Nagios XI - 'users.php' SQL Injection

source: https://www.securityfocus.com/bid/42661/info Nagios XI is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...

CVE-2010-3059

Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager TSM FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command...

Buffer overflow

Buffer overflow in the message-protocol implementation in the Server in IBM Tivoli Storage Manager TSM FastBack 5.x.x before 5.5.7, and 6.1.0.0, allows remote attackers to read and modify data, and possibly have other impact, via an unspecified command...

CVE-2010-3059

CVE-2010-3059 : Buffer overflow in the message-protocol implementation of the Server component in IBM Tivoli Storage Manager (TSM) FastBack. Affects FastBack 5.x.x before 5.5.7 and 6.1.0.0. An unauthenticated, remote attacker can trigger the overflow via an unspecified command, potentially allowi...

XSS vulnerability in CMS Source

Vulnerability ID: HTB22548 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincmssource.html Product: CMS Source Vendor: Proud Daddy Web Design http://www.prouddaddy.net/ Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010 Vulnerabilit...

eazyCMS Cross Site Scripting

=========================================== Vulnerability ID: HTB22553 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityineazycms.html Product: eazyCMS Vendor: eazycms.com http://eazycms.com/ Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28...

XSS vulnerability in Amethyst

Vulnerability ID: HTB22501 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinamethyst1.html Product: Amethyst Vendor: Hulihan Applications http://hulihanapplications.com/projects/amethyst Vulnerable Version: 0.1.5 and Probably Prior Versions Vendor Notification: 22 July 2010...

CVE-2010-2707

The CVE-2010-2707 entry applies to HP ProCurve 2626 and 2650 switches (pre-H.10.80). The Security Bulletin HPSBGN02560/SSRT100193 rev.1 documents a vulnerability enabling remote unauthorized access, data leakage, and potential DoS via unspecified vectors. Affected versions are prior to H.10.80 ac...

PHPFinance 0.6 - '/group.php' SQL Injection / HTML Injection

source: https://www.securityfocus.com/bid/42230/info PHPFinance is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may exploit the HTML-injection issue to execute arbitrary script code in the...

Huru Helpdesk Component for Joomla! 'cid[0]' Parameter SQLi

The version of the Huru Helpdesk component for Joomla! running on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'cid0' parameter before using it to construct database queries. Regardless of the PHP 'magicquotesgpc' setting,...

XSS vulnerability in WebPress

Vulnerability ID: HTB22478 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinwebpress.html Product: WebPress Vendor: YWP http://www.goywp.com/ Vulnerable Version: Current at 01.07.2010 and Probably Prior Versions Vendor Notification: 01 July 2010 Vulnerability Type: XSS Cross Site...

CVE-2010-1966

Unspecified vulnerability in HP Insight Control power management for Windows before 6.1 allows local users to read or modify data, or cause a denial of service, via unknown vectors...

CVE-2010-1970

Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in HP Insight Orchestration for Windows before 6.1 allows remote attackers to read or modify data via unknown vectors...

Code injection

Unspecified vulnerability in HP Insight Control power management for Windows before 6.1 allows local users to read or modify data, or cause a denial of service, via unknown vectors...

CVE-2010-1966

Unspecified vulnerability in HP Insight Control power management for Windows before 6.1 allows local users to read or modify data, or cause a denial of service, via unknown vectors...

Code injection

Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data via unknown vectors...

Code injection

Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors...

CVE-2010-1965

HP Insight Orchestration for Windows before version 6.1 is affected by CVE-2010-1965, a remote unauthorized access vulnerability allowing reading or modification of data. The HP security bulletin states the issue is fixed in HP Insight Orchestration v6.1 and later; patch accordingly to remediate....

CVE-2010-1970

Unspecified vulnerability in HP Insight Software Installer for Windows before 6.1 allows local users to read or modify data, and consequently gain privileges, via unknown vectors...