DUware DUpaypal 3.03.1 - sub.asp?iSub SQL Injection

DUware DUpaypal 3.03.1 - sub.asp?iSub SQL Injection source: https://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit coul...

DUware DUpaypal 3.0/3.1 - 'detail.asp?iPro' SQL Injection

source: https://www.securityfocus.com/bid/14034/info DUpaypal Pro is prone to multiple SQL-injection vulnerabilities because the fails application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application,...

CVE-2005-2013

paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords...

PAFaq beta4 - Database Unauthorized Access

PAFaq beta4 - Database Unauthorized Access source: https://www.securityfocus.com/bid/13999/info paFaq is prone to an unauthorized access vulnerability regarding the database. This issue is a result of the application failing to perform access validation on the 'backup.php' script. A remote...

CVE-2005-2029

amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file...

FusionBB Multiple Vulnerabilities

GulfTech Security Research June 6th, 2005 Vendor : InteractivePHP, Inc URL : http://www.fusionbb.com/ Version : Version .11 Beta And Earlier Risk : Multiple Vulnerabilities Description: FusionBB is a popular online message board written in php and developed by InteractivePHP, INC. There are sever...

CVE-2005-1723

LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly mark file extensions and MIME types as unsafe if an Apple Uniform Type Identifier UTI is not created when the type is added to the database of unsafe types, which could allow attackers to bypass intended restrictions...

CVE-2005-1867

Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges...

GLSA-200506-04 : Wordpress: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200506-04 Wordpress: Multiple vulnerabilities Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks. Impact : An attacker could use the SQL injection vulnerabilities to gain information from t...

Wordpress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based content management and publishing system. Description Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks. Impact An attacker could use the SQL injection vulnerabilities to gain information from the database...

Qualiteam X-Cart Multiple Vulnerabilities

The remote host is running X-Cart, a PHP-based shopping cart system. The version installed on the remote host suffers from numerous SQL injection and cross-site scripting vulnerabilities. Attackers can exploit the former to influence database queries, resulting possibly in a compromise of the...

Mandrake Linux Security Advisory : postgresql (MDKSA-2005:093)

A number of vulnerabilities were found and corrected in the PostgreSQL DBMS : Two serious security errors have been found in PostgreSQL 7.3 and newer releases. These errors at least allow an unprivileged database user to crash the backend process, and may make it possible for an unprivileged user...

Moderate: Red Hat Security Advisory: postgresql security update

Updated postgresql packages that fix several security vulnerabilities and risks of data loss are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system DBMS that...

[SA15562] Symantec Brightmail AntiSpam Static Database Password

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

MyBB 1.0 RC4 XSS Bug

Description: MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. MyBB has been designed with the end users in mind, you and your subscribers. Full control over your discussion system is presented right at the tip of your fingers, from multiple styles and themes to the...

PHP Stat Administrative User Authentication Bypass

=========================================================== ============================================================ Title: PHP Stat Vulnerability discovery: SoulBlack - Security Research - http://soulblack.com.ar Date: 25/05/2005 Severity: Medium. PHP Stat Administrative User Authentication...

OS4E - 'login.asp' SQL Injection

source: https://www.securityfocus.com/bid/13804/info os4e is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'login.asp' script before using it in an SQL query. Successful exploitation could result in a...

HelpCenter Live! 1.01.2.x - Multiple Input Validation Vulnerabilities

HelpCenter Live! 1.01.2.x - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/13666/info Help Center Live is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...

CVE-2003-1213

MaxWebPortal 1.30 stores its portal database under the web document root with insecure access control, allowing remote retrieval of database/db2000.mdb via a direct request. This causes partial confidentiality impact (CVSS: AV:N/AC:L/Au:N/C:P/I:P/A:P). The CVE entry provides no exploitation detai...

CVE-2005-1648

CVE-2005-1648 affects Gurgens (GASoft) Ultimate Forum 1.0. The vulnerability arises because the db/Genid.dat database file is stored under the web document root with insufficient access control, enabling remote attackers to obtain and decrypt usernames and passwords. The provided sources describe...