Opera Multiple Vulnerabilities-01 Jan13 (Linux)

The host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvuln01jan13lin.nasl 6115 2017-05-12 09:03:25Z teissa $ Opera Multiple Vulnerabilities-01 Jan13 Linux Authors: Antu Sanadi Copyright: Copyright c 2013 Greenbone Networks GmbH,...

WordPress Plugin Shopping Cart for WordPress - wp-contentpluginslevelfourstorefrontscriptsadministrationexportaccounts.php?reqID SQL Injection

WordPress Plugin Shopping Cart for WordPress - wp-contentpluginslevelfourstorefrontscriptsadministrationexportaccounts.php?reqID SQL Injection source: https://www.securityfocus.com/bid/57101/info The WordPress Shopping Cart plugin for WordPress is prone to multiple SQL-injection vulnerabilities a...

WordPress Theme Toolbox - 'mls' SQL Injection

source: https://www.securityfocus.com/bid/56745/info The Toolbox theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the application, access o...

dotProject 2.1.x - index.php Multiple SQL Injections

dotProject 2.1.x - index.php Multiple SQL Injections source: https://www.securityfocus.com/bid/56624/info Dotproject is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple cross-site scripting vulnerabilities Exploiting these vulnerabilities coul...

dotProject 2.1.x - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/56624/info Dotproject is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple cross-site scripting vulnerabilities Exploiting these vulnerabilities could allow an attacker to steal cookie-based...

dotProject 2.1.x - index.php Multiple Cross-Site Scripting Vulnerabilities

dotProject 2.1.x - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/56624/info Dotproject is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple cross-site scripting vulnerabilities Exploiting thes...

WordPress Theme Dailyedition-mouss - 'id' SQL Injection

source: https://www.securityfocus.com/bid/56568/info The Dailyedition-mouss theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the applicatio...

CVE-2012-2455

Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors...

CVE-2012-2455

Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors...

WordPress Plugin PHP Event Calendar - cid SQL Injection

WordPress Plugin PHP Event Calendar - cid SQL Injection source: https://www.securityfocus.com/bid/56478/info The PHP Event Calendar plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An...

WordPress Plugin Eco-annu - eid SQL Injection

WordPress Plugin Eco-annu - eid SQL Injection source: https://www.securityfocus.com/bid/56479/info The Eco-annu plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit th...

Design/Logic Flaw

Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269...

CVE-2012-3269

HP Performance Insight v5.31, v5.40 and v5.41 when configured with Sybase as the database contains a vulnerability enabling remote attackers to obtain sensitive information, modify data, or cause a denial of service. The issue is documented in HP’s security bulletin HPSBMU02827 (SSRT100924 rev.1)...

OrangeHRM - 'sortField' SQL Injection

source: https://www.securityfocus.com/bid/56417/info OrangeHRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...

OrangeHRM - sortField SQL Injection

OrangeHRM - sortField SQL Injection source: https://www.securityfocus.com/bid/56417/info OrangeHRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise t...

Inventory - Multiple Cross-Site Scripting / SQL Injections

source: https://www.securityfocus.com/bid/56293/info Inventory is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials...

Improper access control

The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors...

CVE-2012-5302

CVE-2012-5302 affects TIBCO Formvine Server in versions 3.1.x and 3.2.x prior to 3.2.1, where improper access control could let remote attackers access or modify information via unspecified vectors. The TIBCO advisory confirms the issue and recommends upgrading Formvine to version 3.2.1 or newer ...

CVE-2012-5302

The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors...

Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection

source: https://www.securityfocus.com/bid/55829/info Interspire Email Marketer is prone to the following input-validation vulnerabilities because it fails to properly sanitize user-supplied input: 1. An SQL injection vulnerabilities 2. Multiple HTML injection vulnerabilities 3. A cross-site...