CSWorks Software Framework SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CSWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the data source templating. CSWorks does not properly sanitize or validate the data used to...

Hosting Controller 1.x DSNManager Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4759/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The DSNManager script does not sufficiently filter...

CVE-2013-6221

creationtimestamp| type| source ---|---|--- 2014-06-27 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33891 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hpautopasslicensetraversal.rb 2025-02-06...

CVE-2014-3914

creationtimestamp| type| source ---|---|--- 2014-06-18 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33807 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rocketservergraphfilerequestorrce.rb 2025-02-06...

CVE-2013-4984

creationtimestamp| type| source ---|---|--- 2013-09-09 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/28175 2013-09-17 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/28332 2018-05-29 15:50:33+00:00| seen|...

CVE-2013-0108

creationtimestamp| type| source ---|---|--- 2013-03-13 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/24745 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/honeywellhscremotedeployexec.rb 2025-02-06...

CVE-2013-0651

The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request...

Improper access control

The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request...

CVE-2013-0651

The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request...

CVE-2013-0651

The CVE-2013-0651 issue affects GE Intelligent Platforms Proficy Real-Time Information Portal. A misconfiguration in the Portal installation places sensitive files under the web root with insufficient access control, allowing unauthenticated remote retrieval of configuration data and data-source ...

php-Charts Arbitrary PHP Code Execution Vulnerability

Exploit for php platform in category web applications =============================================================== Vulnerable Software: php-chartv1.0 Official Site: http://php-charts.com/ Vuln: PHP Code Execution. =============================================================== Tested On: Debia...

Scientific Linux Security Update : sysstat on SL5.x i386/x86_64

The sysstat package contains a set of utilities which enable system monitoring of disks, network, and other I/O activity. It was found that the sysstat initscript created a temporary file in an insecure way. A local attacker could use this flaw to create arbitrary files via a symbolic link attack...

Vivotek Full Data Source CONFIG

Exploit for cgi platform in category web applications Exploit Title: Vivotek Full Data Source CONFIG Date: 09/07/12 Author: Alejandro Leon Morales GothicX Author Mail: Gothicxatfreaknetworkdotin Author Web: www.undermx.blogspot.mx Sofware web: www.vivotek.com Vulnerable version: all Tested on:...

HTTP Protocol header injection vulnerability-vulnerability warning-the black bar safety net

HTTP response header file contains unverified data will lead to cache-poisoning, cross-site scripting, cross-user defacement, page hijacking, cookie manipulation or open redirect. HTTP Protocol header injection vulnerability principles The following cases will appear in the HTTP Protocol header...

CVE-2012-0754

creationtimestamp| type| source ---|---|--- 2012-03-08 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/18572 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/adobeflashmp4cprt.rb 2023-06-14 21:10:03+00:00|...

Cross site scripting

Cross-site scripting XSS vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."...

CVE-2011-0026

Integer signedness error in the SQLConnectW function in an ODBC API odbc32.dll in Microsoft Data Access Components MDAC 2.8 SP1 and SP2, and Windows Data Access Components WDAC 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name DSN and a crafted szDSN...

PT-2011-2023 · Microsoft · Data Access Components +1

Name of the Vulnerable Software and Affected Versions: Microsoft Data Access Components MDAC versions 2.8 SP1 through 2.8 SP2 Windows Data Access Components WDAC version 6.0 Description: The issue is related to an integer signedness error in the SQLConnectW function within the odbc32.dll of...

CVE-2003-0213

creationtimestamp| type| source ---|---|--- 2010-11-23 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16845 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/pptp/poptopnegativeread.rb 2025-02-06 03:13:37+00:00| seen...

CVE-2006-3838

creationtimestamp| type| source ---|---|--- 2010-09-20 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16438 2010-09-20 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16451 2018-05-29 15:50:33+00:00| seen|...