CVE-2012-3286

Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors...

CVE-2012-3280

Multiple unspecified vulnerabilities on HP NonStop Servers H06.x and J06.x allow remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via an OSS Remote Operation over an Expand connection...

PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/57561/info The PHPWeby Free directory script is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. A successful exploit may allow an attacker to compromise the application, access or modify data,...

iCart Pro - section SQL Injection

iCart Pro - section SQL Injection source: https://www.securityfocus.com/bid/57564/info iCart Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the...

CVE-2012-6298

Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors...

Code injection

Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors...

CVE-2012-6298

CA IdentityMinder (r12.0 through CR16, r12.5 before SP15, and r12.6 GA) contains an unspecified vulnerability that could allow a remote attacker to execute arbitrary commands or modify data via unknown vectors. The issue is documented in the CA Security Notice CA20121220-01 and is addressed by pa...

CVE-2012-6298

Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors...

CVE-2012-5968

The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network...

MyBB Transactions Plugin - 'transaction' SQL Injection

source: https://www.securityfocus.com/bid/57009/info The Transactions Plugin for MyBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access o...

WordPress Theme Nest - codigo SQL Injection

WordPress Theme Nest - codigo SQL Injection source: https://www.securityfocus.com/bid/56792/info The Nest theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue...

WordPress Theme CStar Design - id SQL Injection

WordPress Theme CStar Design - id SQL Injection source: https://www.securityfocus.com/bid/56694/info The CStar Design theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploi...

CVE-2012-3270

Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269...

Design/Logic Flaw

Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270...

CVE-2012-3269

Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270...

CVE-2012-3270

CVE-2012-3270 affects HP Performance Insight (PI) versions 5.31, 5.40 and 5.41 when running with Sybase as the database. The vulnerability enables remote attackers to cause a denial of service and potential data loss/intrusion due to flaws in the PI-Sybase interaction (root cause described in the...

CVE-2012-3270

Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269...

CVE-2012-5302

The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors...

DELTAScripts PHP Links - Multiple SQL Injections

source: https://www.securityfocus.com/bid/55478/info DeltaScripts PHP Links is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the applicatio...

Medium: postgresql9

Issue Overview: The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger...