CVE-2014-3896

Multiple cross-site request forgery CSRF vulnerabilities in CGI programs in Seeds acmailer before 3.8.17 and 3.9.x before 3.9.10 Beta allow remote attackers to hijack the authentication of arbitrary users for requests that modify or delete data, as demonstrated by modifying data affecting...

WordPress Plugin FB Gorilla - game_play.php SQL Injection

WordPress Plugin FB Gorilla - gameplay.php SQL Injection source: https://www.securityfocus.com/bid/69222/info FB Gorilla plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to compromise...

Ilya Birman E2 - @actionscomment-process SQL Injection

Ilya Birman E2 - @actionscomment-process SQL Injection source: https://www.securityfocus.com/bid/68843/info Ilya Birman E2 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to compromise the application,...

OL-Commerce - OL-Commerceadmincreate_account.php?entry_country_id SQL Injection

OL-Commerce - OL-Commerceadmincreateaccount.php?entrycountryid SQL Injection source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplie...

Fonality trixbox - asterisk_info.php Directory Traversal

Fonality trixbox - asteriskinfo.php Directory Traversal source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting...

Fonality trixbox - index.php Directory Traversal

Fonality trixbox - index.php Directory Traversal source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

Fonality trixbox - repo.php Directory Traversal

Fonality trixbox - repo.php Directory Traversal source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

OL-Commerce - '/OL-Commerce/affiliate_show_banner.php?affiliate_banner_id' SQL Injection

source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...

OL-Commerce - '/OL-Commerce/admin/create_account.php?entry_country_id' SQL Injection

source: https://www.securityfocus.com/bid/68719/info ol-commerce is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal...

CVE-2014-2622

CVE-2014-2622 affects HP Intelligent Management Center (iMC) prior to 7.0 E02020P03 and HP Branch Intelligent Management System (BIMS) prior to 7.0 E0201P02, enabling remote authenticated attackers to obtain sensitive information or modify data via unknown vectors (ZDI-CAN-2312). The accompanying...

InvGate Service Desk 4.2.36 SQL Injection Vulnerability

InvGate Service Desk version 4.2.36 suffers from multiple remote SQL injection vulnerabilities. InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL...

InvGate Service Desk 4.2.36 SQL Injection

InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL injections as an authenticated, but non-privileged end-user role user. Most are also stacked injections...

WordPress BSK PDF Manager Plugin 'wp-admin/admin.php' Multiple SQL Injection Vulnerabilities

WordPress BSK PDF Manager Plugin 'wp-admin/admin.php' Multiple SQL Injection Vulnerabilities. CVE-2014-4944. Webapps exploit for php platform source: http://www.securityfocus.com/bid/68488/info BSK PDF Manager plugin for WordPress is prone to multiple SQL-injection vulnerabilities because it fail...

CVE-2014-0868

RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by...

Input validation

RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by...

Klf-Realty 2.0 search_listing.asp Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21199/info Klf-Realty is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...

MusicBox 2.3 index.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/17149/info MusicBox is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly saniti...

WebCalendar 1.0.1 - Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/15662/info WebCalendar is prone to multiple SQL injection vulnerabilities. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other...

MRBS 1.2.x 'view_entry.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26977/info MRBS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

SweetCMS 1.5.2 'index.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31774/info SweetCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the application, access or modify data,...