10441 matches found
Pre News Manager 'news_detail.php' SQL Injection Vulnerability
Pre News Manager is an online news distribution system for the Australian PreProjects program. A SQL injection vulnerability exists in Pre News Manager, which arises from the program failing to adequately filter user-submitted input. An attacker could use this vulnerability to compromise the...
Multiple SQL Injection Vulnerabilities in Drupal Spider Contacts Module
Drupal is an open source content management platform. Multiple SQL injection vulnerabilities exist in the Drupal Spider Contacts module, which could be exploited by attackers to compromise an application, access and modify data, or potentially exploit a vulnerability in the underlying database...
Redaxscript < 2.3.0 SQLi Vulnerability
Redaxscript is prone to an SQL injection SQLi vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...
WordPress Plugin Photo Gallery 'asc_or_desc' Parameter SQL Injection Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Photo Gallery 'ascordesc' Parameter due to the program failing t...
Multiple Input Validation Vulnerabilities in Gecko CMS
Gecko CMS is a content management system CMS based on PHP and MySQL. Gecko CMS suffers from SQL injection, cross-site scripting, and HTML injection vulnerabilities because it fails to adequately filter user-supplied input. Exploitation of these vulnerabilities allows attackers to perform...
Sefrengo CMS 'main.php' Cross-Site Scripting Vulnerability
Sefrengo CMS is an open source content management system. A cross-site scripting vulnerability exists in Sefrengo CMS 'main.php' due to the application failing to properly filter user-supplied input. This allows an attacker to steal cookie-based credentials, compromise the application, and access...
Kesion ICMS智能建站系统多处权限绕过,可修改任意用户密码
简要描述: Kesion ICMS2.5智能建站系统存在多处权限绕过 详细说明: Kesion ICMS智能建站系统多处权限绕过,修改任意用户资料,并可修改任意用户密码。 漏洞证明: 系统官网:http://www.kesion.com/ 系统演示站点:http://i.kesion.com/ 为了演示漏洞,注册了用户名为test1和test2的两个用户。 漏洞一、修改任意用户基本资料: 1、登录test1用户--》会员中心--》修改我的资料。 2、使用代理拦截请求,修改cookie中的username字段为被攻击的用户名: 3、登录被攻击用户,用户资料被修改 漏洞二、修改任意用户绑定手...
CVE-2014-7194
TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access...
CVE-2014-7194
TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access...
CVE-2014-7194
CVE-2014-7194 affects TIBCO MFT Internet Server prior to 7.2.4, MFT Command Center prior to 7.2.4, Slingshot prior to 1.9.3, and Vault prior to 1.1.1. The issue allows remote attackers to obtain sensitive information or modify data by exploiting agent access. No exploitation details, affected ver...
CVE-2014-7875
The CVE-2014-7875 entry affects HP LaserJet CM3530 Multifunction Printer models CC519A/CC520A with firmware older than 53.236.2. The vulnerability is described as a remote, network-exploitable issue that could allow an attacker to obtain sensitive information, modify data, or cause a Denial of Se...
CVE-2014-8244
CVE-2014-8244 affects Linksys SMART Wi‑Fi firmware on EA2700 and EA3500 (and related models) where a remote, unauthenticated attacker can read or modify data by sending crafted JNAP/ HTTP POST requests to the router. Versions before the listed fixes are vulnerable: EA2700/EA3500 (before 2.1.41 bu...
phpmywind水平权限漏洞一枚,可修改任意用户的任意资料包括密码
简要描述: phpmywind水平权限漏洞一枚,可修改任意用户的任意资料包括密码 详细说明: 经过简单审核发现phpmywind 存在一处任意用户资料更新漏洞包括密码 因为phpmywind的密码采用双md5加密,即使存在注入,也很难跑出密码,所以感觉注入漏洞危害性还不如密码重置这类的漏洞,这里我就验证下密码重置这个漏洞,其实是可以修改任意用户的所有资料信息。 出现逻辑问题的代码位于member.php的第601行,上下文分别是 //更新资料 elseif$a == 'saveedit' //检测数据完整性 if$password!=$repassword or$email==''...
SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140710-0 ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed...
CVE-2014-5285
Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors...
SAP HANA metadata.xsjs - SQL injection
Application: SAP HANA Versions Affected: 1.00.60.379371 Vendor URL: http://www.sap.com Bugs: SQL injection Exploits: YES Reported: 09.04.2014 Vendor response: 10.04.2014 Date of Public Advisory: 17.10.2014 Reference: SAP Security Note 2067972 Author: Dmitry Chastukhin ERPScan Description SQL...
Joomla! Component spidervideoplayer - 'theme' SQL Injection
source: https://www.securityfocus.com/bid/69422/info Spider Video Player extension for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker may leverage this issue to compromise the application...
CVE-2014-2634
Unspecified vulnerability in the server in HP Service Manager SM 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors...
Design/Logic Flaw
Unspecified vulnerability in the server in HP Service Manager SM 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors...
CVE-2014-2634
Unspecified vulnerability in the server in HP Service Manager SM 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of service, via unknown vectors...