849 matches found
Mambo CMS 4.6.x (4.6.5) SQL Injection Vulnerability
No description provided by source. ========================================= Mambo CMS 4.6.x 4.6.5 | SQL Injection ========================================= 1. OVERVIEW Mambo CMS 4.6.5 and lower versions are vulnerable to SQL Injection. 2. BACKGROUND Mambo is a full-featured, award-winning conten...
FLABER <= 1.1 RC1 Remote Command Execution Exploit
No description provided by source. ?php / -------------------------------------------------- FLABER = 1.1 RC1 Remote Command Execution Exploit -------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://sourceforge.net/projects/flaber -...
yourplace <= 1.0.2 - Multiple Vulnerabilities + rce exploit
No description provided by source. START 0x01 Informations: Script : YourPlace 0.5 beta 1 Download : http://www.hotscripts.com/jump.php?listingid=80545&jumptype=1 Vulnerability : DB Disclosure / Arbitrary Data Saving RCE EXPLOIT / Arbitrary File Upload / PHPInfo Disclosure / User Change Account...
NoticeBoardPro 1.0 - Multiple Vulnerabilities
No description provided by source. ------------------------------------------------------------------------ Software................NoticeBoardPro 1.0 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://www.NoticeBoardPro.com/ Discovery...
Support Incident Tracker <= 3.65 Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
IceWarp Web Mail 5.3 login.html username Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/12396/info Multiple remote vulnerabilities reportedly affect IceWarp Web Mail. The underlying issues are due to input and access validation errors. Multiple cross-site scripting and HTML injection vulnerabilities affect t...
Graugon Forum 1.3 - SQL Injection Vulnerability
No description provided by source. !------------------------------------------------------------------------ Software................Graugon Forum 1.3 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://www.graugon.com/ Discovery...
Clipbucket 2.4 RC2 645 SQL Injection Vulnerability
No description provided by source. ------------------------------------------------------------------------ Software................Clipbucket 2.4 RC2 645 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://www.clip-bucket.com/ Discovery...
Wimpy MP3 Player 5 Text File Overwrite Weakness
No description provided by source. source: http://www.securityfocus.com/bid/16696/info Wimpy MP3 is prone to a weakness that permits the overwriting of a text file with arbitrary attacker-supplied data. Successful exploitation of this issue may aid an attacker in further attacks. The following...
Participants Database Plugin for WordPress 'query' Parameter SQL Injection
The Participants Database Plugin for WordPress installed on the remote host is affected by a SQL injection vulnerability due to a failure to properly sanitize user-supplied input to the 'query' parameter in the pdb-signup script. An unauthenticated, remote attacker can exploit this issue to injec...
Sendy 1.1.9.1 - SQL Injection Vulnerability
Sendy contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the /send-to script not properly sanitizing user-supplied input to the "c" parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the...
Xerox DocuShare SQLi Vulnerability (Apr 2014) - Active Check
Xerox DocuShare is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
ClipBucket <= 2.6 Multiple Vulnerabilities - Active Check
ClipBucket is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oxygenz:clipbucket"; ifdescripti...
Symantec LiveUpdate Administrator < 2.3.2.110 Multiple Vulnerabilities (SYM14-005)
The version of Symantec LiveUpdate Administrator 2.x hosted on the remote web server is prior to 2.3.2.110 2.3.2.1. It is, therefore, affected by the following vulnerabilities : - A flaw exists with the forgotten password functionality where the password for an authorized user account can be...
MantisBT 1.1.0 < 1.2.16 Multiple Vulnerabilities
According to its version number, the MantisBT install hosted on the remote web server is 1.1.0 or later but prior to 1.2.16. It is, therefore, affected by multiple vulnerabilities: - A cross-site scripting flaw exists with the 'accountsponsorpage.php' where the 'projectid' parameter is not...
Design/Logic Flaw
Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors...
CVE-2014-0844
Unspecified vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to read arbitrary data via unknown vectors...
[iBliss Security Advisory] Blind SQL injection vulnerability in NOSpamPTI wordpress plugin
NOSpamPTI Wordpress plugin Blind SQL Injection Vendor product description NOSpamPTI eliminates the spam in your comment box so strong and free, developed from the idea of Nando Vieira a href="http://bit.ly/d38gB8" rel="nofollow"http://bit.ly/d38gB8/a, but some themes do not support changes to the...
WordPress NOSpamPTI 2.1 Blind SQL Injection
NOSpamPTI Wordpress plugin Blind SQL Injection Vendor product description NOSpamPTI eliminates the spam in your comment box so strong and free, developed from the idea of Nando Vieira http://bit.ly/d38gB8, but some themes do not support changes to the functions.php to this we alter this function...
LeagueManager Plugin for WordPress 'wp-admin/admin.php' 'league_id' Parameter SQL Injection
The WordPress LeagueManager plugin installed on the remote host is affected by a SQL injection vulnerability due to a failure to properly sanitize user-supplied input to the 'leagueid' parameter of the '/wp-admin/admin.php' script. A remote, unauthenticated attacker can leverage this issue to...