DUforum 3.x - Login Form 'Password' SQL Injection

source: https://www.securityfocus.com/bid/11363/info Multiple vulnerabilities have been identified in the software that may allow a remote attacker to carry out SQL injection and HTML injection attacks. An attacker may also gain unauthorized access to a user's account. DUclassmate may allow...

PD9 Software MegaBBS 2.02.1 - thread-post.asp Multiple Header CRLF Injections

PD9 Software MegaBBS 2.02.1 - thread-post.asp Multiple Header CRLF Injections source: https://www.securityfocus.com/bid/11253/info MegaBBS is reported prone to multiple vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry ou...

TUTOS - 'app_new.php?t' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11221/info Tutos is reported prone to multiple remote input-validation vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site scripting and SQL-injection attacks. These...

Mambo Open Source 4.5.1 (1.0.9) - Cross-Site Scripting

source: https://www.securityfocus.com/bid/11220/info Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters. An attacker may leverage these issues to execute...

Mambo Open Source 4.5.1 (1.0.9) - Function.php Arbitrary Command Execution

Mambo Open Source 4.5.1 1.0.9 - Function.php Arbitrary Command Execution source: https://www.securityfocus.com/bid/11220/info Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate...

TUTOS - app_new.php?t Cross-Site Scripting

TUTOS - appnew.php?t Cross-Site Scripting source: https://www.securityfocus.com/bid/11221/info Tutos is reported prone to multiple remote input-validation vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out cross-site...

GetSolutions GetIntranet 2.2 - Multiple Remote Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/11149/info Reportedly getSolutions getIntranet is affected by multiple remote input validation vulnerabilities. These issues are caused by a failure of the application to properly sanitize user-supplied input. These issues may be leveraged to carry out SQ...

GetSolutions GetIntranet 2.2 - Multiple Remote Input Validation Vulnerabilities

GetSolutions GetIntranet 2.2 - Multiple Remote Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/11149/info Reportedly getSolutions getIntranet is affected by multiple remote input validation vulnerabilities. These issues are caused by a failure of the application to...

MercuryBoard < 1.1.3 Multiple Vulnerabilities

Binary data 2627.prm...

SquirrelMail < 1.4.3 Multiple Vulnerabilities

The remote host is running SquirrelMail, a web-based mail server. There are several flaws in all versions less than 1.4.3 and development versions 1.5.0 and 1.5.1 that allow for local root access and remote cross-site scripting XSS attacks. Nessus has determined the vulnerability exists on the...

OpenBB 1.0.x - &#039;index.php?redirect&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The SQL issues may allow a remote attacker to...

phpBugTracker 0.9 - &#039;query.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due to a failure of the application to properly sanitize us...

TikiWiki Project 1.8 - tiki-list_trackers.php?offset SQL Injection

TikiWiki Project 1.8 - tiki-listtrackers.php?offset SQL Injection source: https://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path...

Xpressions Software: Multiple SQL Injection Attacks To Manage WebStore

/------------------------ Pimp industries. --------------------------/ Xpressions Software : Multiple SQL Injection Attacks To Manage WebStores. BackGround ------------- When your suppliers and trading partners can interact with your organization as a seamless extension of your internal business...

InstaBoard 1.3 - index.cfm SQL Injection

InstaBoard 1.3 - index.cfm SQL Injection source: https://www.securityfocus.com/bid/7338/info It has been reported that multiple input validation errors exist in the index.cfm file included with InstaBoard. Because of this issue, remote attackers may launch SQL injection attacks through the...

SquirrelMail v1.2.9 XSS bugs

=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: SquirrelMail v1.2.9 XSS bugs product: SquirrelMail v1.2.9 vendor: www.squirrelmail.org risk: low date: 12/3/2k2 discovered by: euronymous /F0KP /HACKRU Team advisory url: http://f0kp.iplus.ru/bz/008.txt...

CVE-2002-0420

Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions...

CVE-2002-0420

CVE-2002-0420 relates to PureTLS prior to version 0.9b2, with an injection-related vulnerability that could allow remote attackers to corrupt or hijack user sessions. The connected sources confirm the affected software and a remote-exploit goal, but do not provide further technical specifics, exp...

CVE-2002-0420

Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions...

Security Update For Exchange Server 2016 CU3 (KB4012178)

An elevation of privilege vulnerability exists in the way that Microsoft Exchange Outlook Web Access OWA fails to properly handle web requests. To exploit the vulnerability, an attacker who successfully exploited this vulnerability could, perform script/content injection attacks, and attempt to...