10502 matches found
InTerra Blog Machine 1.84 XSS Vulnerability
Exploit for php platform in category web applications Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably prior versions Vendor Notification: 31 March 2011 Vulnerability Type: Stored XSS Cross Site Scripting Risk...
InTerra Blog Machine 1.84 XSS Vulnerability
No description provided by source. Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininterrablogmachin e.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably prior version...
GuppY 4.6.14 - lng Multiple SQL Injections
GuppY 4.6.14 - lng Multiple SQL Injections source: https://www.securityfocus.com/bid/47086/info GuppY is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...
SyndeoCMS 2.8.02 - Multiple Vulnerabilities (2)
Vulnerability ID: HTB22901 Reference: http://www.htbridge.ch/advisory/sqlinjectioninsyndeocms.html Product: SyndeoCMS Vendor: http://www.syndeocms.org/ http://www.syndeocms.org/ Vulnerable Version: 2.8.02 Vendor Notification: 10 March 2011 Vulnerability Type: SQL injection Risk level: High Credit...
Cosmoshop 10.05.00 - Multiple Cross-Site Scripting SQL Injections
Cosmoshop 10.05.00 - Multiple Cross-Site Scripting SQL Injections source: https://www.securityfocus.com/bid/46828/info CosmoShop is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input...
Lms Web Ensino - Multiple Input Validation Vulnerabilities
Lms Web Ensino - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/46829/info LMS Web Ensino is prone to the following input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities 2. An SQL-injection vulnerability 3. A cross-site...
Lms Web Ensino - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/46829/info LMS Web Ensino is prone to the following input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities 2. An SQL-injection vulnerability 3. A cross-site request-forgery vulnerability 4. A session-fixation vulnerability...
WSN Guest 1.24 - wsnuser Cookie SQL Injection
WSN Guest 1.24 - wsnuser Cookie SQL Injection source: https://www.securityfocus.com/bid/46444/info WSN Guest is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...
Rae Media Real Estate Multi Agent SQL Injection
Multi Agent System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...
ReOS Local File Include and SQL Injection Vulnerabilities
ReOS is prone to a local file-include vulnerability and multiple SQL- injection vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Joomla! Component com_clan_members - 'id' SQL Injection
source: https://www.securityfocus.com/bid/46080/info The 'comclanmembers' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
All In One Control Panel 1.4.1 - cp_menu_data_file.php SQL Injection
All In One Control Panel 1.4.1 - cpmenudatafile.php SQL Injection source: https://www.securityfocus.com/bid/46097/info All In One Control Panel AIOCP is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. ...
Symantec Web Gateway Management GUI远程SQL注入漏洞
BUGTRAQ ID: 45742 CVE ID: CVE-2010-0115 Symantec Web Gateway是赛门铁克企业级网页威胁防护解决方案。 Symantec Web Gateway在SQL查询中使用用户提供的数据前没有正确过滤,在实现上存在安全漏洞,远程攻击者可利用此漏洞控制设备、访问或修改数据或利用基础数据库中的潜在漏洞。 在向login.php页面发送解析请求时,进程未正确过滤USERNAME POST参数。提供发送特制的字符串,远程攻击者可利用此漏洞向服务器上的后端数据库注入任意SQL。 Symantec Web Gateway 4.5 厂商补丁: Symant...
PHPAuctions - viewfaqs.php SQL Injection
PHPAuctions - viewfaqs.php SQL Injection source: https://www.securityfocus.com/bid/45928/info PHPAuctions is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker...
CVE-2011-0489
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to 1 the Lock Server or 2 the Advanced Multithreaded Server...
Design/Logic Flaw
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to 1 the Lock Server or 2 the Advanced Multithreaded Server...
phpCMS 2008 V2 - 'data.php' SQL Injection
source: https://www.securityfocus.com/bid/45913/info PHPCMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modi...
CVE-2010-3925
Contents-Mall before 15 does not properly handle passwords, which allows remote attackers to discover the administrative password, and consequently obtain sensitive information or modify data, via unspecified vectors...
CVE-2010-3925
Contents-Mall before version 15 contains a vulnerability in password handling that can allow remote attackers to disclose the administrative password and potentially access or modify stored data. The issue is addressed in Contents-Mall Ver.15.00; affected versions are Ver.14.00 and earlier. No ex...
whCMS 0.115 - Cross-Site Request Forgery
whCMS 0.115 - Cross-Site Request Forgery Vulnerability ID: HTB22767 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinwhcms.html Product: whCMS Vendor: Joram van den Boezem http://whcms.burolaga.nl/ Vulnerable Version: 0.115 alpha and probably prior versions Vendor Notification: 28 December 20...