80 matches found
Horde Groupware SQL Injection Vulnerability
Horde Groupware is an enterprise browser based on the Communication Suite from Horde USA. The browser supports sending and receiving e-mail, managing and sharing calendars, contacts and tasks, and more. A SQL injection vulnerability exists in Horde Groupware 5.2.22 and earlier versions. A remote...
Sql injection
FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or companydetails.php id parameter...
SQL Injection Vulnerability in Digital China Internet Behavior Management System's page_group Parameter
Digital China Internet Behavior Management System is an Internet behavior logging system that fully owns the network behavior analysis management system, integrating hardware and software architecture, behavior analysis engine, management and control policies, analyzing network activities in real...
CVE-2014-8023
Cisco Adaptive Security Appliance ASA Software 9.2.3 and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID...
CVE-2014-8375
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selectedgroup parameter in a gbajaxgetgroup action to wp-admin/admin-ajax.php...
Cross site scripting
Cross-site scripting XSS vulnerability in the group moderation screen in the control center control.php in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter...
CVE-2012-4234
Cross-site scripting XSS vulnerability in the group moderation screen in the control center control.php in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter...
Addressbook 8.1.24.1 / 8.2.5 Cross Site Scripting
Instructions. After authentication, click on the Group tab at the top. Click on the New Group Button on the group page. For the group name the first field enter the following XSS test string: alertString.fromCharCode88,83,83 Then call the XSS string from the URL -- technically one calls the group...
CVE-2011-5159
Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...
CVE-2011-5159
Cross-site scripting XSS vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the subgroup parameter, a different vulnerability than CVE-2011-4942...
CVE-2012-2446
Cross-site scripting XSS vulnerability in tools/locallookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action...
CVE-2012-2446
Cross-site scripting XSS vulnerability in tools/locallookup.php in the WebAdmin Portal in Netsweeper allows remote attackers to inject arbitrary web script or HTML via the group parameter in a lookup action...
CVE-2009-4088
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to 1 getjs.php and 2 getcsslocal.php; and include and execute arbitrary local files via the 3 group parameter to...
Sql injection
SQL injection vulnerability in view.php in E-topbiz AdManager 4 allows remote attackers to execute arbitrary SQL commands via the group parameter...
CVE-2007-6466
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via 1 the prod parameter in a details action, 2 the cat parameter in a browse list action, or 3 the group parameter in a categories action. NOTE: it was later reported...
CVE-2007-5370
Multiple cross-site scripting XSS vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb DNews News Server 57e1 allow remote attackers to inject arbitrary web script or HTML via the 1 group or 2 utag parameter...
SAP消息服务器Group参数远程堆溢出漏洞
BUGTRAQ ID: 24765 SAP消息服务器是SAP设备所使用的用于交换数据和内部消息的服务。 SAP消息服务器在处理畸形的GET请求时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 如果远程攻击者向监听在SAP设备TCP 8100端口上的消息服务器发送了畸形的GET请求,并将URL /msgserver/html/group的Group参数指定为498字节,就可能触发堆溢出,导致拒绝服务或以系统权限执行任意指令。 SAP Message Server 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.sap.com/ GET...
CVE-2006-3299
Cross-site scripting XSS vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter...
DEBIAN-CVE-2005-3980
SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter...
CVE-2005-2322
Cross-site scripting XSS vulnerability in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allows remote attackers to inject arbitrary web script or HTML via the 1 viewuserid or 2 group parameter to users.php...