ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection

source: https://www.securityfocus.com/bid/69303/info ManageEngine Password Manager Pro and ManageEngine IT360 are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

CVE-2014-3896

Multiple cross-site request forgery CSRF vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting...

CVE-2014-3896

Multiple cross-site request forgery CSRF vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting...

WordPress Plugin FB Gorilla - game_play.php SQL Injection

WordPress Plugin FB Gorilla - gameplay.php SQL Injection source: https://www.securityfocus.com/bid/69222/info FB Gorilla plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to compromise...

Ilya Birman E2 - @actionscomment-process SQL Injection

Ilya Birman E2 - @actionscomment-process SQL Injection source: https://www.securityfocus.com/bid/68843/info Ilya Birman E2 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to compromise the application,...

OL-Commerce - '/OL-Commerce/admin/create_account.php?entry_country_id' SQL Injection

source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...

Fonality trixbox - asterisk_info.php Directory Traversal

Fonality trixbox - asteriskinfo.php Directory Traversal source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting...

Fonality trixbox - repo.php Directory Traversal

Fonality trixbox - repo.php Directory Traversal source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

Fonality trixbox - index.php Directory Traversal

Fonality trixbox - index.php Directory Traversal source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

OL-Commerce - '/OL-Commerce/affiliate_show_banner.php?affiliate_banner_id' SQL Injection

source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...

OL-Commerce - OL-Commerceadmincreate_account.php?entry_country_id SQL Injection

OL-Commerce - OL-Commerceadmincreateaccount.php?entrycountryid SQL Injection source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplie...

CVE-2014-2622

CVE-2014-2622 affects HP Intelligent Management Center (iMC) prior to 7.0 E02020P03 and HP Branch Intelligent Management System (BIMS) prior to 7.0 E0201P02, enabling remote authenticated attackers to obtain sensitive information or modify data via unknown vectors (ZDI-CAN-2312). The accompanying...

InvGate Service Desk 4.2.36 SQL Injection Vulnerability

InvGate Service Desk version 4.2.36 suffers from multiple remote SQL injection vulnerabilities. InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL...

InvGate Service Desk 4.2.36 SQL Injection

InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL injections as an authenticated, but non-privileged end-user role user. Most are also stacked injections...

WordPress BSK PDF Manager Plugin 'wp-admin/admin.php' Multiple SQL Injection Vulnerabilities

WordPress BSK PDF Manager Plugin 'wp-admin/admin.php' Multiple SQL Injection Vulnerabilities. CVE-2014-4944. Webapps exploit for php platform source: http://www.securityfocus.com/bid/68488/info BSK PDF Manager plugin for WordPress is prone to multiple SQL-injection vulnerabilities because it fail...

CVE-2014-0868

RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by...

Input validation

RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by...

Neuron News 1.0 Multiple SQL Injection and Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26896/info Neuron News is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and two cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting...

20/20 Auto Gallery 3.2 - Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/21154/info 20/20 Auto Gallery is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...