2351 matches found
MGinternet Property Site Manager - admin_login.asp Multiple SQL Injections
MGinternet Property Site Manager - adminlogin.asp Multiple SQL Injections source: https://www.securityfocus.com/bid/21073/info MGinternet Property Site Manager is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to...
PHPEasyData Pro 2.2.2 - 'index.php' SQL Injection
exploit3.asp 'Note : If Wrong Id = "CTYPE html PUBLIC..... see" 'Using : Write Target and ID after Submit Click '=============================================================================================== % 37","" guvenlik = Replaceguvenlik,"37","" guvenlik = Replaceguvenlik,"","" End Functio...
ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability
Vulnerability Report Title : ECardPro v2.0search.asp Remote SQL Injection Vulnerability Author : ajann Script Page : http://www.keyvan1.com Exploit; Data: MSSQL http://target/path/search.asp?keyword='SQL HERE Example: search.asp?keyword='AND201=convertint,20@@servicename == MSSQL Service Name Adm...
Data security: crack. mdb currently all versions of the password-vulnerability warning-the black bar safety net
On the Access97 password hack, in a lot of sites and magazines have been introduced. Here I simply repeat it. In the mdb file the 0x42 Byte 1-3 byte, respectively, with 0x86,0xfb,0xec,0x37,0x5d,0x44,0x9c,0xfa,0xc6,0x5e,0x28,0xe6,0x13 XOR can be obtained after the database password. But in Access ...
CVE-2006-2462
BEA WebLogic Server 8.1 (before Service Pack 4) and 7.0 (before Service Pack 6) is affected. The vulnerability arises when using JTA transactions, where sensitive data may be sent over non-secure channels, allowing remote read access to potentially sensitive network traffic. The provided sources ...
CVE-2006-1232
Multiple SQL injection vulnerabilities in DSDownload 1.0, with magicquotesgpc disabled, allow remote attackers to execute arbitrary SQL commands via the 1 key and 2 category parameters to a search.php and b downloads.php...
CVE-2006-0103
CVE-2006-0103 affects TinyPHPForum 3.6 and earlier. The issue is improper access control that stores the files users/[USERNAME].hash and users/[USERNAME].email under the web root, enabling remote attackers to list registered users and possibly obtain other sensitive information. The NVD entry cor...
Testing NAT-T RFC VPN Detection
Binary data 3313.prm...
Google Search Appliance Detection
The remote host seems to be a Google Search Appliance. These appliances are used to index the files contained on an intranet and make them searchable. Make sure that this appliance can only be accessed by authorized personel or that the data it indexes is public. C Tenable Network Security, Inc...
CVE-2005-3049
CVE-2005-3049 affects phpMyFAQ 1.5.1, where data files are stored under the web document root with insufficient access control and predictable filenames. This allows remote attackers to obtain sensitive information via a direct request to data/tracking[DATE]. The NVD entry assigns a base score of...
CVE-2004-2428
Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the plaintext username and password...
CVE-2004-2400
Summary: CVE-2004-2400 affects WinFTP Server 1.6. The vulnerability arises because credentials (username and password) are stored in plaintext in the file data\user.wfd, allowing local users to obtain credentials. The NVD reports a low base score (2.1) with LOCAL attack vector and PARTIAL confide...
Jax PHP Scripts 1.0/1.34/2.14/3.31 - 'jax_guestbook.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script...
CVE-2002-2066
BestCrypt BCWipe versions 1.0.7 and 2.0 through 2.35.1 do not clear Windows alternate data streams (ADS) on NTFS-attached files, allowing recovery of securely deleted data. Connected sources confirm this vulnerability affects BCWipe on NTFS by failing to purge ADS, with implications of sensitive ...
CVE-2002-2069
CVE-2002-2069 affects PGP 6.x and 7.x on Windows NTFS. The issue is failure to clear Windows alternate data streams attached to files, enabling recovery of deleted sensitive information. Connected Red Hat CVE entry corroborates the same description. No explicit exploit details or affected version...
Oracle Forms Insecure Temporary File Handling
Name Oracle Forms Insecure Temporary File Handling Systems Affected Oracle Forms 4.5, 6.0, 6i, 9i Severity Medium Risk Category Information disclosure Vendor URL http://www.oracle.com Author Alexander Kornbrust ak at red-database-security.com Date 13 July 2005 V 1.00 Advisory AKSEC2003-006 Oracle...
CVE-2002-1671
Microsoft Internet Explorer versions 5.0, 5.01, and 5.5 are affected by a vulnerability in the clipboardData.getData method that enables remote attackers to monitor the contents of the clipboard. The issue is described across CVE-2002-1671 entries in NVD, CVE List, and related records, consistent...
CVE-2001-1464
Crystal Reports vulnerability: when displaying data for a password-protected database via HTML pages, it embeds the username and password in cleartext in the HTML content and in the URL, allowing remote attackers to obtain passwords. Affected: Crystal Reports HTML rendering for password-protected...
TrackerCam Multiple Remote Overflows
Binary data 2632.prm...
ht://Dig config Parameter XSS
Binary data 2592.prm...