Netrw 125 Vim Script Multiple Command Execution Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/30115/info Netrw is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Successfully exploiting these issues can allow an attacker to execute...

Magic Photo Storage Website admin/add_templates.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

High Performance Computers Solutions Shopping Cart Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/21093/info High Performance Computers Solutions Shopping Cart is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting the...

Softbiz Dating Script 1.0 'cat_products.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35896/info Softbiz Dating Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

MyBulletinBoard RC4 member.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14553/info MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

Free Simple Software SQL Injection Vulnerability

No description provided by source. 'Free Simple Software' SQL Injection Vulnerability CVE-2010-4298 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Free Simple Software' download module which allows for a 'UNION SELEC...

ezContents 2.0.3 search.php GLOBALS[language_home] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote fi...

53kf跨站漏洞（测试中标无数）

简要描述： 微博求交流... 详细说明： 进入www.53kf.com的网站找到类似于http://www.53kf.com/products/xxxxx.html 接着看图片 接着看受害者的用户，因为太多人了，不知道哪个是管理，所以没有渗透到后台，小菜闹笑话了 截止发文章前1天时间已有531个受害者当然包括自己，哈哈，我表示该网站流量太大了，所以还是会被有心之人利用的。 https://images.seebug.org/upload/201212/0918074...

Pro Clan Manager 0.4.2 - SQL Injection

source: https://www.securityfocus.com/bid/50794/info Pro Clan Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...

GeoClassifieds Lite 2.0.x - Multiple Cross-Site Scripting SQL Injections

GeoClassifieds Lite 2.0.x - Multiple Cross-Site Scripting SQL Injections source: https://www.securityfocus.com/bid/49475/info GeoClassifieds Lite is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based...

BlaherTech Placeto CMS - Username SQL Injection

BlaherTech Placeto CMS - Username SQL Injection source: https://www.securityfocus.com/bid/41190/info BlaherTech Placeto CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

FlexCMS 2.5 - CookieUsername Cookie SQL Injection

FlexCMS 2.5 - CookieUsername Cookie SQL Injection source: https://www.securityfocus.com/bid/36179/info FlexCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Banking@Home 2.1 - 'login.asp' Multiple SQL Injections

source: https://www.securityfocus.com/bid/33721/info Banking@Home is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access ...

Jetbox CMS 2.1 - admincmsimages.php?orderby SQL Injection

Jetbox CMS 2.1 - admincmsimages.php?orderby SQL Injection source: https://www.securityfocus.com/bid/31824/info Jetbox CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...

Jamroom 3.3.8 - Cookie Authentication Bypass

source: https://www.securityfocus.com/bid/30406/info Jamroom is prone to fourteen security vulnerabilities, including an authentication-bypass vulnerability that occurs because the application fails to verify user-supplied data. Very few technical details are available regarding the remaining...

XOOPS 'vacatures' Module - 'cid' SQL Injection

source: https://www.securityfocus.com/bid/27889/info XOOPS 'vacatures' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, acces...

AdMentor - Admin Login SQL Injection

source: https://www.securityfocus.com/bid/22281/info AdMentor is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...

Chatwm 1.0 - 'SelGruFra.asp' SQL Injection

source: https://www.securityfocus.com/bid/21732/info Chatwm is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access...

Messageriescripthp 2.0 - 'existeemail.php?email' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21513/info Messageriescripthp is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to...

Messageriescripthp 2.0 - existeemail.php?email Cross-Site Scripting

Messageriescripthp 2.0 - existeemail.php?email Cross-Site Scripting source: https://www.securityfocus.com/bid/21513/info Messageriescripthp is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize...