973 matches found
Cross-Site Request Forgery Vulnerability in Multiple Arris Devices
Arris DG860A, TG862A, TG862G devices are modem products from the Arris Group of Companies. A cross-site request forgery vulnerability exists in the 'advpwdcgi' parameter in the web management interface of multiple Arris devices. A remote attacker could exploit this vulnerability to perform...
Web Reference Database Command Execution Vulnerability
Web Reference Database is a web-based multi-user interface product that provides search tools and automatic indexing for managing scientific literature. A vulnerability in the handling of the 'adminPassword' parameter in the Web Reference Databaseinstall.php script allows remote attackers to...
Multiple Cross-Site Scripting Vulnerabilities in SupportCenter Plus
SupportCenter Plus is a web-based customer support software. Multiple cross-site scripting vulnerabilities exist in SupportCenter Plus. Because input passed to the "/HomePage.do" script via the "fromCustomer" HTTP GET parameter, the "username" and "password" HTTP POST parameters are not properly...
CVE-2014-9340
Multiple cross-site request forgery CSRF vulnerabilities in the wpCommentTwit plugin 0.5 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 username or 2 password parameter in the...
CVE-2014-2061
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...
jenkins: clear text password disclosure (SECURITY-93)
The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...
Advantech WebAccess SCADA Password Parameter Buffer Overflow (CVE-2014-0992)
A stack buffer overflow exists in Advantech's WebAccess SCADA software. The vulnerability is due to insufficient input validation of the Password parameter in an ActiveX control that is part of the WebAccess Client. A remote, unauthenticated attacker could exploit this vulnerability by enticing a...
CVE-2012-5700
Multiple cross-site scripting XSS vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to admin/index.php or the 2 username or 3 password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some of thes...
CVE-2014-0992
Stack-based buffer overflow in Advantech WebAccess formerly BroadWin WebAccess 7.2 allows remote attackers to execute arbitrary code via the password parameter...
Anychart 3.0 Password Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19330/info anychart is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful attack could allow an attacker to compromise the...
VirtuaStore 2.0 Password Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18790/info VirtuaStore is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the...
CVE-2012-0262
op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, 2 username, or 3 password parameter...
Session expiry pages may echo password in clear text
The "session expiry" and "XSRF token missing" pages will echo any submitted values. This may result in echoing the submitted password to the page in plain text if triggered on the WebSudo authentication page. Modify the error pages sessionexpired.jsp and xsrfmissing.jsp so they don't echo...
PT-2012-5160 · Pbboard · Pbboard
Name of the Vulnerable Software and Affected Versions: PBBoard version 2.1.4 Description: The issue allows remote attackers to change the password of arbitrary user accounts. This is achieved by exploiting the new password page, specifically through the member id and new password parameters to th...
CVE-2010-4959
SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter...
CVE-2010-3608
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 password pw parameters to a admin.php or b user.php...
CVE-2010-2509
The CVE-2010-2509 entries describe cross-site scripting vulnerabilities in 2daybiz Web Template Software. The affected components are the category.php file (parameter: keyword) and memberlogin.php (parameter: password). The underlying issue is improper handling of user-supplied input leading to s...
Sql injection
Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter. NOTE: some of these details are obtained from third party information...
Sql injection
Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter...