Code injection

Unspecified vulnerability in HP Network Node Manager i NNMi 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors...

CVE-2013-2351

HP NNMi (HP Network Node Manager i) versions 9.00, 9.1X, and 9.2X are affected by CVE-2013-2351. The ZDI advisory describes a flaw in pmd.exe that listens on TCP port 162; a specially crafted packet can cause a heap corruption and remote code execution without authentication. HP/SSRT bulletin SSR...

Zoom Telephonics (Multiple Devices) - Multiple Vulnerabilities

Zoom Telephonics Multiple Devices - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/61044/info Multiple Zoom Telephonics devices are prone to an information-disclosure vulnerability, multiple authentication bypass vulnerabilities and an SQL-injection vulnerability. Exploiting...

WordPress Plugin WP Feed - nid SQL Injection

WordPress Plugin WP Feed - nid SQL Injection source: https://www.securityfocus.com/bid/60904/info WP Feed plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow...

CVE-2013-2339

The CVE-2013-2339 entry concerns HP Smart Zero Core OS 4.3 and 4.3.1 running on HP Smart Zero Client devices (t410/t510/t610 etc.). The issue is described as allowing a local user to obtain sensitive information, modify data, or cause a denial of service via unknown vectors. HP’s security bulleti...

CVE-2013-2323

HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the "SQL/MP tables" issue...

Design/Logic Flaw

HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the "SQL/MP tables" issue...

CVE-2013-2323

CVE-2013-2323 affects HP SQL/MX 3.0–3.2 on NonStop servers when SQL/MP Objects are used. The issue allows remote authenticated users to bypass access restrictions and modify data via unspecified vectors. Severity is MEDIUM (CVSSv2: 6.0). Details across NVD/Red Hat/PRION entries confirm the affect...

ScriptCase - scelta_categoria.php SQL Injection

ScriptCase - sceltacategoria.php SQL Injection source: https://www.securityfocus.com/bid/60461/info ScriptCase is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

RT: Request Tracker < 3.8.17 / 4.0.13 Multiple Vulnerabilities

Binary data 6841.prm...

Matterdaddy Market - Multiple Vulnerabilities

Matterdaddy Market - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/60150/info Matterdaddy Market is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary...

phpcms_v9. 3. 2 a management module logic validation vulnerability-vulnerability warning-the black bar safety net

In the file\modules\sms\sms. php: class sms extends admin function construct $this-logdb = pcbase::loadmodel'smsreportmodel'; $this-moduledb = pcbase::loadmodel'modulemodel'; $this-memberdb = pcbase::loadmodel'membermodel'; //Get the SMS platform configuration information $siteid = getsiteid;...

CVE-2013-0544

Directory traversal vulnerability in the Administrative Console in IBM WebSphere Application Server WAS 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux and UNIX allows remote authenticated users to modify data via unspecified vectors...

PT-2013-2420 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 6.1 before 6.1.0.47 IBM WebSphere Application Server versions 7.0 before 7.0.0.29 IBM WebSphere Application Server versions 8.0 before 8.0.0.6 IBM WebSphere Application Server versions 8.5 before...

Todoo Forum 2.0 - todooforum.php Multiple SQL Injections

Todoo Forum 2.0 - todooforum.php Multiple SQL Injections source: https://www.securityfocus.com/bid/59069/info Todoo Forum is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials,...

Todoo Forum 2.0 - todooforum.php Multiple Cross-Site Scripting Vulnerabilities

Todoo Forum 2.0 - todooforum.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/59069/info Todoo Forum is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based...

Todoo Forum 2.0 - &#039;todooforum.php&#039; Multiple SQL Injections

source: https://www.securityfocus.com/bid/59069/info Todoo Forum is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or...

Todoo Forum 2.0 - &#039;todooforum.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/59069/info Todoo Forum is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or...

Request Tracker - ShowPending SQL Injection

Request Tracker - ShowPending SQL Injection source: https://www.securityfocus.com/bid/59022/info Request Tracker is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting this issue could allow an attacker ...

WordPress Plugin Spiffy XSPF Player - playlist_id SQL Injection

WordPress Plugin Spiffy XSPF Player - playlistid SQL Injection source: https://www.securityfocus.com/bid/58976/info Spiffy XSPF Player plug-in for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query...