3396 matches found
[SA12843] WowBB Forum Unspecified SQL Injection and Cross-Site Scripting
TITLE: WowBB Forum Unspecified SQL Injection and Cross-Site Scripting SECUNIA ADVISORY ID: SA12843 VERIFY ADVISORY: http://secunia.com/advisories/12843/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: WowBB Forum 1.x...
[SA12764] CubeCart "cat_id" SQL Injection Vulnerability
TITLE: CubeCart "catid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA12764 VERIFY ADVISORY: http://secunia.com/advisories/12764/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: CubeCart 2.x http://secunia.com/product/4021/ DESCRIPTION: Pedro Sanches h...
[SA12674] PeopleSoft HRMS Page Manipulation and Identity Spoofing
TITLE: PeopleSoft HRMS Page Manipulation and Identity Spoofing SECUNIA ADVISORY ID: SA12674 VERIFY ADVISORY: http://secunia.com/advisories/12674/ CRITICAL: Moderately critical IMPACT: Spoofing, Manipulation of data WHERE: From remote SOFTWARE: PeopleSoft Human Resources Management System HRMS 7.x...
[SA12672] RealOne Player / RealPlayer / Helix Player Multiple Vulnerabilities
TITLE: RealOne Player / RealPlayer / Helix Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA12672 VERIFY ADVISORY: http://secunia.com/advisories/12672/ CRITICAL: Highly critical IMPACT: Manipulation of data, System access WHERE: From remote SOFTWARE: RealPlayer 8...
[SA12609] YaBB Input Validation Vulnerabilities
TITLE: YaBB Input Validation Vulnerabilities SECUNIA ADVISORY ID: SA12609 VERIFY ADVISORY: http://secunia.com/advisories/12609/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: YaBB 1.x http://secunia.com/product/541/ DESCRIPTION: Two...
Multiple Safari bugs
Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information, Privilege escalation, DoS, System access...
phpMyAdmin 2.5.7 Remote code injection Exploit
No description provided by source. / phpmy-explt.c written by Nasir Simbolon nasir kecapi com eagle kecapi com Jakarta, Indonesia June, 10 2004 A phpMyAdmin-2.5.7 exploite program. This is a kind of mysql server wrapper acts like a proxy except that it will sends a fake table name, when client...
Belchior Foundry VCard 2.8 - Authentication Bypass
Belchior Foundry VCard 2.8 - Authentication Bypass source: https://www.securityfocus.com/bid/9910/info It has been reported that vCard is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow a malicious user access to certain admin...
Belchior Foundry VCard 2.8 - Authentication Bypass
source: https://www.securityfocus.com/bid/9910/info It has been reported that vCard is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow a malicious user access to certain admin functionality without having to first authenticate to the...
CERT Advisory CA-2003-05 Multiple Vulnerabilities in Oracle Servers
-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2003-05 Multiple Vulnerabilities in Oracle Servers Original release date: February 19, 2003 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Systems running Oracle9i Database...
Security Bulletin MS02-036: Authentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation (Q317138)
---------------------------------------------------------------------- Title: Authentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation Q317138 Date: 24 July 2002 Software: Microsoft Metadirectory Services 2.2 Impact: Elevation of privilege Max Risk: Medium Bulletin:...
Fuse Talk vulnerability
e-zonemedia's Fuse Talk is vulnerable to malicious SQL. Improper form sanitization makes it possible for any user to manipulate data as she feels fit. On the sign up form join.cfm is possible to pass a well crafted form variable to the action template it's the same template subsequently join.cfm...
Php variables passed from the browser are stored in global context
Overview Php is a dynamic scripting language used by programmers to develop webservers, message boards, chat applications and a variety of programs. By default php stores variables passed from the URL in a global context. Programmers often fail to change this setting which can allow serious...
TWIG SQL query bugs
I can't find the person who really in charge on developing twig, so I mail about this bug to the person who announce new version of twig about two month ago. -------------------------------------------------------------------------- Subject: Unquoted SQL query = potential damage Software package:...
rdC270201.adv.en
r 0 t t e n d e v 1 c e C r e w r0tten dev1ce Crew A r g e n t i n i a n S e c u r i t y G r o u p Argentinian Security Group ---------------------------------------:2:3:4:5:6:7:8:eee" | uuencode -m f begin-base64 644 f MDpBbm9ueW1vdXM6MjozOjQ6NTo2Ojc6ODplZWUK lynx...
Microsoft SQL Server 2008 R2 - PowerPivot for Microsoft Excel 2010 - Service Pack 1 (KB2639688)
Microsoft PowerPivot for Microsoft Excel 2010 provides ground-breaking technology, such as fast manipulation of large data sets often millions of rows, streamlined integration of data, and the ability to effortlessly share your analysis through Microsoft SharePoint 2010...