Three Vulnerabilities Exist in HP's Insight Diagnostics

There are multiple vulnerabilities in HP’s Insight Diagnostics server management tool that could be exploited by an attacker to run code and let them take over an infected computer. There is currently no fix available for the problem. According to an alert from the CERT Coordination Center,...

NConf delete_attr.php id Parameter SQL Injection

The version of the NConf installed on the remote host is affected by a SQL injection vulnerability because it fails to properly sanitize user-supplied input to the 'id' parameter of the 'deleteattr.php' script. An attacker may be able to leverage this to manipulate data in the back-end database o...

Wordpress Level Four Storefront Plugin SQL Injection Vulnerability

This host is installed with Wordpress Level Four Storefront Plugin and is prone to sql injection vulnerability. OpenVAS Vulnerability Test $Id: gbwordpresslevelfourstorefrontsqlinjvuln.nasl 6115 2017-05-12 09:03:25Z teissa $ Wordpress Level Four Storefront Plugin SQL Injection Vulnerability...

Design/Logic Flaw

editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sysrequestid parameter...

CVE-2012-0866

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on...

Postfixadmin 2.3.4 SQL Injection / Cross Site Scripting

Advisory ID: CSA-12002 Title: Multiple vulnerabilities in postfixadmin Product: postfixadmin Version: 2.3.4 and probably prior Vendor: www.postifixadmin.org Vulnerability type: SQL injection, XSS Vendor notification: 2012-01-10 Public disclosure: 2012-01-26 postfixadmin version 2.3.4 and probably...

AlstraSoft EPay Enterprise v4.0 Blind SQL Injection

Exploit for php platform in category web applications Exploit Title: AlstraSoft EPay Enterprise v4.0 Blind SQL Injection Google Dork: Copyright @ 2010 iPayGold.com Date: Decembar/6/2011 Author: Don BalcanCrew & BalcanHack Software Link: http://www.alstrasoft.com/epayenterprise.htm Version: 4.0...

V-CMS 1.0 SQL Injection

------------------------------------------------------------------------ Software................V-CMS 1.0 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://v-cms.org/ Discovery Date..........11/13/2011 Tested On...............Windows Vista ...

Support Incident Tracker 3.65 Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Support Incident...

Ubuntu 10.04 LTS / 10.10 : xorg-server vulnerability (USN-1232-3)

USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support, and USN-1232-2 was released to temporarily disable the problematic security fix. This update includes a revised fix for CVE-2010-4818. We apologize for the inconvenience. ...

Ubuntu 10.04 LTS : xorg-server regression (USN-1232-2)

USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support. This update temporarily disables the fix for CVE-2010-4818 that introduced the regression. We apologize for the inconvenience. It was discovered that the X server...

Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : xorg-server vulnerabilities (USN-1232-1)

It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10...

USN-1232-1: X.Org X server vulnerabilities

It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10...

Mambo 4.6.x 4.6.5 - SQL Injection

Mambo 4.6.x 4.6.5 - SQL Injection ========================================= Mambo CMS 4.6.x 4.6.5 | SQL Injection ========================================= 1. OVERVIEW Mambo CMS 4.6.5 and lower versions are vulnerable to SQL Injection. 2. BACKGROUND Mambo is a full-featured, award-winning content...

Buffer overflow

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the pngrgbtogray function but not the pngsetexpand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and...

Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol

Overview When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data. Impact A remote attacker could insert arbitrary data on the top of communication data. Solution Please refer to the 'Vendor Information' section for the officia...

Clipbucket 2.4 RC2 645 SQL Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ Software................Clipbucket 2.4 RC2 645 Vulnerability...........SQL Injection Threat Level............Critical 4/5...

Clipbucket 2.4 RC2 645 - SQL Injection

Clipbucket 2.4 RC2 645 - SQL Injection ------------------------------------------------------------------------ Software................Clipbucket 2.4 RC2 645 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://www.clip-bucket.com/ Discovery...

Clipbucket 2.4 RC2 645 - SQL Injection

------------------------------------------------------------------------ Software................Clipbucket 2.4 RC2 645 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://www.clip-bucket.com/ Discovery Date..........5/23/2011 Tested...

Tickets 2.13 SQL Injection Vulnerability

No description provided by source. !------------------------------------------------------------------------ Software................Tickets 2.13 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://www.ticketscad.org/ Discovery...