MYRE Real Estate Software 'findagent.php' Cross Site Scripting and SQL Injection Vulnerabilities

MYRE Real Estate Software is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the...

MYRE Real Estate Software Cross Site Scripting / SQL Injection

Title : MYRE Real Estate Software Multiple XSS and SQL Injection Vulnerabilities Author : Sooraj K.S SecPod Technologies www.secpod.com Vendor : http://myrephp.com Advisory : http://secpod.org/blog/?p=346 http://secpod.org/advisories/SECPODMRSSQLXSSVuln.txt Software : MYRE Real Estate Software Da...

Code injection

Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL...

CVE-2011-3134

CVE-2011-3134 affects TIBCO Spotfire Server 3.0.x (before 3.0.2), 3.1.x (before 3.1.2), 3.2.x (before 3.2.1), 3.3.x (before 3.3.1) and Spotfire Analytics Server before 10.1.1. The reported issue is a SQL injection vulnerability exploitable via a crafted URL that allows remote attackers to modify ...

CVE-2011-3134

Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL...

Mambo Component N-Gallery - SQL Injection

Mambo Component N-Gallery - SQL Injection source: https://www.securityfocus.com/bid/49418/info The Mambo CMS N-Gallery component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could all...

Mambo Component N-Myndir - SQL Injection

source: https://www.securityfocus.com/bid/49424/info The Mambo CMS N-Myndir component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the applicatio...

'research_display.php' SQL Injection Vulnerability

researchdisplay.php is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Aimluck Aipo before 4.0.4.0, and Aipo for ASP before 4.0.4.0, allows remote attackers to hijack the authentication of administrators for requests that modify data...

Code Widgets DataBound Index Style Menu - category.asp SQL Injection

Code Widgets DataBound Index Style Menu - category.asp SQL Injection source: https://www.securityfocus.com/bid/49208/info Code Widgets DataBound Index Style Menu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query...

Code Widgets DataBound Collapsible Menu - main.asp SQL Injection

Code Widgets DataBound Collapsible Menu - main.asp SQL Injection source: https://www.securityfocus.com/bid/49209/info Code Widgets DataBound Collapsible Menu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query...

Code Widgets Multiple Question - Multiple Choice Online Questionnaire SQL Injections

source: https://www.securityfocus.com/bid/49210/info Code Widgets Multiple Question - Multiple Choice Online Questionaire is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

Joomla! Component com_community - userid SQL Injection

Joomla! Component comcommunity - userid SQL Injection source: https://www.securityfocus.com/bid/48983/info The 'comcommunity' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting...

MyBB MyTabs Plugin - tab SQL Injection

MyBB MyTabs Plugin - tab SQL Injection source: https://www.securityfocus.com/bid/48952/info The MyTabs plugin for MyBB is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow ...

OpenX Ad Server 2.8.7 Cross Site Request Forgery

Exploit for php platform in category web applications ======================================================================= Title: OpenX Ad Server CSRF Vulnerability Product: OpenX Ad Server Vulnerable version: 2.8.7 and probably earlier versions Fixed version: N/A Impact: High Homepage:...

Willscript Recipes Website Script Silver Edition - viewRecipe.php SQL Injection

Willscript Recipes Website Script Silver Edition - viewRecipe.php SQL Injection source: https://www.securityfocus.com/bid/48878/info Willscript Recipes website Script Silver Edition is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before usin...

CobraScripts Trading Marketplace Script - 'cid' SQL Injection

source: https://www.securityfocus.com/bid/48914/info Trading Marketplace script is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

Willscript Recipes Website Script Silver Edition - 'viewRecipe.php' SQL Injection

source: https://www.securityfocus.com/bid/48878/info Willscript Recipes website Script Silver Edition is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to execute...

Godly Forums - id SQL Injection

Godly Forums - id SQL Injection source: https://www.securityfocus.com/bid/48872/info Godly Forums is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise th...

ICMusic 1.2 - 'music_id' SQL Injection

source: https://www.securityfocus.com/bid/48639/info ICMusic is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data,...