shopex 4.8.5 product filter page somewhere without intval lead to injection vulnerabilities-vulnerability warning-the black bar safety net

Relates to version: shopex-single-4.8.5.80603 whether you need to login: no login required Whether the default configuration: is the presence or absence of the use of the code: code Vulnerability details: Product filter price range somewhere not intval result in injection of...

ocPortal CMS 8.x Session Hijacking

OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Session Hijacking flaw which could allow attackers to compromise administrator session. 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful...

IBM WebSphere应用服务器default_create.log信息泄露漏洞

BUGTRAQ ID: 40694 CVE ID: CVE-2010-2323 IBM Websphere应用服务器以Java和Servlet引擎为基础，支持多种HTTP服务，可帮助用户完成从开发、发布到维护交互式的动态网站的所有工作。 在目标系统上使用zPMT和BBOWWPFx任务模板创建配置文件的时候，可能会向defaultcreate.log日志中写入敏感信息。 IBM Websphere Application Server 7.0.x 厂商补丁： IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Sql injection in 3CFR

Author: r0t hackers.by.lv Date: 14. nov 2005 software: 3CFR vendor: http://www.3cfr.com/ software description: 3CFR solutions are dedicated to professional web sites creation and hosting. Especially designed for beginners wishing to get a professional showcase on Internet, 3CFR solutions offer a...