JBoard - Multiple Cross-Site Scripting SQL Injections

JBoard - Multiple Cross-Site Scripting SQL Injections source: https://www.securityfocus.com/bid/42425/info JBoard is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal...

Open Auto Classifieds <= 1.5.9 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================== Open Auto Classifieds = 1.5.9 Multiple Remote Vulnerabilities ============================================================== MorningStar Security - Advisory...

Server side request forgery (ssrf)

BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request...

CVE-2008-7056

BandSite CMS 1.1.4 does not perform access control for adminpanel/phpmydump.php, which allows remote attackers to obtain copies of the database via a direct request...

Ok3w news publishing system vulnerability analysis-vulnerability warning-the black bar safety net

Article author: Tosec information security team Reprint Thought space reasons related to the source code is not made up, interested brothers can Baidu about it. First of all, we for this system is a simple view, the following is a related description ! The user can browse the main page: list. Asp...

Juice For Restaurants SQL Injection

|| | | |In The Name 0F G0d | | | |----------------------------------------------------------------------------------------------| | | |Juice Remote SQL Injection Vulnerability | | | |----------------------------------------------------------------------------------------------| | | |Founder :...

CVE-2009-2159

backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/...

RedHat Security Advisory RHSA-2009:0479

The remote host is missing updates announced in advisory RHSA-2009:0479. Perl DBI is a database access Application Programming Interface API for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. A heap-based buffer overflow flaw was discovered in the...

RedHat Security Advisory RHSA-2009:0479

The remote host is missing updates announced in advisory RHSA-2009:0479. Perl DBI is a database access Application Programming Interface API for the Perl language. perl-DBD-Pg allows Perl applications to access PostgreSQL database servers. A heap-based buffer overflow flaw was discovered in the...

perl security update

CentOS Errata and Security Advisory CESA-2009:0479 An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl DBI is a database access...

CVE-2008-6756

ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file...

SQL injection

Added: 04/10/2009 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to inject arbitrary SQL commands via a speciall...

Harvard SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐...

Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-588-1

Ubuntu Update for Linux kernel vulnerabilities USN-588-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5881.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-588-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

NGENUITY-2009-005 OpenCart Order By Blind SQL Injection

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-005 - OpenCart Order By Blind SQL Injection Application: OpenCart 1.1.8 Vendor: OpenCart Vendor website: http://www.opencart.com http://www.chambermaster.com Author: Adam Baldwin [email protected] I. BACKGROUND...

PHPRecipeBook 2.24 SQL Injection

PHPRecipeBook 2.24 idRemort SQL Injection Vulnerability - + Discovered By d3b4g + script: http://phprecipebook.sourceforge.net/demo/phprecipebook/ + Greetz : str0ke | Inerd | & friends - Follow me on twitter www.twitter.com/schaba About: ------ PHPRecipeBook is a Web-based cookbook with the...

HP Quality Center缓存工作流脚本绕过安全限制漏洞

BUGTRAQ ID: 33854 CVECAN ID: CVE-2007-5289 HP质量中心可管理和控制质量流程，并在IT和应用环境中实现软件测试自动化。 HP质量中心的前端有一些嵌入到WEB浏览器中的COM组件组成。质量中心提供了自定义功能（被称为工作流），允许管理员修改默认的行为。这个工作流是由VBScript函数驱动的，每当客户端前端出现特定的事件时就会调用这些函数。...

Kaspersky.com SQL Injection

----------------------------------------------------------------------------------------------- + kaspersky.com suffers from a remote SQL injection vulnerability + Found By: unu + Date: 09-02-2009 --------------------------------------------------------------------------------------------- Url:...

Improper access control

VP-ASP Shopping Cart 6.50 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database containing the password via a direct request for database/shopping650.mdb. NOTE: some of these details are obtained from third party...

BlogIt! (SQL/DD/XSS) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ==================================================== BlogIt! SQL/DD/XSS Multiple Remote Vulnerabilities ==================================================== --------------------------------------------------------- Portal Name: BlogIt!...