PT-2013-25: Information Disclosure in Siemens Simatic WinCC and PCS 7

The specialists of the Positive Research center have detected "Information Disclosure" vulnerability in Siemens Simatic WinCC and PCS 7. WebNavigator passwords stored in the SQL database are only obfuscated. How to fix Update your software up to the latest version Advisory status 11.07.2012 -...

PHP MBB - Cross-Site Scripting / SQL Injection

source: https://www.securityfocus.com/bid/54271/info php MBB is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials,...

Cotonti - admin.php SQL Injection

Cotonti - admin.php SQL Injection source: https://www.securityfocus.com/bid/54147/info Cotonti is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromis...

Joomla! Component JCal Pro Calendar - SQL Injection

Joomla! Component JCal Pro Calendar - SQL Injection source: https://www.securityfocus.com/bid/54042/info The JCal Pro Calendar component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting...

Joomla! Component JCal Pro Calendar - SQL Injection

source: https://www.securityfocus.com/bid/54042/info The JCal Pro Calendar component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

Simple Forum PHP - Multiple SQL Injections

Simple Forum PHP - Multiple SQL Injections source: https://www.securityfocus.com/bid/54024/info Simple Forum PHP is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could...

XAMPP for Windows 1.7.7 - Multiple Cross-Site Scripting / SQL Injections

source: https://www.securityfocus.com/bid/53979/info XAMPP for Windows is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access...

Bigware Shop 2.1x - main_bigware_54.php SQL Injection

Bigware Shop 2.1x - mainbigware54.php SQL Injection source: https://www.securityfocus.com/bid/53810/info Bigware Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacke...

Ignite Solutions CMS - 'car-details.php' SQL Injection

source: https://www.securityfocus.com/bid/53771/info Ignite Solutions CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...

Adiscon LogAnalyzer < 3.4.3 Multiple Vulnerabilities - Active Check

Adiscon LogAnalyzer is prone to multiple SQL injection SQLi and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Nilehoster Topics Viewer 2.3 - Multiple SQL Injections / Local File Inclusion

source: https://www.securityfocus.com/bid/53708/info Nilehoster Topics Viewer is prone to multiple SQL-injection vulnerabilities and a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these vulnerabilities to compromise the...

WordPress Plugin Sharebar 1.2.1 - SQL Injection Cross-Site Scripting

WordPress Plugin Sharebar 1.2.1 - SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/53532/info Sharebar plugin for WordPress is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful...

WordPress Plugin Pretty Link Lite 1.5.2 - SQL Injection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/53531/info Pretty Link Lite plugin for WordPress is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow an attacker to steal cookie-based...

OrangeHRM 2.7 RC - pluginsajaxCallshaltResumeHsp.php?newHspStatus Cross-Site Scripting

OrangeHRM 2.7 RC - pluginsajaxCallshaltResumeHsp.php?newHspStatus Cross-Site Scripting source: https://www.securityfocus.com/bid/53433/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal...

OrangeHRM 2.7 RC - templateshrfunctemppop.php?sortOrder1 Cross-Site Scripting

OrangeHRM 2.7 RC - templateshrfunctemppop.php?sortOrder1 Cross-Site Scripting source: https://www.securityfocus.com/bid/53433/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-bas...

OrangeHRM 2.7 RC - &#039;/plugins/ajaxCalls/haltResumeHsp.php?hspSummaryId&#039; SQL Injection

source: https://www.securityfocus.com/bid/53433/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify...

OrangeHRM 2.7 RC - &#039;/plugins/ajaxCalls/haltResumeHsp.php?newHspStatus&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/53433/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify...

BBSXP CMS - Multiple SQL Injections

source: https://www.securityfocus.com/bid/53298/info BBSXP CMS is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the applicatio...

Concrete5 CMS 5.5.2.1 - Information Disclosure / SQL Injection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/53268/info concrete5 is prone to information-disclosure, SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to harvest sensitive information, compromi...

Waylu CMS - products_xx.php SQL Injection HTML Injection

Waylu CMS - productsxx.php SQL Injection HTML Injection source: https://www.securityfocus.com/bid/53202/info Waylu CMS is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an...