Design/Logic Flaw

SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL...

Sphider Multiple Vulnerabilities (Aug 2014)

Sphider is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Yokogawa BKBCopyD.exe Client

This module allows an unauthenticated user to interact with the Yokogawa CENTUM CS3000 BKBCopyD.exe service through the PMODE, RETR and STOR operations. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Zoomla CMS 存在任意文件读取漏洞

简要描述： Zoomla CMS 存在任意文件读取漏洞 详细说明： 官网演示demo http://demo.zoomla.cn 后台地址http://demo.zoomla.cn/admin/login.aspx 演示账户:admin 密码：admin888 测试地址：http://demo.zoomla.cn/Admin/I/Template/TemplateEdit.aspx?setTemplate=%2fTemplate%2fV3&filepath=../../../config/AppSettings.config 其中修改installed参数为false以后 可以执行重装...

BitDefender GravityZone 5.1.5.386 - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple critical vulnerabilities product: Bitdefender GravityZone vulnerable version: =5.1.11.432 impact: critical homepage: http://www.bitdefender.com found: 2014-05-22...

Joomla com_niceajaxpoll <= 1.3.0 - SQL Injection Vulnerability

No description provided by source. Title : Joomla comniceajaxpoll = 1.3.0 SQL Injection Vulnerability Author : Patrick de Brouwer - @knickz0r NLSecurity - www.nlsecurity.org Dork : inurl:/index.php?option=comniceajaxpoll Software : Joomla component Nice Ajax Poll = 1.3.0...

PluggedOut CMS 0.4.8 admin.php contenttypeid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14426/info PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data...

JFFNMS 0.8.3 auth.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/24414/info Just For Fun Network Management and Monitoring System JFFNMS is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure...

Pre Survey Generator 'default.asp' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30349/info Pre Survey Generator is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the application, access or...

JFFNMS 0.8.3 admin/adm/test.php PHP Information Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/24414/info Just For Fun Network Management and Monitoring System JFFNMS is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure...

JFFNMS 0.8.3 admin/setup.php Direct Request Authentication Bypass

No description provided by source. source: http://www.securityfocus.com/bid/24414/info Just For Fun Network Management and Monitoring System JFFNMS is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure...

Visible Systems Razor 4.1 Password File Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1424/info The Razor Configuration Management program stores passwords in an insecure manner. A local attacker can obtain the Razor passwords, and either seize control of the software and relevant databases or use those...

osCommerce Poll Booth 2.0 - Add-On 'pollbooth.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28752/info osCommerce Poll Booth is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

PHPWebThings 1.4 Download.PHP File Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15399/info phpWebThings is prone to an SQL injection vulnerability. This is an input validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a quer...

open auto classifieds <= 1.5.9 - Multiple Vulnerabilities

No description provided by source. MorningStar Security - Advisory http://www.morningstarsecurity.com/ Multiple security issues in Open Auto Classifieds 1. Advisory Information ---------------------------------------------------------------------------------------------- Title: Multiple security...

Cisco Unified Communications Manager <= 6.1 'key' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27775/info Cisco Unified Communications Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

Joomla! 1.6 - Multiple SQL Injection Vulnerabilities

No description provided by source. Source: http://www.securityfocus.com/bid/46846/info Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...

PHPNuke 5.x/6.x Web_Links Module Remote SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7558/info It has been reported that multiple input validation bugs exist in the WebLinks module used by PHPNuke. Because of this, a remote user may be able to access the database and potentially gain access to sensitive...

Cyphor 0.19 newmsg.php fid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other...

Internet Photoshow - 'login_admin' Parameter Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29227/info Internet Photoshow is prone to a vulnerability that can result in unauthorized database access. Attackers can exploit this issue to gain administrative access to the application. Internet Photoshow Special...