Omnistar Mailer - Multiple SQL Injections / HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/55760/info Omnistar Mailer is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application,...

Design/Logic Flaw

Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service...

FreeWebshop <= 2.2.9 Multiple SQLi and XSS Vulnerabilities - Active Check

FreeWebshop is prone to multiple SQL injection SQLi and cross- site scripting XSS vulnerabilities because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...

vBulletin 4.1.12 - blog_plugin_useradmin.php SQL Injection

vBulletin 4.1.12 - blogpluginuseradmin.php SQL Injection source: https://www.securityfocus.com/bid/55592/info VBulletin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attack...

TAGWORX.CMS - cid SQL Injection

TAGWORX.CMS - cid SQL Injection source: https://www.securityfocus.com/bid/55586/info TAGWORX.CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the...

module): XXE by applying XSL stylesheet to the document

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...

Sitemax Maestro - SQL Injection / Local File Inclusion

source: https://www.securityfocus.com/bid/55386/info Sitemax Maestro is prone to SQL-injection and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the application, access or modify data,...

Jara 1.6 - Multiple SQL Injections / Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/55145/info Jara is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...

Jara 1.6 - Multiple SQL Injections Multiple Cross-Site Scripting Vulnerabilities

Jara 1.6 - Multiple SQL Injections Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/55145/info Jara is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied...

1024 CMS 2.1.1 - p SQL Injection

1024 CMS 2.1.1 - p SQL Injection source: https://www.securityfocus.com/bid/55170/info 1024 CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

OrderSys 1.6.4 - Multiple SQL Injections / Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/55147/info OrderSys is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...

CVE-2012-3488

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...

CVE-2012-2283

The CVE-2012-2283 entry affects Iomega network storage devices running EMC Lifeline firmware: Home Media Network Hard Drive (before 2.104), Cloud Edition (before 3.2.3.15290), iConnect (before 2.5.26.18966), StorCenter (before 2.0.18.23122; 2.1.x before 2.1.42.18967; 3.x before 3.2.3.15290). A vu...

Hotel Booking Portal 0.1 - Multiple SQL Injections / Cross-Site Scripting

source: https://www.securityfocus.com/bid/54980/info Hotel Booking Portal is prone to multiple SQL-injection vulnerabilities and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...

Hotel Booking Portal 0.1 - Multiple SQL Injections Cross-Site Scripting

Hotel Booking Portal 0.1 - Multiple SQL Injections Cross-Site Scripting source: https://www.securityfocus.com/bid/54980/info Hotel Booking Portal is prone to multiple SQL-injection vulnerabilities and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied...

Dir2web - &#039;/system/src/dispatcher.php?oid&#039; SQL Injection

source: https://www.securityfocus.com/bid/54845/info Dir2web is prone to multiple security vulnerabilities, including an SQL-Injection vulnerability and an information-disclosure vulnerability. Successfully exploiting these issues allows remote attackers to compromise the software, retrieve...

YT-Videos Script - &#039;id&#039; SQL Injection

source: https://www.securityfocus.com/bid/54859/info YT-Videos Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify...

Open Constructor - datafileedit.php?result Cross-Site Scripting

Open Constructor - datafileedit.php?result Cross-Site Scripting source: https://www.securityfocus.com/bid/54822/info Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these vulnerabilities could allow an...

Open Constructor - confirm.php?q Cross-Site Scripting

Open Constructor - confirm.php?q Cross-Site Scripting source: https://www.securityfocus.com/bid/54822/info Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to...