8980 matches found
phpCoin 1.2 - auxpage.php?page Traversal Arbitrary File Access
phpCoin 1.2 - auxpage.php?page Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/12917/info Multiple remote input validation vulnerabilities affect phpCoin. Multiple SQL injection vulnerabilities have been reported. An attacker may leverage these issues to manipulate and...
Dream4 Koobi CMS 4.2.3 - index.php SQL Injection
Dream4 Koobi CMS 4.2.3 - index.php SQL Injection source: https://www.securityfocus.com/bid/12896/info Koobi CMS is reportedly affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in as SQL query...
Dream4 Koobi CMS 4.2.3 - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/12896/info Koobi CMS is reportedly affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in as SQL query. Successful exploitation could result in a compromise ...
RunCMS highlight.php Information Disclosure
Binary data 2723.prm...
CVE-2005-0820
Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name...
Subdreamer 1.0 - SQL Injection
source: https://www.securityfocus.com/bid/12839/info Subdreamer is prone to an SQL injection vulnerability. Because of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. Subdreamer Light is...
wfsections107.txt
Program: wfsections Verion: 1.07 Bug Type: SQL Injection Bug Discription: ================================= In file class/wfsfiles.php, we can see this function: //START function getAllbyArticle$articleid $db =& Database::getInstance; $table = $db-prefix"wfsfiles"; $ret = array; $sql = "SELECT FR...
aeNovo Database Content Disclosure Vulnerability
The problem is that the aeNovo database file "dbase/aeNovo1.mdb" by default is accessible. you can disclose the ADMIN's password . The Login Page : "logon.asp"...
CVE-2002-1242
CVE-2002-1242 describes an SQL injection vulnerability in PHP-Nuke prior to 6.0 that allows remote authenticated users to modify the database and gain privileges via the bio parameter in modules.php. Root cause: unvalidated input in the bio field enables injection into SQL statements. Affected so...
YabbSE (3 on 1)
Summary YaBB SE is a PHP/MySQL port of the popular forum software YaBB yet another bulletin board. This time we discovered three new holes. That ranges from extracting information to deleting information and files in the remote web server. Details Vulnerable Systems: YaBB SE versions 1.5.4, 1.5.5...
CVE-2002-1432
CVE-2002-1432 affects MidiCart. The database file midicart.mdb is stored under the Web document root, allowing remote attackers to directly request the file and access sensitive information, resulting in partial confidentiality impact. The NVD entry lists a base score of 5.0 (Medium) with network...
CVE-2002-1499
CVE-2002-1499 affects FactoSystem CMS. The vulnerability involves multiple SQL injections in web-facing scripts, allowing remote attackers to perform unauthorized database actions via (1) author.asp (authornumber), (2) discuss.asp (discussblurbid), (3) holdcomment.asp (name), and (4) holdcomment....
CVE-2001-0988
CVE-2001-0988 affects Arkeia backup server, version 4.2.8-2 and earlier. The vulnerability arises because database files are created with world-writable permissions, allowing local users to overwrite those files or obtain sensitive information. The provided connected records confirm the affected ...
CVE-2000-0981
Affected software : MySQL Database Engine. Vulnerability : uses a weak authentication method that can leak information and allow recovery of passwords. Details : The CVE-2000-0981 description states a weak authentication method that could enable a remote attacker to recover the password. Nessus w...
CVE-2000-0654
The CVE-2000-0654 issue concerns Microsoft Enterprise Manager and its Data Transformation Services (DTS) Registered Servers Dialog. The vulnerability enables local users to obtain database passwords via the DTS Password mechanism, i.e., a local-authority disclosure of credentials within the DTS p...
Multiple vulnerabilities in Tooltalk database server
Advisory ID Internal CORE-220528 Advisory Information: Advisory ID: CORE-20020528 Bugtraq ID : 5082, 5083 CVE Name: CVE-2002-0678, CVE-2002-0677 CERT : VU975403, VU299816 Title: Multiple vulnerabilities in Tooltalk database server Class: Implementation flaws Remotely Exploitable: Yes Locally...
Security update 1970-01-01
...
Security update 1970-01-01
...
Security update 1970-01-01
...
Security update 1970-01-01
...