The vulnerability of the Moodle learning management system allows a hacker to execute cross-site scripting attacks.

The vulnerability of the Moodle learning management system’s sub-component mod/quiz/db/access.php exists due to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...

SQL Injection Vulnerability in Gobetters Video Conferencing System /web/mserversave.php Parameter

GoBetter video conferencing system is a pure software video conferencing system with high-performance audio and video interactions, as well as perfect data functions launched by GoBetter. A SQL injection vulnerability exists in the /web/mserversave.php parameter of the Gobetters Video Conferencin...

WordPress Plugin Easy2Map 1.24 - SQL Injection

WordPress Plugin Easy2Map 1.24 - SQL Injection Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact:...

SQL Injection Vulnerability in FileId Parameter of Nanjing Jenohan Journal Submission System

Nanjing Jenohan Software Technology Co., Ltd. is for the development of hospital full cost accounting decision support software system, hospital performance management information system and hospital customer management information system. An SQL injection vulnerability exists in the FileId...

Code injection

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site...

CVE-2015-3727

WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site...

SQL Injection Vulnerability in e-mobile Loginid Parameter of Panmicro Mobile OA Solution

e-mobile is a mobile office product crafted by Panavision for mobile terminal users such as cell phones and tablet PCs. A SQL injection vulnerability exists in the e-mobile loginid parameter of the Panavision mobile OA solution. Comprehensive exploitation of the vulnerability allows attackers to...

Koha ILS 3.20.x CSRF / XSS / Traversal / SQL Injection

=============================================================================================== SBA Research Vulnerability Disclosure =============================================================================================== title: Koha Unauthenticated SQL injection product: Koha ILS affecte...

Koha 3.20.1 - Multiple SQL Injections

Koha 3.20.1 - Multiple SQL Injections Exploit Title: Koha Open Source ILS - Unauthenticated SQL Injection in OPAC Google Dork: Date: 25/06/2015 Exploit Author: Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos - Combinatorial Security Testing Group of SBA Research...

Koha 3.20.1 - Multiple SQL Injections

Exploit Title: Koha Open Source ILS - Unauthenticated SQL Injection in OPAC Google Dork: Date: 25/06/2015 Exploit Author: Raschin Tavakoli, Bernhard Garn, Peter Aufner and Dimitris Simos - Combinatorial Security Testing Group of SBA Research [email protected] Vendor Homepage: koha-community.or...

Milw0rm Clone Script SQL Injection Vulnerability

Milw0rm is a hacking and defense interest group that provides security services such as vulnerability mining, security information, hacking and defense, security tools and other security services for IT technicians.Milw0rm Clone Script is a script for sharing and managing the Milw0rm website's...

Persian Car CMS SQL Injection Vulnerability

Persian Car CMS is a content management system. Persian Car CMS fails to properly handle the 'catid' parameter in URLs, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

Symantec Endpoint Protection Management Console SQL Injection Vulnerability

Symantec Endpoint Protection is a protection software developed to enhance enterprise virus protection and advanced threat defense. Symantec Endpoint Protection management console fails to properly validate user input and administrators with low privileges can perform SQL injection attacks with...

UBUNTU-CVE-2015-4342

SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id...

Cisco Prime Collaboration Manager SQL Injection Vulnerability

Cisco Prime Collaboration is the United States Cisco Cisco a set of enterprise collaboration network management solutions. The program supports a unified management console to simplify the management of unified communications and video collaboration network, as well as rapid deployment of...

TYPO3 Smoelenboek Extension SQL Injection Vulnerability

TYPO3 is a free and open source content management system, Smoelenboek is a user list extension plugin. TYPO3 Smoelenboek suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain databa...

TYPO3 wt_directory extension SQL injection vulnerability

TYPO3 is a free and open source content management system. wtdirectory is an extension plugin capable of displaying addresses from the ttaddress list. A SQL injection vulnerability exists in TYPO3 wtdirectory, which allows remote attackers to exploit the vulnerability to submit specially crafted...

TYPO3 Developer Log Extension SQL Injection Vulnerability

TYPO3 is a free and open source content management system, and Developer Log is one of the log extension plugins. A SQL injection vulnerability exists in the TYPO3 Developer Log extension, which allows remote attackers to exploit the vulnerability to submit specially crafted SQL queries to...

Design/Logic Flaw

The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the...

CVE-2015-4395

The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the...