CVE-2010-4105

HP Insight Orchestration for Windows is affected by CVE-2010-4105: prior to v6.2, remote attackers can bypass access controls and potentially read/modify data or gain unauthorized access. The HP security bulletin HPSBMA02606/SSRT100321 rev.1 states vulnerable versions are HP Insight Orchestration...

CVE-2010-4028

Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP LoadRunner 9.1 and earlier allows remote attackers to cause a denial of service, and possibly obtain sensitive information or modify data, via unknown vectors...

Code injection

Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to obtain sensitive information or modify data via unknown vectors...

CVE-2010-3993

HP Insight Control Server Migration for Windows (HP) is affected by CVE-2010-3993 and is vulnerable prior to version 6.2. The HP security bulletin and CVSS data describe a remote vulnerability that could lead to unauthorized access and data modification, with base score 6.4 (MEDIUM). Mitigation: ...

CVE-2010-4028

Vulnerability CVE-2010-4028 affects HP LoadRunner Web Tours 9.10 and LoadRunner 9.1 and earlier. The issue is described as an unspecified vulnerability allowing remote denial of service, with potential for information disclosure or data modification via unknown vectors. HP’s Security Bulletin HPS...

Joomla! Component Projects 'com_projects' - SQL Injection / Local File Inclusion

source: https://www.securityfocus.com/bid/44456/info The 'comprojects' component for Joomla! is prone to an SQL-injection vulnerability and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise...

DeluxeBB 'xthedateformat' Parameter SQL Injection Vulnerability

DeluxeBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...

CVE-2010-3223

The user interface in Microsoft Cluster Service MSCS in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to...

BaconMap Local File Include and SQL Injection Vulnerabilities

BaconMap is prone to a local file-include vulnerability and an SQL- injection vulnerability because it fails to properly sanitize user- supplied input. An attacker can exploit the local file-include vulnerability using directory- traversal strings to view and execute arbitrary local files within...

Elxis 2009.2 rev2631 - SQL Injection

source: https://www.securityfocus.com/bid/43743/info Elxis is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based...

NetArt Media Car Portal 2.0 - car SQL Injection

NetArt Media Car Portal 2.0 - car SQL Injection source: https://www.securityfocus.com/bid/43536/info Car Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Joomla! Component com_spain - nv SQL Injection

Joomla! Component comspain - nv SQL Injection source: https://www.securityfocus.com/bid/43354/info The Spain component for Joomla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...

Joomla! Component com_spain - 'nv' SQL Injection

source: https://www.securityfocus.com/bid/43354/info The Spain component for Joomla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...

e107 0.7.23 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/43327/info e107 is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modif...

PHP MicroCMS Local File Include and SQL Injection Vulnerabilities

PHP MicroCMS is prone to a local file-include vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory- traversal strings to view and execute arbitrary local fil...

Irokez CMS 'id' Parameter SQL Injection Vulnerability

Irokez CMS is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ZenPhoto 1.3 - '/zp-core/admin.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/43021/info Zenphoto is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based...

ZenPhoto 1.3 - '/zp-core/full-image.php?a' SQL Injection

source: https://www.securityfocus.com/bid/43021/info Zenphoto is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based...

CMS WebManager-Pro - 'c.php' SQL Injection

source: https://www.securityfocus.com/bid/42951/info CMS WebManager-Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...

rainbowportal - Multiple Vulnerabilities

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ ''' abysssec Inc Public Advisory 1 Advisory information Title : Rainbowportal Multiple Remote Vulnerabilities Version : Rainbow 2.0 Production/Stable 2.0.0.1881e VS 2005 | VS...