Cross site request forgery (csrf)

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...

CVE-2014-8244

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...

WordPress Plugin Spider Facebook - 'facebook.php' SQL Injection

source: https://www.securityfocus.com/bid/69675/info Spider Facebook plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

Authentication flaw

Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors...

CVE-2014-5285

CVE-2014-5285 affects the Authentication Module of TIBCO Spotfire Server prior to specific versions: 4.5.2, 5.0.x prior to 5.0.3, 5.5.x prior to 5.5.2, 6.0.x prior to 6.0.3, and 6.5.x prior to 6.5.1. The issue is described as an unspecified flaw in the Authentication Module that enables remote at...

CVE-2014-5285

Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors...

WordPress Malmonation Theme - SQL Injection

This WordPress Malmonation theme is prone to an SQL injection via "debate.php" file in "id" parameter. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the theme...

WordPress Daily Edition Theme <= 1.6.2 - SQL Injection

This theme is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the theme...

WordPress Plugin FB Gorilla - &#039;game_play.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/69222/info FB Gorilla plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent...

CVE-2014-2622

Unspecified vulnerability in HP Intelligent Management Center iMC before 7.0 E02020P03 and Branch Intelligent Management System BIMS before 7.0 E0201P02 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors, aka ZDI-CAN-2312...

Code injection

Unspecified vulnerability in HP Intelligent Management Center iMC before 7.0 E02020P03 and Branch Intelligent Management System BIMS before 7.0 E0201P02 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors, aka ZDI-CAN-2312...

xClassified - ads.php SQL Injection

xClassified - ads.php SQL Injection source: https://www.securityfocus.com/bid/68438/info xClassified is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

xClassified - &#039;ads.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/68438/info xClassified is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

PuterJam\'s Blog PJBlog3 3.0.6 \'action.asp\' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34701/info PJBlog3 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

XOOPS 'prayerlist' Module - 'cid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27934/info XOOPS 'prayerlist' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker t...

Enthrallweb eHomes homeDetail.asp AD_ID Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21193/info eHome is prone to multiple input-validation vulnerabilities, including cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploi...

Joomla! and Mambo com_model Component - 'objid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27781/info The Joomla! and Mambo 'commodel' component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...

bcoos 1.0.10 Arcade Module Index.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25790/info The 'bcoos' Arcade module is prone to an SQL-injection vulnerability because it fails to adequately sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to...

Cartweaver 2.16.11 Results.cfm category Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/17941/info Cartweaver ColdFusion is prone to SQL-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input before using it in SQL queries. Successful exploits...

K Web CMS 'sayfala.asp' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30745/info K Web CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...