360 matches found
Joomla Remote Command Execution Vulnerability
Joomla is a PHP-based open source content management system CMS. Can be used to build commercial websites , personal blogs , information management systems , Web services , etc., but also for secondary development to expand the scope of use. Joomla remote command execution vulnerability, an...
Hewlett-Packard LoadRunner Virtual Table Server import_database Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Virtual Table Server, which listens by default on port 4000. By providi...
McAfee Data Loss Prevention Endpoint EPO Extended Information Disclosure Vulnerability
McAfee Data Loss Prevention Endpoint DLPe is an integrated endpoint data protection solution from the U.S. company McAfee McAfee. A security vulnerability in the McAfee Data Loss Prevention Endpoint DLPe epo extension allows remote attackers to submit a special URL request to obtain sensitive...
CVE-2015-2759
Multiple cross-site request forgery CSRF vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allow remote attackers to hijack the authentication of users for requests that 1 obtain sensitive information or 2 modify the database...
CVE-2015-2758
The ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allow remote attackers to hijack the authentication of users for requests that 1 obtain sensitive information or 2 modify the database...
CVE-2015-2759
Multiple cross-site request forgery CSRF vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allow remote attackers to hijack the authentication of users for requests that 1 obtain sensitive information or 2 modify the database...
SQL Servers Unauthorized Commands SQL Injection - Ver2 (CVE-2014-3704)
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. SQL injection techniques can be used by attackers to exploit the Drupal vulnerability. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or...
OSTicket 1.2/1.3 - Multiple Input Validation and Remote Code Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/13478/info osTicket is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Reportedly the application permits the inclusion...
SQL Servers Oracle Vendor-specific SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Unauthorized Commands SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Unauthorized SQL Injection Command Execution
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers UNION Query-based SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers SQL Injection Evasion Techniques
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers MSSQL Vendor-specific SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Blind SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers MySQL Vendor-specific SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Stack Query SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities
Overview ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web ParameterIt has been reported that the 'Properties.do?name=' module is vulnerable to an ‘unauthorized function call’ caused by server failing to...
CVE-2012-2358
CVE-2012-2358 affects Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3. A remote authenticated user can bypass an activity’s read-only state and modify the database by leveraging the student role to edit existing database activity entries. The provided documents do not specif...