482 matches found
e-ticketing SQL Injection
'e-ticketing' SQL Injection CVE-2012-1673 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in loginscript.php that allows for SQL injection of the 'username' and 'password' POST parameters. II. TESTED VERSION...
e-ticketing SQL Injection (CVE-2012-1673)
Exploit for php platform in category web applications 'e-ticketing' SQL Injection CVE-2012-1673 Mark Stanislav - email protected I. DESCRIPTION --------------------------------------- A vulnerability exists in loginscript.php that allows for SQL injection of the 'username' and 'password' POST...
e-ticketing - SQL Injection
e-ticketing - SQL Injection 'e-ticketing' SQL Injection CVE-2012-1673 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in loginscript.php that allows for SQL injection of the 'username' and 'password' POST parameters. II. TEST...
Mibew messenger multiple XSS
Advisory ID: CSA-12001 Title: Mibew messenger multiple XSS Product: mibew messenger Version: 1.6.4 and probably prior Vendor: mibew.org Vulnerability type: XSS Vendor notification: 2012-01-07 Public disclosure: 2012-01-24 Mibew messenger version 1.6.4 an probably below is vulnerable to multiple X...
Digital Scribe Multiple Cross Site Scripting Vulnerabilities
Digital Scribe is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Digital Scribe 1.5 Cross Site Scripting
25: 26: 27: Title:" SIZE=4 Mr., Mrs., etc 28: 29: Last Name:" 30: Password: 31: 32: Password Again: 33: 34: E-Mail:INPUT TYPE=TEXT NAME=e...
Digital Scribe 1.5 - register_form() Multiple POST Cross-Site Scripting Vulnerabilities
Digital Scribe 1.5 - registerform Multiple POST Cross-Site Scripting Vulnerabilities 25: 26: 27: Title:" SIZE=4 Mr., Mrs., etc 28: 29: Last Name:" 30: Password: 31: 32: Password Again: 33: 34: E-Mail:INP...
Cisco Security Agent Management st_upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Security Agent Management Console. Authentication is not required to exploit this vulnerability. The flaw exists within the webagent.exe component which is handed requests by an Apache instan...
PixelPost 1.7.3 - Multiple POST SQL Injections
PixelPost 1.7.3 - Multiple POST SQL Injections -------------------------------------------------------------------- Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability Vendor: Pixelpost.org Product web page: http://www.pixelpost.org Affected version: 1.7.3 Summary: Pixelpost is an...
TaskFreak! 0.6.4 - Multiple Cross-Site Scripting Vulnerabilities
TaskFreak! v0.6.4 Multiple Cross-Site Scripting Vulnerabilities Vendor: Stan Ozier Product web page: http://www.taskfreak.com Affected version: 0.6.4 multi-user Summary: TaskFreak! Original is a simple but efficient web based task manager written in PHP. Desc: TaskFreak! suffers from multiple XSS...
Pixelpost 1.7.3 SQL Injection
-------------------------------------------------------------------- Pixelpost 1.7.3 Multiple POST Variables SQL Injection Vulnerability Vendor: Pixelpost.org Product web page: http://www.pixelpost.org Affected version: 1.7.3 Summary: Pixelpost is an open-source, standards-compliant, multi-lingua...
eBlog 1.7 - Multiple SQL Injections
eBlog 1.7 - Multiple SQL Injections eBlog 1.7 Multiple SQL Injection Vulnerabilities Name eBlog Vendor https://emuci.com Versions Affected 1.7 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-11-10 X. INDEX I. ABOUT T...
Several XSS vulnerabilities were found in the code.
PMASA-2010-5 Announcement-ID: PMASA-2010-5 Date: 2010-08-20 Summary Several XSS vulnerabilities were found in the code. Description It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages. Severity We consider this vulnerability to be serious. Mitigation...
phpmyadmin -- Several XSS vulnerabilities
phpMyAdmin Team reports: It was possible to conduct a XSS attack using crafted URLs org POST parameters on several pages...
Blue Collar Productions iGallery 4.1 Plus File Download
Vendor Notified: 05/25/2009 Vulnerability Details: ------------------------------------------- Blue Collar Productions iGallery 4.1 Plus http://www.b-cp.com/igallery/default.asp is a commercial photo gallery script written in Classic ASP. There exists also a free version named iGallery 3.4. The...
OtomiGenX 2.2 - 'userAccount' SQL Injection
source: https://www.securityfocus.com/bid/29470/info OtomiGenX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...
Mitridat Form Processor Pro XSS
Greetings, I have discovered cross-site scripting vulnerability in Mitridat's Form Processor Pro. http://www.mitridat.com/ http://www.mitridat.com/products-form-processor-pro.html Form Mail: Email Form Processor Pro™ - process all forms on your website Form Mail: Email Form Processor Pro is the...
olms-xss.txt
BACKGROUND ========== "Oliver is the web-based Library Management System for Schools. Softlink has built on the understanding of thousands of school clients, over many years, and has designed a new system for school libraries and learning resource centres in the 21st century" -- from...
Cross Site Scripting in Oliver Library Management System
BACKGROUND ========== "Oliver is the web-based Library Management System for Schools. Softlink has built on the understanding of thousands of school clients, over many years, and has designed a new system for school libraries and learning resource centres in the 21st century" -- from...
CVE-2007-0969
Multiple cross-site scripting XSS vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to POST parameters to multiple files...