OpenBiblio 0.x - staff_del_confirm.php Multiple Cross-Site Scripting Vulnerabilities

OpenBiblio 0.x - staffdelconfirm.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27053/info OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection,...

OpenBiblio 0.x - theme_del_confirm.php?name Cross-Site Scripting

OpenBiblio 0.x - themedelconfirm.php?name Cross-Site Scripting source: https://www.securityfocus.com/bid/27053/info OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting...

OpenBiblio 0.x - 'theme_preview.php?themeName' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27053/info OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities...

Neuron News 1.0 - Multiple SQL Injections / Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/26896/info Neuron News is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and two cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attack...

E-Xoops 1.0.5/1.0.8 - '/myalbum/ratephoto.php?lid' SQL Injection

source: https://www.securityfocus.com/bid/26796/info E-Xoops is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

Joomla! Component com_search 1.5 RC3 - index.php Multiple SQL Injections

Joomla! Component comsearch 1.5 RC3 - index.php Multiple SQL Injections source: https://www.securityfocus.com/bid/26707/info Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these...

Absolute News Manager .NET 5.1 - pagesdefault.aspx?template Remote File Access

Absolute News Manager .NET 5.1 - pagesdefault.aspx?template Remote File Access source: https://www.securityfocus.com/bid/26692/info Absolute News Manager .NET is prone to multiple remote vulnerabilities, including multiple cross-site scripting, SQL-injection, and information-disclosure issues...

bcoos 1.0.10 - ratephoto.php SQL Injection

bcoos 1.0.10 - ratephoto.php SQL Injection source: https://www.securityfocus.com/bid/26629/info The 'bcoos' program is prone to multiple input-validation vulnerabilities, including SQL-injection issues and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data...

GOUAE DWD Realty - 'Password' SQL Injection

source: https://www.securityfocus.com/bid/26579/info DWD Realty is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

NetAuctionHelp 4.1 - Search.ASP SQL Injection Vulnerability

NetAuctionHelp 4.1 Search.ASP SQL Injection Vulnerability. Webapps exploit for asp platform source: http://www.securityfocus.com/bid/26540/info NetAuctionHelp is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query...

CVE-2007-5936

dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place...

CVE-2007-5936

dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place...

E-Vendejo 0.2 - Articles.php SQL Injection

E-Vendejo 0.2 - Articles.php SQL Injection source: https://www.securityfocus.com/bid/26330/info E-Vendejo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

CodeWidgets Web Based Alpha Tabbed Address Book - 'index.asp' SQL Injection

source: https://www.securityfocus.com/bid/26193/info CodeWidgets Web Based Alpha Tabbed Address Book is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

Scott Manktelow Design Stride 1.0 - Merchant shop.php SQL Injection

Scott Manktelow Design Stride 1.0 - Merchant shop.php SQL Injection source: https://www.securityfocus.com/bid/26046/info Scott Manktelow Design Stride 1.0 Merchant is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL...

Ohesa Emlak Portal 1.0 - 'satilik.asp?Kategori' SQL Injection

source: https://www.securityfocus.com/bid/25880/info Ohesa Emlak Portal is prone to multiple SQL-injection vulnerabilities because it fails to adequately sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access ...

Netkamp Emlak Scripti - Multiple Input Validation Vulnerabilities

Netkamp Emlak Scripti - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/25875/info Netkamp Emlak Scripti is prone to multiple input-validation vulnerabilities, including multiple HTML-injection issues and an SQL-injection issue, because the application fails to...

Ohesa Emlak Portal 1.0 - 'detay.asp?Emlak' SQL Injection

source: https://www.securityfocus.com/bid/25880/info Ohesa Emlak Portal is prone to multiple SQL-injection vulnerabilities because it fails to adequately sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access ...

QuickEStore insertorder.cfm CFTOKEN Parameter SQL Injection

The remote host is running QuickEStore, a shopping cart application writtein in Cold Fusion. The version of QuickEStore installed on the remote host fails to sanitize input to the 'CFTOKEN' parameter of the 'insertorder.cfm' script before using it in database queries. An unauthenticated attacker...

Cisco CallManager 4.2 / CUCM 4.2 - Logon Page 'lang' SQL Injection

source: https://www.securityfocus.com/bid/25480/info Cisco Unified CallManager and Unified Communications Manager are prone to multiple input-validation vulnerabilities because the applications fail to properly sanitize user-supplied input. These issues include a cross-site scripting vulnerabilit...