57 matches found
Atutor SQL Injection Vulnerability (CNVD-2017-24615)
ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. Atutor SQL Injection Vulnerability. Allows attackers to exploit vulnerabilities to access or modify data,...
CVE-2017-3571
CVE-2017-3571 affects Oracle PeopleSoft Enterprise SCM eBill Payment (component: Security) version 9.2. A vulnerability allows a high-privilege attacker with network access via HTTP to compromise the SCM eBill Payment component, potentially enabling unauthorized creation, deletion or modification...
Joomla Blog Calender 'index.php' SQL Injection Vulnerability
Joomla! is an open source content management system CMS. A SQL injection vulnerability exists in Joomla Blog Calender 'index.php'. Due to the program failing to adequately validate user-supplied input before using it in a SQL query. Successful exploitation of this vulnerability would allow an...
Mini Notice Board SQL Injection Vulnerability
Mini Notice Board 1.1 is an online bulletin board application that primarily facilitates the posting of trading announcements. A SQL injection vulnerability exists in the addcard.php page of Mini Notice Board version 1.1, which can be exploited by an attacker to compromise the application, access...
TYPO3 GN Tactics Planner Extension SQL Injection Vulnerability
TYPO3 is a free and open source content management system. A SQL injection vulnerability exists in TYPO3 GN Tactics Planner Extension due to the program failing to adequately clean up user input. An attacker could exploit the vulnerability to access or modify data...
Symphony SQL Injection Vulnerability (CNVD-2016-05127)
Symphony is a content management system CMS developed using PHP and MySQL. A SQL injection vulnerability exists in Symphony, which can be exploited by an attacker to take full control of the program and access or modify data...
LG NAS N1A1 has multiple security vulnerabilities
The LG NAS N1A1 is a network storage device developed by the South Korean Lakin LG Group. Arbitrary file upload/download, security bypass, SQL injection, and unauthorized operation vulnerabilities exist in the Familycast service in the LG NAS N1A1 version 10119, which can be exploited by an...
CVE-2016-2968
IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors...
Unspecified Vulnerability in Oracle E-Business Suite Oracle E-Business Intelligence Definition Component (CNVD-2016-00641)
Oracle E-Business Suite is a new generation of e-business suite from Oracle. An unspecified security vulnerability exists in the Oracle E-Business Suite Oracle E-Business Intelligence Common component, which could be exploited by remote attackers to submit a special request to access and modify...
Joomla! com_memorix component 'index.php' SQL Injection Vulnerability
Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the Joomla commemorix component 'index.php'. The vulnerability exists becau...
Magic Calendar Lite 1.02 Index.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16734/info Magic Calendar Lite is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
Pixie CMS Multiple Vulnerabilities (Mar 2009) - Active Check
Pixie CMS is prone to an SQL injection SQLi vulnerability and a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C b...
Prozilla Software Index 1.1 - SQL Injection
Prozilla Software Index 1.1 - SQL Injection source: https://www.securityfocus.com/bid/28677/info Prozilla Software Index is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
Ohesa Emlak Portal 1.0 - satilik.asp?Kategori SQL Injection
Ohesa Emlak Portal 1.0 - satilik.asp?Kategori SQL Injection source: https://www.securityfocus.com/bid/25880/info Ohesa Emlak Portal is prone to multiple SQL-injection vulnerabilities because it fails to adequately sanitize user-supplied input before using it in an SQL query. A successful exploit...
phpWebSite 0.8.20.8.3 - friend.php?sid SQL Injection
phpWebSite 0.8.20.8.3 - friend.php?sid SQL Injection source: https://www.securityfocus.com/bid/17150/info phpWebSite is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A...
CVE-2004-1633
processbug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter...
EasyNews 1.5 - NewsDatabase/Template Modification
source: https://www.securityfocus.com/bid/3643/info EasyNews is a free, open-source script for displaying news stories on a website. EasyNews is prone to a vulnerability which may allow a remote attacker to modify information in its Newsdatabase. As a result, a remote attacker may post unmoderate...