[USN-1289-1] colord vulnerability

========================================================================== Ubuntu Security Notice USN-1289-1 December 07, 2011 colord vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Ubuntu 11.10 : colord vulnerability (USN-1289-1)

It was discovered that colord incorrectly handled certain SQL queries. A local attacker could exploit this to modify arbitrary sqlite databases. On Ubuntu, colord runs as its own user by default, so standard file permissions would limit which databases could be altered. Note that Tenable Network...

USN-1289-1: colord vulnerability

It was discovered that colord incorrectly handled certain SQL queries. A local attacker could exploit this to modify arbitrary sqlite databases. On Ubuntu, colord runs as its own user by default, so standard file permissions would limit which databases could be altered...

Joomla 'BF Quiz' Component 'catid' Parameter SQL Injection Vulnerability

This host is running Joomla! with BF Quiz component and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlacomcombfquiztrialsqlinjvuln.nasl 7015 2017-08-28 11:51:24Z teissa $ Joomla 'BF Quiz' Component 'catid' Parameter SQL Injection Vulnerability Authors: Madhuri D...

webERP 4.05 Cross Site Scripting / SQL Injection

Vulnerability ID: HTB23055 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinweberp.html Product: webERP Vendor: www.weberp.org http://www.weberp.org Vulnerable Version: 4.05 and probably prior Tested Version: 4.05 Vendor Notification: 26 October 2011 Vulnerability Type: XSS, S...

Joomla 'Teams' Component SQL Injection Vulnerability

This host is running Joomla with Teams component and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlateamssqlinjvuln.nasl 7006 2017-08-25 11:51:20Z teissa $ Joomla 'Teams' Component SQL Injection Vulnerability Authors: Madhuri D Copyright: Copyright c 2011 Greenbo...

Joomla 'Teams' Component SQLi Vulnerability (Nov 2011)

Joomla with Teams component is prone to a SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

MyBB MyStatus Plugin process-mystatus.php 'statid' Parameter SQLi Vulnerability

MyBB with MyStatus Plugin is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

ColdGen ColdUserGroup Cross-Site Scripting and SQL Injection Vulnerabilities

ColdGen ColdUserGroup is prone to cross site scripting and SQL injection vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CMS Faethon 'info.php' SQL Injection Vulnerability

CMS Faethon is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Xataface WebAuction / Librarian DB XSS / LFI / SQL Injection

Title : Xataface WebAuction and Xataface Librarian DB Multiple Vulnerabilities. Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://xataface.com/ Advisory : http://secpod.org/blog/?p=350 http://secpod.org/advisories/SECPODXatafaceWebauctionMultVuln.txt Software : Xataface...

Xataface WebAuction and Xataface Librarian DB Multiple Vulnerabilities

Xataface WebAuction/Librarian DB is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Joomla Minitek FAQ Book 'id' Parameter SQL Injection Vulnerability

This host is running Joomla Minitek FAQ Book component and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlaminiteksqlinjvuln.nasl 7573 2017-10-26 09:18:50Z cfischer $ Joomla Minitek FAQ Book 'id' Parameter SQL Injection Vulnerability Authors: Madhuri D Copyright:...

INFOPUBLICA Solutions SQL-i Vulnerability

Exploit for php platform in category web applications ========================================================================= INFOPUBLICA Solutions SQL-i Vulnerability ==========================================================================...

WordPress Star Rating SQL Injection

Wordpress "wp star rating" plugin SQL injection http://yourwordpress/wp-content/plugins/gd-star-rating/ajax.php?wpnonce=&votetype=cache&votedomain=a&votes=asr.1.xxx.1.2.5+limit+0+union+select+1,0x535242,1,1,co...

Ushahidi 2.0.1 SQL Injection

Ushahidi 2.0.1 range param SQL Injection Vulnerability post-auth Vendor: Ushahidi, Inc. Product web page: http://www.ushahidi.com Affected version: 2.0.1 Tunis Summary: The Ushahidi Platform is a platform for information collection, visualization and interactive mapping. Desc: Input passed via th...

docuFORM Mercury WebApp Multiple Cross-Site Scripting Vulnerabilities

This host is running docuFORM Mercury WebApplication is prone to multiple cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: secpoddocuformmercurywebappxssvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ docuFORM Mercury WebApp Multiple Cross-Site Scripting Vulnerabilities Authors:...

iCloudCenter JobSite PHP Script SQL Injection

========================================================================= ICloudCenter JobSite PHP Script SQL-i Vulnerability ========================================================================== +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= +=+=+= +=+=+=...

RT (Request Tracker) Multiple Vulnerabilities

This host is installed with Request Tracker and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbrtmultvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ RT Request Tracker Multiple Vulnerabilities Authors: Sooraj KS Copyright: Copyright c 2011 Greenbone Networks GmbH,...

Request Tracker 3.x < 3.8.9 Security Bypass and Information Disclosure

According to its self-reported version number, the Best Practical Solutions Request Tracker RT running on the remote web server is a version prior to 3.8.9. It is, therefore, potentially affected by the following vulnerabilities : - If an individual with a valid account logs out of Request Tracke...