10441 matches found
UBUNTU-CVE-2013-4299
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device...
kernel: dm: dm-snapshot data leak
Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device...
Course Registration Management System - Cross-Site Scripting / SQL Injection
source: https://www.securityfocus.com/bid/63435/info Course Registration Management System is prone to multiple cross-site scripting and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary code i...
Design/Logic Flaw
I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors...
Code injection
The fabric-interconnect KVM module in Cisco Unified Computing System UCS does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949...
Design/Logic Flaw
HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors...
CVE-2013-4831
HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors...
Ziteman CMS - Login Page SQL Injection
source: https://www.securityfocus.com/bid/62949/info Ziteman CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...
Cisco Unified Computing System Fabric System Manager Man-in-the-Middle Vulnerability
A vulnerability in the management interface of the Cisco Unified Computing System could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to improper identity validation of vCenter management consoles. An attacker could exploit this...
CVE-2013-5200
Open-Xchange AppSuite 7.0.x (before 7.0.2-rev15) and 7.2.x (before 7.2.2-rev16) exposes the Hazelcast cluster API REST and memcache interfaces without authentication. This allows remote attackers to obtain sensitive information or modify data via API calls. Root cause is insecure/default configur...
CVE-2012-4073
The KVM subsystem in the client in Cisco Unified Computing System UCS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers, and read or modify KVM data, via a crafted certificate, aka Bug ID CSCte90332...
WordPress Plugin mukioplayer4wp - cid SQL Injection
WordPress Plugin mukioplayer4wp - cid SQL Injection source: https://www.securityfocus.com/bid/62438/info mukioplayer4wp for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue coul...
Cisco IP Communicator Certificate Trust List Manipulation
The version of Cisco IP Communicator is 8.61. Such versions are potentially affected by a data modification vulnerability. By performing a Man-in-the-Middle attack, a remote, unauthenticated attacker could replace the original Certificate Trust List with a modified one. C Tenable Network Security...
Cisco Releases Security Advisories
Cisco has released three security advisories to address multiple vulnerabilities. These vulnerabilities may allow an unauthenticated, remote attacker the ability to modify data, execute arbitrary commands, or cause a denial of service DoS condition. US-CERT encourages users and administrators to...
Multiple Vulnerabilities in Cisco Unified Communications Manager
Cisco Unified Communications Manager Unified CM contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to modify data, execute arbitrary commands, or cause a denial of service DoS condition. Cisco has released software updates that address these vulnerabilities. Th...
Bo-Blog 2.1.1 - Cross-Site Scripting SQL Injection
Bo-Blog 2.1.1 - Cross-Site Scripting SQL Injection source: https://www.securityfocus.com/bid/61880/info Bo-Blog is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to...
Bo-Blog 2.1.1 - Cross-Site Scripting / SQL Injection
source: https://www.securityfocus.com/bid/61880/info Bo-Blog is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary code in the context of the browser,...
Multiple Zoom Telephonics Devices Multiple Security Vulnerabilities (Aug 2013) - Active Check
Multiple Zoom Telephonics devices are prone to an information disclosure vulnerability, an authentication bypass vulnerability and an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
CVE-2013-4807
Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26 20130703 allows remote attackers to modify data via unknown vectors...
vBulletin 4.0.2 - update_order SQL Injection
vBulletin 4.0.2 - updateorder SQL Injection source: https://www.securityfocus.com/bid/61449/info VBulletin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to...