusion Middleware is Oracle's suite of business innovation platforms for enterprise and cloud environments, of which Oracle WebCenter Portal is a component that seamlessly integrates portals with enterprise applications. A security vulnerability exists in the Portlet Services subcomponent ...
Wordpress Video Gallery SQL Injection Vulnerability
WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. A SQL injection vulnerability exists in Wordpress Video Gallery. An attacker can exploit this vulnerability to compromise the application, access or modify data...
wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property
It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...
IBM WebSphere DataPower XC10 appliance session hijacking vulnerability
The IBM WebSphere DataPower XC10 Appliance is a solution that combines the powerful DataPower hardware platform with IBM's distributed caching technology. A security vulnerability exists in the IBM WebSphere DataPower XC10 Appliance that allows remote attackers to hijack arbitrary user sessions t...
wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property
It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...
CVE-2015-2109
Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors...
Authentication flaw
Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors...
Easy Travel Portal SQL Injection Vulnerability
Easy Travel Portal is a set of ASP-based travel management applications. A SQL injection vulnerability exists in Easy Travel Portal, which arises from the program failing to adequately filter user-submitted input before constructing SQL query statements. An attacker could use this vulnerability t...
Mambo Login SQL Injection Vulnerability
Mambo is an open source web content management system CMS based on PHP and MySql. The system supports search engine optimization, template/theme downloads and traffic statistics. A SQL injection vulnerability exists in Mambo, which stems from the program failing to adequately filter user-submitte...