3920 matches found
Spider Sales shopping cart software multiple security vulnerabilities
S-Quadra Advisory 2004-03-03 Topic: Spider Sales shopping cart software multiple security vulnerabilities Severity: High Vendor URL: http://www.spidersales.com Advisory URL: http://www.s-quadra.com/advisories/Adv-20040303.txt Release date: 03 Mar 2004 1. DESCRIPTION "Spider Sales is a powerful...
SpiderSales 2.0 Shopping Cart - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/9799/info Multiple vulnerabilities have been identified in the application that may allow an attacker to obtain the private cryptographic key and gain access to sensitive information. The application is also reported prone to an SQL injection vulnerabilit...
PunkBuster SQL Injection Attack
Timberlake Advisory 200402181e-03. Program: http://pbdb.sourceforge.net/ PunkBuster screenshot management system. Simplifying the task of capturing and cataloguing screenshots. It sticks to the roof like a gecko. It supports screenshot retrieval and cataloguing to a website - which includes searc...
Moderate: Red Hat Security Advisory: slocate security update
Updated slocate packages are now available that fix vulnerabilities allowing a local user to gain "slocate" group privileges. Slocate is a security-enhanced version of locate, designed to find files on a system via a central database. Patrik Hornik discovered a vulnerability in Slocate versions u...
Aardvark Topsites 4.1.0 - Multiple Vulnerabilities
Aardvark Topsites 4.1.0 - Multiple Vulnerabilities Aardvark Topsites Multiple Vulnerabilities Vendor: Aardvark Industries Product: Aardvark Topsites Version: = 4.1.0 Website: http://www.aardvarkind.com/ BID: 9231 Description: Aardvark Topsites is a popular free PHP topsites script. See URL for...
MySQL AB ODBC Driver 3.51 - Plain Text Password
MySQL AB ODBC Driver 3.51 - Plain Text Password source: https://www.securityfocus.com/bid/8245/info A vulnerability has been reported in the MySQL AB ODBC Open Data Base Connectivity driver implementation. The MySQL ODBC driver reportedly stores plain text credentials used to connect to the...
[SECURITY] [DSA-335-1] New mantis packages fix insecure file permissions
-------------------------------------------------------------------------- Debian Security Advisory DSA 335-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 28th, 2003 http://www.debian.org/security/faq -...
TA-2003-06 Denial of Service Attack against Armida Databased Web Server v1.0
TA-2003-06 Denial of Service Attack against Armida Databased Web Server v1.0 contributed by: rushjo ============================================================================ Tripbit Security Advisory TA-2003-06 Denial of Service Attack against Armida Databased Web Server v1.0...
More and More SQL injection on PHP-Nuke 6.5.
/----------------------------------------------------------------------------- | 7 A 6 9 - A d v C: 011 |-----------------------------------------------------------------------------| | | PHP-Nuke SQL injection | -----------------------------------------------------------------------------/ |...
Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)
/----------------------------------------------------------------------------- | 7 A 6 9 - A d v C: 010 |-----------------------------------------------------------------------------| | | PHP-Nuke SQL injection | -----------------------------------------------------------------------------/ |...
Web Wiz Forum 6.34 - Information Disclosure
Web Wiz Forum 6.34 - Information Disclosure source: https://www.securityfocus.com/bid/7380/info Web Wiz Forum has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Forum...
CVE-2002-1421
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via 1 report.php, 2 selmsg.php, and 3 showposts.php...
CVE-2002-1499
Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via 1 the authornumber parameter in author.asp, 2 the discussblurbid parameter in discuss.asp, 3 the name parameter in holdcomment.asp, and 4 the email parameter in...
Adcycle build.cgi Remote Password Disclosure
The CGI 'build.cgi' is installed. This CGI has a well known security flaw that lets an attacker obtain the password of the remote AdCycle database or delete databases. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
phpESP (php Easy Survey Package)
Product : phpESP php Easy Survey Package Version : 1.11 WebSite : http://acm.jhu.edu Problem : Access in dbase Description: ------------ In admin directory exist file phpEST.ini if we look this file we can see database dbpassword, dblogin, dbhost, dbname and other private info. phpESP.ini...
CVE-2002-1421
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via 1 report.php, 2 selmsg.php, and 3 showposts.php...
SimpleBBS users disclosure
The remote installation of SimpleChat allows an unauthenticated, remote attacker to retrieve its user database via a direct request to 'data/usr', which contains confidential information such as user passwords. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
web-erp 0.1.4 database access vulnerability
================================== Security REPORT web-erp 0.1.4 and earlier ================================== Product: web-erp 0.1.4 and earlier Vulnerabilities: full database access Vendor: Phil Daintree http://web-erp.sourceforge.net/ Vendor-Status: E-Mail to "[email protected]" date:...
PHPBB2 - 'Page_Header.php' SQL Injection
source: https://www.securityfocus.com/bid/6888/info A SQL injection vulnerability has been reported in phpBB2. phpBB2, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulat...
PHP-Nuke 5.6/6.0 - Search Engine SQL Injection
source: https://www.securityfocus.com/bid/6887/info It has been reported that the search module distributed with PHPNuke is vulnerable to an SQL injection attack. PHPNuke, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result,...