358 matches found
McAfee Data Loss Prevention Endpoint EPO Extended Information Disclosure Vulnerability
McAfee Data Loss Prevention Endpoint DLPe is an integrated endpoint data protection solution from the U.S. company McAfee McAfee. A security vulnerability in the McAfee Data Loss Prevention Endpoint DLPe epo extension allows remote attackers to submit a special URL request to obtain sensitive...
CVE-2015-2759
Multiple cross-site request forgery CSRF vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allow remote attackers to hijack the authentication of users for requests that 1 obtain sensitive information or 2 modify the database...
CVE-2015-2758
The ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allow remote attackers to hijack the authentication of users for requests that 1 obtain sensitive information or 2 modify the database...
CVE-2015-2759
Multiple cross-site request forgery CSRF vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allow remote attackers to hijack the authentication of users for requests that 1 obtain sensitive information or 2 modify the database...
SQL Servers Unauthorized Commands SQL Injection - Ver2 (CVE-2014-3704)
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. SQL injection techniques can be used by attackers to exploit the Drupal vulnerability. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or...
OSTicket 1.2/1.3 - Multiple Input Validation and Remote Code Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/13478/info osTicket is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Reportedly the application permits the inclusion...
SQL Servers Oracle Vendor-specific SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Unauthorized SQL Injection Command Execution
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers UNION Query-based SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Unauthorized Commands SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers SQL Injection Evasion Techniques
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers MSSQL Vendor-specific SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Blind SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers MySQL Vendor-specific SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Stack Query SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities
Overview ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web ParameterIt has been reported that the 'Properties.do?name=' module is vulnerable to an ‘unauthorized function call’ caused by server failing to...
CVE-2012-2358
CVE-2012-2358 affects Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3. A remote authenticated user can bypass an activity’s read-only state and modify the database by leveraging the student role to edit existing database activity entries. The provided documents do not specif...
NetArt Media Car Portal SQLi Vulnerability
NetArt Media Car Portal is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CGI Generic XML Injection
By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was able to get a very different response, which suggests that it may have been able to modify the behavior of the application and directly access a SOAP back-end. An attacker may be able to...