5292 matches found
MyBlog 1.x - SQL Injection and Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/28313/info MyBlog is prone to multiple input-validation vulnerabilities, including: - Multiple SQL-injection vulnerabilities - Multiple remote file-include vulnerabilities - A privilege-escalation vulnerability An attacke...
TalentSoft Web+ 4.x Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1102/info Web+ is an e-commerce server designed to run under a webserver, to provide web storefronts. The various scripts that are required to do this are specified to the webpsvr daemon via a 'script' variable passed to...
CuteNews 1.4.6 index.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that...
osCommerce 3.0a5 Local File Include and HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/39820/info osCommerce is prone to a local file-include vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include...
NAI Net Tools PKI Server 1.0 strong.exe Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1536/info Certain versions of Network Associates Inc.'s Net Tools PKI Public Key Infrastructure server ship with a buffer overflow vulnerability which could lead to a remote compromise of the system running the PKI server...
EServ 2.9x Password-Protected File Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3838/info EServ is a combination Mail, News, Web, FTP and Proxy Server for Microsoft Windows 9x/NT/2000 systems. It is possible to construct a web request which is capable of accessing the contents of password protected...
PHPX 3.5.15/3.5.16 forums.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...
CF Image Hosting Script 1.1 'upload.php' Arbitrary File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/39870/info CF Image Hosting Script is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and run ...
PHPX 3.5.15/3.5.16 gallery.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...
SIRE 2.0 - Arbitrary File Upload Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17431/info SIRE is prone to an arbitrary file-upload vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate...
LedgerSMB1.0/1.1,SQL-Ledger 2.6.x Login Parameter Local File Include And Authentication Bypass Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/23034/info LedgerSMB/SQL-Ledger are prone to a local file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. SQL-Ledger is also prone to an authentication-bypass vulnerabilit...
CuteNews 1.4.6 editnews Module doeditnews Action Admin Moderation Bypass
No description provided by source. source: http://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that...
1C: Arcadia Internet Store 1.0 Show Path Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2904/info 1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of the components of this...
PHPOpenChat 2.3.4/3.0.1 PoC_loginform.php phpbb_root_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/12817/info PHPOpenChat is prone to multiple remote file-include vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the...
W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/23055/info w-Agora is prone to multiple arbitrary file-upload vulnerabilities. An attacker can exploit these vulnerabilities to upload PHP script code and execute it in the context of the webserver process. w-Agora 4.2.1 ...
Cart32 6.x GetImage Arbitrary File Download Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25928/info Cart32 is prone to an arbitrary-file-download vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files within the...
CH-CMS.ch 2 Multiple Arbitrary File Upload Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/39888/info CH-CMS.ch is prone to multiple arbitrary-file-upload vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to upload arbitrary code and run it ...
Reporter 1.0 Mambo Component Reporter.sql.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19553/info Reporter a Mambo component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files...
Computer Software Manufaktur Alibaba 2.0 - Multiple CGI Vulnerabilties
No description provided by source. source: http://www.securityfocus.com/bid/770/info There are several CGI programs that ship with the Alibaba webserver. Many of these do not do proper input handling, and therefore will allow requests for access to files outside of normal or safe webserver...
Insanely Simple Blog 0.4/0.5 Blog Anonymous Blog Entry XSS
No description provided by source. source: http://www.securityfocus.com/bid/24934/info Insanely Simple Blog is prone to multiple input-validation vulnerabilities, including cross-site scripting, HTML-injection, and SQL-injection issues, because the application fails to properly sanitize...