PT-2009-5434 · Symantec · Symantec Altiris Deployment Solution

Name of the Vulnerable Software and Affected Versions: Symantec Altiris Deployment Solution versions 6.9.x before 6.9 SP3 Build 430 Description: The issue is related to improper access restriction to the listening port for the DBManager service. This allows remote attackers to bypass authenticati...

Simple Machines Forum SQL Injection Vulnerability

The host is installed with Simple Machines Forum and is prone to SQL Injection Vulnerability. OpenVAS Vulnerability Test $Id: secpodsimplemachinesforumsqlinjvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ Simple Machines Forum SQL Injection Vulnerability Authors: Nikita MR Copyright: Copyright c 200...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modif...

CVE-2008-6532

Multiple cross-site request forgery CSRF vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modif...

CVE-2008-6532

Multiple cross-site request forgery CSRF vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modif...

phpBB Mod FileBase 2.0 - 'id' SQL Injection

--==+================================================================================+==-- --==+ phpBB MOD FileBase SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: N/A DORK:...

ImageAlbum 2.0.0b2 - 'id' SQL Injection

ImageAlbum Remote SQL Injection Vulnerabilities ------------------------------------------------------------------------- Product: ImageAlbum Version: Latest 2.0.0b2, others not tested Vendor: http://imagealbum.sourceforge.net/ Date: 01/10/08 - Introduction ImageAlbum is a web application written...

ImageAlbum 2.0.0b2 - id SQL Injection

ImageAlbum 2.0.0b2 - id SQL Injection ImageAlbum Remote SQL Injection Vulnerabilities ------------------------------------------------------------------------- Product: ImageAlbum Version: Latest 2.0.0b2, others not tested Vendor: http://imagealbum.sourceforge.net/ Date: 01/10/08 - Introduction...

Double free

Double free vulnerability in the GSS-API library lib/gssapi/krb5/k5unseal.c, as used by the Kerberos administration daemon kadmind in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSECGSS RPC library, allows remote authenticated users to execute arbitrary code...

CVE-2007-1216

CVE-2007-1216 is a double-free vulnerability in the MIT Kerberos 5 GSS-API library (libgssapi/krb5/k5unseal.c) used by kadmind, exploitable when the RPCSEC_GSS authentication method is involved. It affects MIT krb5 prior to version 1.6.1, enabling remote authenticated users to execute arbitrary c...

Website Baker Admin Login SQL Injection

The remote host is running Website Baker, a PHP-based content management system. The installed version of Website Baker fails to validate user input to the username parameter of the 'admin/login/index.php' script before using it to generate database queries. An unauthenticated attacker can levera...

MyBulletinBoard (MyBB) 1.0 - 'usercp.php' SQL Injection

source: https://www.securityfocus.com/bid/15204/info MyBulletinBoard is prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could...

aspReadySQL.txt

The free, open source project called "aspReady FAQ" is open for SQL-injection. This results is admin access with the ability change/delete the entire database. An example on SQL-inject that works could be: 1'or'1'='1 After doing a google search, I've found out that some companies are actually usi...

CVE-2004-2324

DotNetNuke (formerly IBuySpy Workshop) 1.0.6–1.0.10d is affected by an SQL injection vulnerability in LinkClick.aspx, exploitable via the (1) table and (2) field parameters to modify the backend database. The vulnerability allows remote attackers to alter database contents. Documents do not provi...

CVE-2000-1232

upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method...

CVE-2000-1232

The CVE-2000-1232 entry concerns Phorum 3.0.7, where upgrade.php3 could allow remote attackers to modify certain Phorum database tables via an unknown method. The connected documents confirm the affected product/version and the basic impact (unauthorized modification of database tables), but they...

CJ Ultra Plus 1.0.3/1.0.4 - 'OUT.php' SQL Injection

source: https://www.securityfocus.com/bid/13533/info CJ Ultra Plus is prone to an SQL injection vulnerability. This issue affects the 'out.php' script and could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks...

CubeCart 2.0.x - tellafriend.php?product Full Path Disclosure

CubeCart 2.0.x - tellafriend.php?product Full Path Disclosure source: https://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in...

[Full-Disclosure] phpGiftReq SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: phpGiftReq SQL Injection Vulnerability discovery: Madelman madelman AT iname.com Date: 16/01/2005 Severity: Moderately critical Summary: - -------- The PHP Gift Registry is a web-enabled gift registry intended for use among a circle of family...

CVE-2004-2324

SQL injection vulnerability in DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the 1 table and 2 field parameters in LinkClick.aspx...