Debian DSA-2787-1 : roundcube - design error

It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the session parameter in steps/utils/savepref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing rand...

[SECURITY] [DSA 2787-1] roundcube security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2787-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 27, 2013 http://www.debian.org/security/faq -...

DSA-2787-1 roundcube - design error

Bulletin has no description...

WordPress Plugin NOSpamPTI - Blind SQL Injection

NOSpamPTI Wordpress plugin Blind SQL Injection Vendor product description NOSpamPTI eliminates the spam in your comment box so strong and free, developed from the idea of Nando Vieira http://bit.ly/d38gB8, but some themes do not support changes to the functions.php to this we alter this function...

Joomla com_sectionex v2.5.96 SQL Injection vulnerabilities

------------------------------------------------------------------------------------- Joomla comsectionex v2.5.96 SQL Injection vulnerabilities ------------------------------------------------------------------------------------- == Description == - Software link: http://stackideas.com/sectionex ...

Ovidentia 7.9.4 Cross Site Scripting / SQL Injection

Ovidentia 7.9.4 Multiple Remote Vulnerabilities Vendor: Cantico Product web page: http://www.ovidentia.org Affected version: 7.9.4 Summary: Ovidentia is both a content management system CMS and a collaborative environment Groupware. Desc: Input passed via several parameters is not properly...

Ovidentia 7.9.4 - Multiple Vulnerabilities

Ovidentia 7.9.4 - Multiple Vulnerabilities Ovidentia 7.9.4 Multiple Remote Vulnerabilities Vendor: Cantico Product web page: http://www.ovidentia.org Affected version: 7.9.4 Summary: Ovidentia is both a content management system CMS and a collaborative environment Groupware. Desc: Input passed...

DotNetNuke < 10.1 DNNArticle Module SQLi Vulnerability

DotNetNuke DNNArticle module is prone to a SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

McAfee ePolicy Orchestrator (ePO) Multiple Vulnerabilities-01 (Aug 2013)

McAfee ePolicy Orchestrator is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Debian Security Advisory DSA 2733-1 (otrs2 - SQL injection)

It was discovered that otrs2, the Open Ticket Request System, does not properly sanitise user-supplied data that is used on SQL queries. An attacker with a valid agent login could exploit this issue to craft SQL queries by injecting arbitrary SQL code through manipulated URLs. OpenVAS Vulnerabili...

F-Secure E-mail and Server Security FSDBCom ActiveX Control GetCommand Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of F-Secure E-mail and Server Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

WHMCS <= 4.5.2 SQLi Vulnerability

WHMCS is prone to an SQL injection SQLi vulnerability. Copyright C 2013 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you ca...

Cisco Clean Access Manager filter SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Clean Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw is in the handling of filter URL parameters when constructing SQL database queries. By...

Cisco Clean Access Manager sortColumn SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Clean Access Manager. Authentication is not required to exploit this vulnerability. The specific flaw is in the handling of sortColumn URL parameters when constructing SQL database queries. B...

WordPress Level Four Storefront Plugin SQL Injection Vulnerability

WordPress Level Four Storefront Plugin is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

WordPress LeagueManager Plugin Multiple Vulnerabilities

WordPress LeagueManager Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2611-1 : movabletype-opensource - several vulnerabilities

An input sanitation problem has been found in upgrade functions of movabletype-opensource, a web-based publishing platform. Using carefully crafted requests to the mt-upgrade.cgi file, it would be possible to inject OS command and SQL queries. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

[SECURITY] [DSA 2611-1] movabletype-opensource security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2611-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez January 22, 2013 http://www.debian.org/security/faq -...

WordPress W3 Total Cache Data Disclosure

!/bin/bash C Copyright 2012 Jason A. Donenfeld . All Rights Reserved. |---------------| | W3 Total Fail | | by zx2c4 | |---------------| For more info, see built-in help text. Most up to date version is available at: http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh This affects all curren...

Multiple SQL Injection vulnerabilities in ClipBucket

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in ClipBucket, which can be exploited to perform SQL Injection attacks. 1 Multiple SQL Injections in ClipBucket: CVE-2012-5849 1.1 The vulnerability exists due to improper sanitation of input in multiple parameters within...