313 matches found
Multiple Vulnerabilities in ManageEngine Firewall Analyzer
ManageEngine Firewall Analyzer is a web-based firewall log analysis tool from Zoho that collects, correlates, and reports on enterprise-wide logs from firewalls, proxy servers, and Radius servers. Elevation of privilege and SQL injection vulnerabilities exist in ManageEngine Firewall Analyzer,...
ManageEngine Firewall Analyzer 'runQuery.do' SQL Injection Vulnerability
ZOHO ManageEngine Firewall Analyzer is a web-based firewall log analysis tool from ZOHO that collects, correlates, and reports on enterprise-wide logs from firewalls, proxy servers, and Radius servers. A SQL injection vulnerability exists in ZOHO ManageEngine Firewall Analyzer, which stems from t...
SUSE-SU-2016:0429-1 Security update for krb5
This update for krb5 fixes the following issues: - CVE-2015-8629: Information leak authenticated attackers with permissions to modify the database bsc963968 - CVE-2015-8630: An authenticated attacker with permission to modify a principal entry may have caused kadmind to crash bsc963964 -...
Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery
Exploit for php platform in category web applications + Credits: hyp3rlinx Vendor: ============================= www.anelectron.com/downloads/ Product: ==================================== Advanced Electron Forum v1.0.9 AEF Exploit patched current version. Vulnerability Type: ===================...
Joomla Remote Command Execution Vulnerability
Joomla is a PHP-based open source content management system CMS. Can be used to build commercial websites , personal blogs , information management systems , Web services , etc., but also for secondary development to expand the scope of use. Joomla remote command execution vulnerability, an...
Hewlett-Packard LoadRunner Virtual Table Server import_database Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard LoadRunner. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Virtual Table Server, which listens by default on port 4000. By providi...
McAfee Data Loss Prevention Endpoint EPO Extended Information Disclosure Vulnerability
McAfee Data Loss Prevention Endpoint DLPe is an integrated endpoint data protection solution from the U.S. company McAfee McAfee. A security vulnerability in the McAfee Data Loss Prevention Endpoint DLPe epo extension allows remote attackers to submit a special URL request to obtain sensitive...
CVE-2015-2759
Multiple cross-site request forgery CSRF vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allow remote attackers to hijack the authentication of users for requests that 1 obtain sensitive information or 2 modify the database...
CVE-2015-2758
The ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allow remote attackers to hijack the authentication of users for requests that 1 obtain sensitive information or 2 modify the database...
CVE-2015-2759
Multiple cross-site request forgery CSRF vulnerabilities in the ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allow remote attackers to hijack the authentication of users for requests that 1 obtain sensitive information or 2 modify the database...
SQL Servers Unauthorized Commands SQL Injection - Ver2 (CVE-2014-3704)
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. SQL injection techniques can be used by attackers to exploit the Drupal vulnerability. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or...
OSTicket 1.2/1.3 - Multiple Input Validation and Remote Code Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/13478/info osTicket is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Reportedly the application permits the inclusion...
SQL Servers MSSQL Vendor-specific SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Unauthorized SQL Injection Command Execution
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Blind SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Oracle Vendor-specific SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers Stack Query SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers MySQL Vendor-specific SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...
SQL Servers UNION Query-based SQL Injection
SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...