Security feature bypass

Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests...

CVE-2009-1055

Mode C: The vulnerability affects Sitecore CMS 5.3.1 rev. 071114 where the web service can disclose security databases and credentials to remote authenticated users via SOAP/XML requests. Root cause is unspecified in the public initial description, but connected Nessus/NVD entries confirm an info...

CVE-2009-1055

Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 rev. 071114 allows remote authenticated users to gain access to security databases, and obtain administrative and user credentials, via unknown vectors related to SOAP and XML requests...

PHPRunner 4.2 (SearchOption) Blind SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================== PHPRunner 4.2 SearchOption Blind SQL Injection Vulnerability ==============================================================...

SuSE Update for OpenOffice_org SUSE-SA:2007:067

Check for the Version of OpenOfficeorg OpenVAS Vulnerability Test $Id: gbsuse2007067.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for OpenOfficeorg SUSE-SA:2007:067 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is...

ACCESS advanced injection-vulnerability warning-the black bar safety net

Now we in thescript injectionattack technique,commonly used techniques to score a lot of kinds,the most common is the use of subqueries or is a Union a Union query to get some special table of contents,such as Admin,Log table etc., this is a pure database attack,and MSSQL Server method is more...

DEBIAN-CVE-2008-4096

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

FreeBSD Security Advisory (FreeBSD-SA-06:15.ypserv.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:15.ypserv.asc ADV FreeBSD-SA-06:15.ypserv.asc OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Sof...

FreeBSD Security Advisory (FreeBSD-SA-06:15.ypserv.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:15.ypserv.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

phpmyadmin -- cross site request forgery vulnerabilities

A phpMyAdmin security announcement: A logged-in user, if abused into clicking a crafted link or loading an attack page, would create a database he did not intend to, or would change his connection character set...

Kahua vulnerable in allowing to share login sessions

Overview Kahua is an open source application development and runtime environment server. Kahua contains a vulnerability which allows the sharing of sessions among multiple applications which are referring to different user databases. Impact A remote attacker could possibly take over the user...

GLSA-200805-06 : Firebird: Data disclosure

The remote host is affected by the vulnerability described in GLSA-200805-06 Firebird: Data disclosure Viesturs reported that the default configuration for Gentoo's init script '/etc/conf.d/firebird' sets the 'ISCPASSWORD' environment variable when starting Firebird. It will be used when no...

phpMyAdmin: Information disclosure

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. Description Cezary Tomczak reported that an undefined UploadDir variable exposes an information disclosure vulnerability when running on shared hosts. Impact A remote attack...

OpenOffice.org-base allows Denial-of-Service and command injection

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...

Microsoft Office Web Components Multiple Buffer Overflows (MS08-017; CVE-2006-4695; CVE-2007-1201; CVE-2009-0562; CVE-2009-1136; CVE-2009-1534; CVE-2009-2493; CVE-2009-2496)

Microsoft Office Web Components are a collection of Component Object Model COM controls for publishing spreadsheets, charts, and databases to the Web, and for viewing the published components on the Web. A remote code execution vulnerability has been reported in Microsoft Office Web Components. A...

LightBlog 9.5 cp_upload_image.php Remote File Upload Vulnerability

Exploit for unknown platform in category web applications ================================================================== LightBlog 9.5 cpuploadimage.php Remote File Upload Vulnerability ================================================================== LightBlog 9.5 - REMOTE FILE UPLOAD...

LightBlog Remote File Upload Vulnerability

LightBlog 9.5 - REMOTE FILE UPLOAD VULNERABILITY by Omni 1 Infos --------- Date : 2008-01-30 Product : LightBlog Version : v 9.5 Vendor : http://www.publicwarehouse.co.uk/ Vendor Status : 2008-01-31 Informed! 2008-01-31 Patch received from vendor! 2008-02-01 Published! Description : Lightblog...

openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-4802)

This update of OpenOfficeorg adds restrictions to SQL statements of Java-based databases to avoid the execution of native Jave code by creating procedures. CVE-2007-4575 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 4770)

This update of OpenOfficeorg adds restrictions to SQL statements of Java-based databases to avoid the execution of native Jave code by creating procedures. CVE-2007-4575 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-4769)

This update of OpenOfficeorg adds restrictions to SQL statements of Java-based databases to avoid the execution of native Jave code by creating procedures. CVE-2007-4575 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...