10441 matches found
CVE-2010-4028
Vulnerability CVE-2010-4028 affects HP LoadRunner Web Tours 9.10 and LoadRunner 9.1 and earlier. The issue is described as an unspecified vulnerability allowing remote denial of service, with potential for information disclosure or data modification via unknown vectors. HP’s Security Bulletin HPS...
Joomla! Component Projects 'com_projects' - SQL Injection / Local File Inclusion
source: https://www.securityfocus.com/bid/44456/info The 'comprojects' component for Joomla! is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise...
DeluxeBB 'xthedateformat' Parameter SQL Injection Vulnerability
DeluxeBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...
CVE-2010-3223
The user interface in Microsoft Cluster Service MSCS in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to...
BaconMap Local File Include and SQL Injection Vulnerabilities
BaconMap is prone to a local file-include vulnerability and an SQL- injection vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit the local file-include vulnerability using directory- traversal strings to view and execute arbitrary local files within...
Elxis 2009.2 rev2631 - SQL Injection
source: https://www.securityfocus.com/bid/43743/info Elxis is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based...
NetArt Media Car Portal 2.0 - car SQL Injection
NetArt Media Car Portal 2.0 - car SQL Injection source: https://www.securityfocus.com/bid/43536/info Car Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Joomla! Component com_spain - 'nv' SQL Injection
source: https://www.securityfocus.com/bid/43354/info The Spain component for Joomla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...
Joomla! Component com_spain - nv SQL Injection
Joomla! Component comspain - nv SQL Injection source: https://www.securityfocus.com/bid/43354/info The Spain component for Joomla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...
e107 0.7.23 - Multiple SQL Injections
source: https://www.securityfocus.com/bid/43327/info e107 is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modif...
PHP MicroCMS Local File Include and SQL Injection Vulnerabilities
PHP MicroCMS is prone to a local file-include vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory- traversal strings to view and execute arbitrary local fil...
Irokez CMS 'id' Parameter SQL Injection Vulnerability
Irokez CMS is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ZenPhoto 1.3 - '/zp-core/full-image.php?a' SQL Injection
source: https://www.securityfocus.com/bid/43021/info Zenphoto is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based...
ZenPhoto 1.3 - '/zp-core/admin.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/43021/info Zenphoto is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based...
Nagios XI < 2009R1.3 multiple vulnerabilities
Nagios XI is prone to multiple vulnerabilities. 1. Nagios XI is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
rainbowportal - Multiple Vulnerabilities
''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ ''' abysssec Inc Public Advisory 1 Advisory information Title : Rainbowportal Multiple Remote Vulnerabilities Version : Rainbow 2.0 Production/Stable 2.0.0.1881e VS 2005 | VS...
CMS WebManager-Pro - 'c.php' SQL Injection
source: https://www.securityfocus.com/bid/42951/info CMS WebManager-Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...
PHPFinance 'group.php' SQL Injection and HTML Injection Vulnerabilities
PHPFinance is prone to an SQL-injection vulnerability and an HTML- injection vulnerability because it fails to sufficiently sanitize user- supplied input. An attacker may exploit the HTML-injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
TCMS - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/42766/info TCMS is prone to multiple input-validation vulnerabilities, including a local file-include vulnerability, a local file-disclosure vulnerability, multiple SQL-injection vulnerabilities, and multiple cross-site scripting vulnerabilities. An...
CVE-2010-2711
Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors...