10439 matches found
Symphony 2.2.3 - '/symphony/publish/comments?filter' SQL Injection
source: https://www.securityfocus.com/bid/50470/info Symphony is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these vulnerabilities could allow an attacker to steal...
PreProjects Pre Studio Business Cards Designer 'page.php' SQL Injection Vulnerability
Pre Studio Business Cards Designer is prone to an SQL-injection vulnerability because the application fails to properly sanitize user- supplied input before using it in an SQL query. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...
CVE-2011-4136
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...
Site@School 2.4.10 - '/index.php' Cross-Site Scripting / SQL Injection
source: https://www.securityfocus.com/bid/50195/info Site@School is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or...
Xenon - id Multiple SQL Injections
Xenon - id Multiple SQL Injections source: https://www.securityfocus.com/bid/50141/info Xenon is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to...
openEngine 'id' Parameter SQL Injection Vulnerability
openEngine is prone to an SQL Injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlyi...
Traq 2.2 - Multiple SQL Injections Cross-Site Scripting
Traq 2.2 - Multiple SQL Injections Cross-Site Scripting source: https://www.securityfocus.com/bid/49835/info Traq is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow...
GeoClassifieds Lite Multiple Vulnerabilities (Sep 2011) - Active Check
GeoClassifieds Lite is prone to multiple SQL injection SQLi and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
OneCMS 2.6.4 - Multiple SQL Injections
OneCMS 2.6.4 - Multiple SQL Injections source: https://www.securityfocus.com/bid/49733/info OneCMS is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...
phpRS 2.8.1 - Multiple SQL Injections Cross-Site Scripting
phpRS 2.8.1 - Multiple SQL Injections Cross-Site Scripting source: https://www.securityfocus.com/bid/49729/info phpRS is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these...
CVE-2011-1740
EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain...
Ay Computer (Multiple Products) - Multiple SQL Injections
Ay Computer Multiple Products - Multiple SQL Injections source: https://www.securityfocus.com/bid/49668/info Multiple Ay Computer products are prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting...
Ay Computer (Multiple Products) - Multiple SQL Injections
source: https://www.securityfocus.com/bid/49668/info Multiple Ay Computer products are prone to multiple SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the...
MYRE Real Estate Software 'findagent.php' Cross Site Scripting and SQL Injection Vulnerabilities
MYRE Real Estate Software is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the...
MYRE Real Estate Software Cross Site Scripting / SQL Injection
Title : MYRE Real Estate Software Multiple XSS and SQL Injection Vulnerabilities Author : Sooraj K.S SecPod Technologies www.secpod.com Vendor : http://myrephp.com Advisory : http://secpod.org/blog/?p=346 http://secpod.org/advisories/SECPODMRSSQLXSSVuln.txt Software : MYRE Real Estate Software Da...
Code injection
Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL...
CVE-2011-3134
CVE-2011-3134 affects TIBCO Spotfire Server 3.0.x (before 3.0.2), 3.1.x (before 3.1.2), 3.2.x (before 3.2.1), 3.3.x (before 3.3.1) and Spotfire Analytics Server before 10.1.1. The reported issue is a SQL injection vulnerability exploitable via a crafted URL that allows remote attackers to modify ...
CVE-2011-3134
Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL...
Mambo Component N-Gallery - SQL Injection
Mambo Component N-Gallery - SQL Injection source: https://www.securityfocus.com/bid/49418/info The Mambo CMS N-Gallery component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could all...
Mambo Component N-Myndir - SQL Injection
source: https://www.securityfocus.com/bid/49424/info The Mambo CMS N-Myndir component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the applicatio...