10471 matches found
[security bulletin] HPSBGN02787 SSRT100876 rev.1 - HP AssetManager, Remote Cross Site Scripting (XSS) and Unauthorized Data Modification
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03403333 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03403333 Version: 1 HPSBGN02787...
Open Source Smart Meter Hacking Framework can Hack into the Power Grid
A researcher specializing in smart grids has released an open-source tool designed to assess the security of smart meters. Dubbed 'Termineter,' the framework would allow users, such as grid operators and administrators, to test smart meters for vulnerabilities. It claims will let security...
Event Calender PHP - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/54455/info Event Calender PHP is prone to multiple input validation vulnerabilities. Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, acce...
CVE-2011-4298
Multiple cross-site request forgery CSRF vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data...
Code injection
Unspecified vulnerability in HP System Management Homepage SMH before 7.1.1 allows remote attackers to cause a denial of service, or possibly obtain sensitive information or modify data, via unknown vectors...
LIOOSYS CMS - SQL Injection Information Disclosure
LIOOSYS CMS - SQL Injection Information Disclosure source: https://www.securityfocus.com/bid/54239/info LIOOSYS CMS is prone to an SQL-injection vulnerability and an information-disclosure vulnerability. Exploiting these issues could allow an attacker to obtain sensitive information, compromise t...
Simple Document Management System 1.1.5 - Multiple SQL Injections
source: https://www.securityfocus.com/bid/54043/info Simple Document Management System is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...
Joomla! Component JCal Pro Calendar - SQL Injection
Joomla! Component JCal Pro Calendar - SQL Injection source: https://www.securityfocus.com/bid/54042/info The JCal Pro Calendar component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting...
Joomla! Component JCal Pro Calendar - SQL Injection
source: https://www.securityfocus.com/bid/54042/info The JCal Pro Calendar component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
NetArt Media Jobs Portal - SQL Injection
NetArt Media Jobs Portal - SQL Injection source: https://www.securityfocus.com/bid/54026/info NetArt Media Jobs Portal is prone to multiple HTML-injection vulnerabilities and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues...
XAMPP for Windows 1.7.7 - Multiple Cross-Site Scripting / SQL Injections
source: https://www.securityfocus.com/bid/53979/info XAMPP for Windows is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access...
Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload
source: https://www.securityfocus.com/bid/53944/info The Joomsport component for Joomla! is prone to an SQL-injection vulnerability and an arbitrary file-upload vulnerability because it fails to sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the...
MyBB 'member.php' SQLi Vulnerability
MyBB is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb"; ifdescription...
MyBB 1.6.8 - member.php SQL Injection
MyBB 1.6.8 - member.php SQL Injection source: https://www.securityfocus.com/bid/53814/info MyBB is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromi...
Ignite Solutions CMS - 'car-details.php' SQL Injection
source: https://www.securityfocus.com/bid/53771/info Ignite Solutions CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...
CVE-2011-5090
GR Board aka grboard 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to 1 modrewrite.php, 2 commentwriteok.php, 3 poll/index.php, 4 update/index.php, 5 trackback.php, or 6 an arbitrary...
CVE-2011-5090
GR Board aka grboard 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to 1 modrewrite.php, 2 commentwriteok.php, 3 poll/index.php, 4 update/index.php, 5 trackback.php, or 6 an arbitrary...
CVE-2011-5090
GR Board aka grboard 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to 1 modrewrite.php, 2 commentwriteok.php, 3 poll/index.php, 4 update/index.php, 5 trackback.php, or 6 an arbitrary...
CVE-2011-5090
GR Board (grboard) version 1.8.6.5 Community Edition exposes an unauthenticated ability to modify or delete data via specific endpoints: mod_rewrite.php, comment_write_ok.php, poll/index.php, update/index.php, trackback.php, or an arbitrary poll.php under theme/. The issue stems from missing auth...
WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting
source: https://www.securityfocus.com/bid/53531/info Pretty Link Lite plugin for WordPress is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow an attacker to steal cookie-based...