Netrw 125 Vim Script Multiple Command Execution Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/30115/info Netrw is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Successfully exploiting these issues can allow an attacker to execute...

Magic Photo Storage Website admin/add_templates.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

Softbiz Dating Script 1.0 'cat_products.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35896/info Softbiz Dating Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

High Performance Computers Solutions Shopping Cart Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/21093/info High Performance Computers Solutions Shopping Cart is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting the...

ezContents 2.0.3 search.php GLOBALS[language_home] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote fi...

Free Simple Software SQL Injection Vulnerability

No description provided by source. 'Free Simple Software' SQL Injection Vulnerability CVE-2010-4298 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Free Simple Software' download module which allows for a 'UNION SELEC...

MyBulletinBoard RC4 member.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14553/info MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

53kf跨站漏洞（测试中标无数）

简要描述： 微博求交流... 详细说明： 进入www.53kf.com的网站找到类似于http://www.53kf.com/products/xxxxx.html 接着看图片 接着看受害者的用户，因为太多人了，不知道哪个是管理，所以没有渗透到后台，小菜闹笑话了 截止发文章前1天时间已有531个受害者当然包括自己，哈哈，我表示该网站流量太大了，所以还是会被有心之人利用的。 https://images.seebug.org/upload/201212/0918074...

Pro Clan Manager 0.4.2 - SQL Injection

source: https://www.securityfocus.com/bid/50794/info Pro Clan Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...

GeoClassifieds Lite 2.0.x - Multiple Cross-Site Scripting SQL Injections

GeoClassifieds Lite 2.0.x - Multiple Cross-Site Scripting SQL Injections source: https://www.securityfocus.com/bid/49475/info GeoClassifieds Lite is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based...

BlaherTech Placeto CMS - Username SQL Injection

BlaherTech Placeto CMS - Username SQL Injection source: https://www.securityfocus.com/bid/41190/info BlaherTech Placeto CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

FlexCMS 2.5 - CookieUsername Cookie SQL Injection

FlexCMS 2.5 - CookieUsername Cookie SQL Injection source: https://www.securityfocus.com/bid/36179/info FlexCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Banking@Home 2.1 - 'login.asp' Multiple SQL Injections

source: https://www.securityfocus.com/bid/33721/info Banking@Home is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access ...

Jetbox CMS 2.1 - admincmsimages.php?orderby SQL Injection

Jetbox CMS 2.1 - admincmsimages.php?orderby SQL Injection source: https://www.securityfocus.com/bid/31824/info Jetbox CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...

Jamroom 3.3.8 - Cookie Authentication Bypass

source: https://www.securityfocus.com/bid/30406/info Jamroom is prone to fourteen security vulnerabilities, including an authentication-bypass vulnerability that occurs because the application fails to verify user-supplied data. Very few technical details are available regarding the remaining...

XOOPS 'vacatures' Module - 'cid' SQL Injection

source: https://www.securityfocus.com/bid/27889/info XOOPS 'vacatures' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, acces...

AdMentor - Admin Login SQL Injection

source: https://www.securityfocus.com/bid/22281/info AdMentor is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...

Chatwm 1.0 - 'SelGruFra.asp' SQL Injection

source: https://www.securityfocus.com/bid/21732/info Chatwm is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access...

Messageriescripthp 2.0 - 'existeemail.php?email' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21513/info Messageriescripthp is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to...

Messageriescripthp 2.0 - existeemail.php?email Cross-Site Scripting

Messageriescripthp 2.0 - existeemail.php?email Cross-Site Scripting source: https://www.securityfocus.com/bid/21513/info Messageriescripthp is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize...