Microsoft Office Excel SerAuxTrend Record Remote Code Execution (MS11-045) - Ver2 (CVE-2011-1274)

This is a remote code execution vulnerability. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execute arbitrary code. Successful exploitation of this vulnerabilit...

Content Provider in CamiApp for Android fails to restrict access permissions

Overview The Content Provider in CamiApp for Android provided by KOKUYO S Co.,Ltd. contains an issue where access permissions are not restricted. Hiroshi Kumagai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impa...

Jigowatt PHP Event Calendar - day_view.php SQL Injection

Jigowatt PHP Event Calendar - dayview.php SQL Injection source: https://www.securityfocus.com/bid/66923/info Jigowatt PHP Event Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit ma...

RunCMS 1.6.1 - (pm.class.php) Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications source: http://www.securityfocus.com/bid/29069/info RunCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...

GNUBoard 4.3x - ajax.autosave.php Multiple SQL Injections

GNUBoard 4.3x - ajax.autosave.php Multiple SQL Injections source: https://www.securityfocus.com/bid/66228/info GNUboard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the...

Backdoor found in Samsung Galaxy Devices, allows Hackers to remotely access/modify Data

Google’s Android operating system may be open source, but the version of Android that runs on most phones, tablets, and other devices includes proprietary, closed-source components. Phone makers, including Samsung ships its Smartphones with a modified version of Android, with some pre-installed...

CVE-2013-6200

CVE-2013-6200 concerns a local vulnerability in HP-UX’s m4(1) on HP-UX B.11.23 and B.11.31, allowing local users to obtain sensitive information or modify data via unspecified vectors. HP's security bulletin HPSBUX02963 (SSRT101297) and subsequent patches confirm affected versions and remediation...

Cory Jobs Search - cid SQL Injection

Cory Jobs Search - cid SQL Injection source: https://www.securityfocus.com/bid/65969/info Cory Jobs Search is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to compromise the application, access ...

Oracle Demantra 12.2.1 Stored Cross Site Scripting

Vulnerability title: Stored Cross-site Scripting in Oracle Demantra CVE: CVE-2014-0379 Vendor: Oracle Product: Demantra Affected version: 12.2.1 Fixed version: 12.2.3 Reported by: Oliver Gruskovnjak Details: The Oracle Demantra application is vulnerable to SQL injection. An attacker with access t...

Design/Logic Flaw

IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference...

POSH 3.1.x - addtoapplication.php SQL Injection

POSH 3.1.x - addtoapplication.php SQL Injection source: https://www.securityfocus.com/bid/65817/info POSH is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to compromise the application, access o...

CVE-2014-0839

IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference...

CVE-2014-0839

CVE-2014-0839 affects IBM Rational Focal Point 6.x (specifically 6.4.x and 6.5.x before 6.5.2.3, and 6.6.x before 6.6.1). The issue is a direct object reference that allows remote authenticated users to modify data via targeted vectors. Impact is data modification; no exploitation details are pro...

IBM Rational Focal Point未明多个安全漏洞

CVE ID:CVE-2014-0839、CVE-2014-0840、CVE-2014-0842、CVE-2014-0843、CVE-2014-0853 IBM Rational Focal Point是IBM Rational基于Web的产品管理系统，内置了面向客户和市场的产品管理流程，提供产品管理过程中的工作流自动化、信息相关性分析、信息统计分析以及信息的优先级分析功能。 IBM Rational Focal Point存在多个安全漏洞： 1，不正确过滤部分用户输入，允许远程攻击者利用漏洞注入恶意脚本或HTML代码，当恶意数据被查看时，可获取敏感信息或劫持用户会话。...

i-doit Pro - objID SQL Injection

i-doit Pro - objID SQL Injection source: https://www.securityfocus.com/bid/65557/info i-doit Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

CVE-2013-6722

Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors...

CVE-2013-6722

Unrestricted file upload vulnerability in the Registration/Edit My Profile portlet in IBM WebSphere Portal 7.x before 7.0.0.2 CF27 and 8.x through 8.0.0.1 CF09 allows remote attackers to cause a denial of service or modify data via unspecified vectors...

CVE-2014-0831

Cross-site request forgery CSRF vulnerability in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data...

CVE-2014-0674

Cisco Video Surveillance Operations Manager (VSOM) is affected by CVE-2014-0674 due to insufficient authentication controls on the bundled MySQL database. The vulnerability allows an unauthenticated remote attacker to access the MySQL database and potentially obtain sensitive information, modify ...

Maian Uploader 4.0 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/65137/info Maian Uploader is prone to multiple security vulnerabilities, including: 1. An SQL-injection vulnerability 2. Multiple cross-site scripting vulnerabilities Attackers can exploit these issues to access or modify data, exploit latent...