Sql injection

SQL injection vulnerability in the 1 casinobase comcasinobase, 2 casinoblackjack comcasinoblackjack, and 3 casinovideopoker comcasinovideopoker components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php...

CVE-2009-2239

SQL injection vulnerability in the 1 casinobase comcasinobase, 2 casinoblackjack comcasinoblackjack, and 3 casinovideopoker comcasinovideopoker components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.cgi in Barracuda Spam Firewall BSF before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or...

HP OpenView Select Identity Connectors本地信息泄漏漏洞

BUGTRAQ ID: 31024 CVE ID: CVE-2008-3539 CNCVE ID：CNCVE-20083539 HP OpenView Select Identity Connectors是一款身份管理解决方案包含的组件。 Windows平台下的HP OpenView Select Identity Connectors存在未明安全问题，本地攻击者可以利用漏洞获得敏感信息。 目前没有详细漏洞细节提供。 HP HPSI TOPSecret Connector 2.22.1 HP HPSI SunOne Connector 1.14 HP HPSI RACF Connecto...

[20080904] - Core - Redirect Spam

Several components utilize a passed in URL to redirect to after processing. These URLs are not validated prior to the redirect. A crafted URL can cause the system to redirect to a spam or phishing site...

joomlawmtport-rfi.txt

wmtportfolio joomla component 1.0 Remote File Include Vulnerability Component : comwmtportfolio version 1.0 Download script : http://www.webmaster-tips.net/ Dicovered by : NoGe Contact : [email protected]...

Joomla! Component Restaurante - Arbitrary File Upload

Joomla Component Restaurante = Remote File Upload Vulnerability found by : Cold z3ro Homepage : www.hackteach.org , www.xp10.com ================================================================ @@ joomla/index.php?option=comrestaurante&task=upload...

Joomla! 1.5 Beta1/Beta2/RC1 - SQL Injection

!/usr/bin/php -q -d shortopentag=on getPageParameters; switch $params-get'filtertype', 'title' case 'title' : $where .= ' AND LOWER a.title LIKE '%'.$filter.'%''; break; case 'author' : $where .= ' AND LOWER u.name LIKE '%'.$filter.'%' OR LOWER a.createdbyalias LIKE '%'.$filter.'%' '; break;...

It is possible to see components without logging in

It is possible to see project's components without logging in by just guessing urls, e.g. jira-installation/browse/KEY/component/10881. This will show all the information written on component issues are not shown. This should be restricted so that it is impossible to see any project information...

It is possible to see components without logging in

It is possible to see project's components without logging in by just guessing urls, e.g. jira-installation/browse/KEY/component/10881. This will show all the information written on component issues are not shown. This should be restricted so that it is impossible to see any project information...

Apple Safari 3 for Windows - Protocol Handler Command Injection

Apple Safari 3 for Windows - Protocol Handler Command Injection source: https://www.securityfocus.com/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to an...

AROUNDMe 0.7.7 Multiple Remote File Inclusion Vulnerabilities

No description provided by source. AROUNDMe 077 Found by kezzap66345 Script Download:http://download.savannah.gnu.org/releases/aroundme/aroundme077.tar.gz ERROR1: File:\components\core\inc\coreprofile.header.php includeonce$languagepathcore . 'inc/mecommon.inc.php'; rfi coded RFI1:...

Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090)

Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer 928090 Published: February 13, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

CVE-2006-5614

CVE-2006-5614 concerns Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2 with Internet Connection Sharing enabled. The vulnerability allows remote attackers to trigger a denial-of-service (svchost.exe crash) by sending a malformed DNS query that leads to a null pointer dere...

Mambo Component Mam-Moodle alpha - Remote File Inclusion

Mambo Component Mam-Moodle alpha - Remote File Inclusion Mam - Moodle Remote File Include ------------------------------------------------------------------------------------ Bug Found by: jank0 greetz: hackbsd crew risk: dangerous this bug allows a remote atacker to execute commands via rfi path...

TIBCO Rendezvous daemon components contain a buffer overflow in the HTTP administrative interface

Overview A vulnerability in the TIBCO Rendezvous daemon components may allow a remote attacker to execute arbitrary code on an affected system. Description TIBCO Rendezvous is a distributed messaging software platform. A buffer overflow vulnerability has been discovered in the HTTP administrative...

CVE-2006-0599

The 1 elog.c and 2 elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames...

McAfee Intrushield IPS Abuse Update is available

HI, The IntruShield Manager version 2.1.9.17 contains several updates that correct the vulnerable components that were targeted. IntruShield customers may download the new manager version from: http://www.mcafeesecurity.com/us/downloads/default.asp?wt.mcn=usupdates&wt.mct=extlicon&cid=10373 On 6...