CVE-2012-2455

Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors...

CVE-2012-2455

Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors...

WordPress Plugin PHP Event Calendar - cid SQL Injection

WordPress Plugin PHP Event Calendar - cid SQL Injection source: https://www.securityfocus.com/bid/56478/info The PHP Event Calendar plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An...

WordPress Plugin Eco-annu - eid SQL Injection

WordPress Plugin Eco-annu - eid SQL Injection source: https://www.securityfocus.com/bid/56479/info The Eco-annu plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit th...

Design/Logic Flaw

Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269...

CVE-2012-3269

HP Performance Insight v5.31, v5.40 and v5.41 when configured with Sybase as the database contains a vulnerability enabling remote attackers to obtain sensitive information, modify data, or cause a denial of service. The issue is documented in HP’s security bulletin HPSBMU02827 (SSRT100924 rev.1)...

OrangeHRM - 'sortField' SQL Injection

source: https://www.securityfocus.com/bid/56417/info OrangeHRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...

OrangeHRM - sortField SQL Injection

OrangeHRM - sortField SQL Injection source: https://www.securityfocus.com/bid/56417/info OrangeHRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise t...

Inventory - Multiple Cross-Site Scripting / SQL Injections

source: https://www.securityfocus.com/bid/56293/info Inventory is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials...

Improper access control

The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors...

CVE-2012-5302

The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors...

CVE-2012-5302

CVE-2012-5302 affects TIBCO Formvine Server in versions 3.1.x and 3.2.x prior to 3.2.1, where improper access control could let remote attackers access or modify information via unspecified vectors. The TIBCO advisory confirms the issue and recommends upgrading Formvine to version 3.2.1 or newer ...

Interspire Email Marketer - Cross-Site Scripting / HTML Injection / SQL Injection

source: https://www.securityfocus.com/bid/55829/info Interspire Email Marketer is prone to the following input-validation vulnerabilities because it fails to properly sanitize user-supplied input: 1. An SQL injection vulnerabilities 2. Multiple HTML injection vulnerabilities 3. A cross-site...

Omnistar Mailer - Multiple SQL Injections / HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/55760/info Omnistar Mailer is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application,...

Design/Logic Flaw

Unspecified vulnerability in the REST services framework in IBM WebSphere Commerce 7.0 Feature Pack 4 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that modify data or cause a denial of service...

vBulletin 4.1.12 - blog_plugin_useradmin.php SQL Injection

vBulletin 4.1.12 - blogpluginuseradmin.php SQL Injection source: https://www.securityfocus.com/bid/55592/info VBulletin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attack...

TAGWORX.CMS - cid SQL Injection

TAGWORX.CMS - cid SQL Injection source: https://www.securityfocus.com/bid/55586/info TAGWORX.CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the...

FreeWebshop <= 2.2.9 Multiple SQLi and XSS Vulnerabilities - Active Check

FreeWebshop is prone to multiple SQL injection SQLi and cross- site scripting XSS vulnerabilities because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by th...

module): XXE by applying XSL stylesheet to the document

The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to...