CVE-2011-5090

GR Board aka grboard 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to 1 modrewrite.php, 2 commentwriteok.php, 3 poll/index.php, 4 update/index.php, 5 trackback.php, or 6 an arbitrary...

CVE-2011-5090

GR Board (grboard) version 1.8.6.5 Community Edition exposes an unauthenticated ability to modify or delete data via specific endpoints: mod_rewrite.php, comment_write_ok.php, poll/index.php, update/index.php, trackback.php, or an arbitrary poll.php under theme/. The issue stems from missing auth...

WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/53531/info Pretty Link Lite plugin for WordPress is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow an attacker to steal cookie-based...

Galette SQL Injection

Source: http://www.securityfocus.com/bid/53463/info Galette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, ...

MyBB 1.6.7之前版本多个安全漏洞

BUGTRAQ ID: 53417 MyBB是一款流行的Web论坛程序。 MyBB 1.6.7之前版本在实现上存在多个安全漏洞，成功利用后可允许攻击者执行任意脚本代码、窃取Cookie身份验证凭证、控制应用、访问或修改数据或利用底层数据库中的其他漏洞并访问敏感数据。 0 MyBB 1.6.x MyBB 1.4.x 厂商补丁： MyBB ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mybboard.com/...

OrangeHRM 2.7 RC - index.php?URI Cross-Site Scripting

OrangeHRM 2.7 RC - index.php?URI Cross-Site Scripting source: https://www.securityfocus.com/bid/53433/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication...

OrangeHRM 2.7 RC - 'index.php?URI' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53433/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify...

OrangeHRM 2.7 RC - '/plugins/ajaxCalls/haltResumeHsp.php?newHspStatus' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53433/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify...

OrangeHRM 2.7 RC - '/templates/hrfunct/emppop.php?sortOrder1' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53433/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify...

Lynx Message Server - Multiple Vulnerabilities

Summary The Micro Technology Services Inc. "Lynx Message Server 7.11.10.2" and/or "LynxTCPService version 1.1.62" web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems. 2. Description Lynx is a "Facility wide Duress and Emergency Notification" system...

Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/53268/info concrete5 is prone to information-disclosure, SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to harvest sensitive information, compromi...

Joomla! Component CCNewsLetter 1.0.7 - 'id' SQL Injection

source: https://www.securityfocus.com/bid/53208/info The CCNewsLetter module for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the applicatio...

Code injection

Unspecified vulnerability in HP System Management Homepage SMH before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors...

CVE-2012-1993

HP System Management Homepage (SMH) prior to version 7.0 is affected by an unspecified vulnerability that allows local users to modify data or obtain sensitive information via unknown vectors. The public material provided does not specify the root cause, exact vulnerable components, affected vers...

Seditio CMS 165 - 'plug.php' SQL Injection

source: https://www.securityfocus.com/bid/53036/info Seditio CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

Sourcefabric Newscoop Multiple Cross Site Scripting and SQL Injection Vulnerabilities

Sourcefabric Newscoop is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Exploiting these issues could allow an attacker to steal cookie- based authentication...

Matterdaddy Market 1.1 - cat_name Multiple SQL Injections

Matterdaddy Market 1.1 - catname Multiple SQL Injections source: https://www.securityfocus.com/bid/52970/info Matterdaddy Market is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit ma...

Sourcefabric Newscoop <= 3.5.4 Multiple Vulnerabilities - Active Check

Sourcefabric Newscoop is prone to multiple cross-site scripting XSS and SQL injection SQLi vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpte...

osCMax 2.5 - admingeo_zones.php?zID Cross-Site Scripting

osCMax 2.5 - admingeozones.php?zID Cross-Site Scripting source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

osCMax 2.5 - adminlogin.php?Username Cross-Site Scripting

osCMax 2.5 - adminlogin.php?Username Cross-Site Scripting source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting thes...