10446 matches found
phpCMS 2008 V2 - 'data.php' SQL Injection
source: https://www.securityfocus.com/bid/45913/info PHPCMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modi...
CVE-2010-3925
Contents-Mall before 15 does not properly handle passwords, which allows remote attackers to discover the administrative password, and consequently obtain sensitive information or modify data, via unspecified vectors...
CVE-2010-3925
Contents-Mall before version 15 contains a vulnerability in password handling that can allow remote attackers to disclose the administrative password and potentially access or modify stored data. The issue is addressed in Contents-Mall Ver.15.00; affected versions are Ver.14.00 and earlier. No ex...
whCMS 0.115 - Cross-Site Request Forgery
whCMS 0.115 - Cross-Site Request Forgery Vulnerability ID: HTB22767 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinwhcms.html Product: whCMS Vendor: Joram van den Boezem http://whcms.burolaga.nl/ Vulnerable Version: 0.115 alpha and probably prior versions Vendor Notification: 28 December 20...
Design/Logic Flaw
Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL...
CVE-2010-4498
The CVE-2010-4498 entry concerns a vulnerability in the TIBCO Collaborative Information Manager (CIM) server and ActiveCatalog prior to versions 8.1.0 and 1.0.1, respectively. The issue is described as an unspecified vulnerability that allows remote attackers to modify data or obtain sensitive in...
CruxCMS 3.0 - Multiple Input Validation Vulnerabilities
CruxCMS 3.0 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/45594/info CruxCMS is prone to multiple input-validation vulnerabilities, including multiple security-bypass issues, multiple arbitrary-file-upload issues, multiple SQL-injection issues, a local...
MyBB 1.6 - 'private.php?keywords' SQL Injection
source: https://www.securityfocus.com/bid/45565/info MyBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modif...
Inout Webmail Script - Persistent Cross-Site Scripting
Name :inoutwebmail Persistent Xss Vulnerability Date : Dec,20 2010 Vendor Url :http://www.inoutscripts.com/ Author : Sid3^effects aKa HaRi Big hugs : Th3 RDX,Hananbutt, special thanks to : r0073r inj3ct0r.com,L0rd...
Joomla! Component JExtensions Property Finder - sf_id SQL Injection
Joomla! Component JExtensions Property Finder - sfid SQL Injection source: https://www.securityfocus.com/bid/45333/info JExtensions Property Finder is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting...
Joomla! Component Jeformcr - 'id' SQL Injection
source: https://www.securityfocus.com/bid/45329/info Joomla Jeformcr is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modi...
Movable Type vulnerable to SQL injection
Overview Movable Type contains SQL injection vulnerability. Movable Type, a web log system from Six Apart KK, contains a SQL injection vulnerability. Impact A remote attacker may view or modify information stored by the product. Solution Update the Software Update to the latest version according ...
Joomla! Component com_storedirectory - id SQL Injection
Joomla! Component comstoredirectory - id SQL Injection source: https://www.securityfocus.com/bid/45094/info Joomla! Store Directory is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...
Joomla! Component com_storedirectory - 'id' SQL Injection
source: https://www.securityfocus.com/bid/45094/info Joomla! Store Directory is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access...
XSRF (CSRF) in Frog CMS
Vulnerability ID: HTB22685 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinfrogcms.html Product: Frog CMS Vendor: Philippe Archambault http://www.madebyfrog.com/ Vulnerable Version: 0.9.5 and probably prior versions Vendor Notification: 09 November 2010 Vulnerability Type: CSRF Cross-Site...
Easy Banner 2009.05.18 - member.php Multiple SQL Injection Authentication Bypass
Easy Banner 2009.05.18 - member.php Multiple SQL Injection Authentication Bypass source: https://www.securityfocus.com/bid/45066/info Easy Banner Free is prone to multiple SQL-injection and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker m...
SmartBox - 'page_id' SQL Injection
source: https://www.securityfocus.com/bid/45101/info SmartBox is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...
Easy Banner 2009.05.18 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/45066/info Easy Banner Free is prone to multiple SQL-injection and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage the HTML-injection issues to execute arbitrary script code in the...
Raised Eyebrow CMS - venue.php SQL Injection
Raised Eyebrow CMS - venue.php SQL Injection source: https://www.securityfocus.com/bid/44880/info Raised Eyebrow CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attack...
Woltlab Burning Board 2.5 'locator.php' SQLi Vulnerability
Woltlab Burning Board is prone to an SQL injection SQLi vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...