231 matches found
Cisco Unified MeetingPlace SQL Injection Vulnerability (CNVD-2015-04162)
Cisco Unified MeetingPlace conferencing solutions allow organizations to host integrated voice, video, and web conferences. A SQL injection vulnerability exists in Cisco Unified MeetingPlace due to the program failing to properly validate user input within a sql query. An authenticated, remote...
Microsoft Graphics Component Memory Corruption (MS14-007) - Ver2 (CVE-2014-0263)
A remote code execution vulnerability has been reported in Windows Graphics Component. The vulnerability is due to the way Windows components handle specially crafted GIF files. A remote attacker can exploit this issue by enticing a user to view GIF files in shared content. Successful exploitatio...
CVE-2014-2611
Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120...
Directory traversal
Directory traversal vulnerability in the fndwar web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code, or obtain sensitive information or delete data, via unspecified vectors, aka ZDI-CAN-2120...
rhev-m: MoveDisk ignores the disk's wipe-after-delete property
Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors...
Authentication flaw
GR Board aka grboard 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to 1 modrewrite.php, 2 commentwriteok.php, 3 poll/index.php, 4 update/index.php, 5 trackback.php, or 6 an arbitrary...
openSUSE Security Update : libmysqlclient-devel (openSUSE-SU-2010:0730-1)
local users could delete data files for tables of other users CVE-2010-1626. - authenticated users could gather information for tables they should not have access to CVE-2010-1849 - authenticated users could crash mysqld CVE-2010-1848 - authenticated users could potentially execute arbitrary code...
linux/x86 delete all data on filesystem polymorphic shellcode
Exploit for linux/x86 platform in category shellcode ============================================================= linux/x86 delete all data on filesystem polymorphic shellcode ============================================================= /...
mysql: multiple insufficient table name checks
Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. dot dot in a table name...
TeraStation HD-HTGL series cross-site request forgery vulnerability
Overview TeraStation HD-HTGL series provided by Buffalo, Inc. are hard disks for LAN connection and have administrative web interface. The administrative interface for the TeraStation HD-HTGL contains a cross-site request forgety CSRF vulnerability. Impact If a TeraStation HD-HTGL administrator w...
JVN#93484133 TeraStation HD-HTGL series cross-site request forgery vulnerability
Impact If a TeraStation HD-HTGL administrator who logged into the web administration interface views a malicous website, an attacker could possibly modify configurations or delete data on the hard disk. Solution Products Affected HD-HTGL Series firmware Ver. 2.05-beta-1 and earlier...