OrangeHRM 2.6.11 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/50857/info OrangeHRM is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify...

Balitbang CMS 3.3 - alumni.php?hal SQL Injection

Balitbang CMS 3.3 - alumni.php?hal SQL Injection source: https://www.securityfocus.com/bid/50797/info CMS Balitbang is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...

Dolibarr ERPCRM 3.1 - Multiple Script URI Cross-Site Scripting Vulnerabilities

Dolibarr ERPCRM 3.1 - Multiple Script URI Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/50777/info Dolibarr is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in...

Dolibarr ERPCRM 3.1.0 - userinfo.php?id SQL Injection

Dolibarr ERPCRM 3.1.0 - userinfo.php?id SQL Injection source: https://www.securityfocus.com/bid/50777/info Dolibarr is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated conten...

Pro Clan Manager 0.4.2 - SQL Injection

source: https://www.securityfocus.com/bid/50794/info Pro Clan Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...

Dolibarr ERP/CRM 3.1.0 - '/admin/boxes.php?rowid' SQL Injection

source: https://www.securityfocus.com/bid/50777/info Dolibarr is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Exploiting these issues could allow an attacker to...

webERP Information Disclosure, SQL Injection, and Cross Site Scripting Vulnerabilities

webERP is prone to information-disclosure, SQL-injection, and cross- site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may exploit the information-disclosure issue to gain access to sensitive information that may lead to further attacks. An...

Cacti Unspecified SQL Injection and Cross Site Scripting Vulnerabilities

Cacti is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user- supplied data. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify...

Joomla! Component Content - 'year' SQL Injection

source: https://www.securityfocus.com/bid/50656/info Content component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...

Joomla! Alameda Component 'storeid' Parameter SQLi Vulnerability

The Alameda component for Joomla! is prone to an SQL injection SQLi vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent...

Traq 2.2 - Multiple SQL Injections Cross-Site Scripting

Traq 2.2 - Multiple SQL Injections Cross-Site Scripting source: https://www.securityfocus.com/bid/49835/info Traq is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow...

GeoClassifieds Lite Multiple Vulnerabilities (Sep 2011) - Active Check

GeoClassifieds Lite is prone to multiple SQL injection SQLi and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

OneCMS 2.6.4 - Multiple SQL Injections

OneCMS 2.6.4 - Multiple SQL Injections source: https://www.securityfocus.com/bid/49733/info OneCMS is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...

OneCMS 2.6.4 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/49733/info OneCMS is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application,...

phpRS 2.8.1 - Multiple SQL Injections Cross-Site Scripting

phpRS 2.8.1 - Multiple SQL Injections Cross-Site Scripting source: https://www.securityfocus.com/bid/49729/info phpRS is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these...

Support Incident Tracker (SiT!) Multiple Input Validation Vulnerabilities

Support Incident Tracker SiT! is prone to the following input- validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities 2. Multiple SQL-injection vulnerabilities 3. Multiple cross-site request-forgery vulnerabilities Exploiting these issues could allow an attacker to execute...

MYRE Real Estate Software 'findagent.php' Cross Site Scripting and SQL Injection Vulnerabilities

MYRE Real Estate Software is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the...

MYRE Real Estate Software 'findagent.php' Cross Site Scripting and SQL Injection Vulnerabilities

MYRE Real Estate Software is prone to an SQL-injection and multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Mambo Component N-Press - SQL Injection

source: https://www.securityfocus.com/bid/49420/info The Mambo CMS N-Press component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application...

'research_display.php' SQL Injection Vulnerability

researchdisplay.php is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...