Oracle Demantra 12.2.1 SQL Injection

Vulnerability title: SQL Injection in Oracle Demantra CVE: CVE-2014-0372 Vendor: Oracle Product: Demantra Affected version: 12.2.1 Fixed version: 12.2.3 Reported by: Oliver Gruskovnjak Details: The Oracle Demantra application is vulnerable to SQL injection. An attacker with access to the vulnerab...

Oracle Demantra 12.2.1 - SQL Injection

Oracle Demantra 12.2.1 - SQL Injection Details: Application is vulnerable to SQL injection. Impact: An attacker with access to the vulnerable pages could manipulate the queries being sent to the database, potentially enabling them to: - Extract sensitive information, including but not limited to...

CVE-2013-5991

The displaySystemError function in html/handleerror.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log output...

EC-CUBE vulnerable to information disclosure

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in processing the output of error logs, which may lead to information disclosure. Gen Sato reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

DEBIAN-CVE-2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

CVE-2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

UBUNTU-CVE-2013-0337

The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the 1 access.log and 2 error.log files, which allows local users to obtain sensitive information by reading the files...

CVE-2013-3387

Cisco Prime Central for Hosted Collaboration Solution HCS Assurance 8.6 and 9.x before 9.21 allows remote attackers to cause a denial of service disk consumption via a flood of TCP packets to port 5400, leading to large error-log files, aka Bug ID CSCua42724...

CVE-2013-3387

Cisco Prime Central for Hosted Collaboration Solution HCS Assurance 8.6 and 9.x before 9.21 allows remote attackers to cause a denial of service disk consumption via a flood of TCP packets to port 5400, leading to large error-log files, aka Bug ID CSCua42724...

CVE-2011-4612

icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc error.log via a crafted URL...

DEBIAN-CVE-2011-4612

icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc error.log via a crafted URL...

CVE-2012-0836

Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors...

Code injection

Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors...

CVE-2012-0836

CVE-2012-0836 concerns Joomla! 1.7.x before 1.7.5. The available documents state an unspecified vulnerability that allows attackers to read the error log via unknown vectors. No concrete root-cause, affected subcomponents, or exploit details are provided beyond the version boundary and the error-...

CVE-2012-0836

Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors...

[20120202] - Core - Information Disclosure

On some servers the error log could be read by unauthorised users...

USN-1231-1: PHP Vulnerabilities

Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socketconnect function's handling of long pathnames for AFUNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options...

PHP 5.3 < 5.3.7 Multiple Vulnerabilities

Binary data 801087.prm...

WeBid 1.0.2 - Persistent Cross-Site Scripting (via SQL Injection)

WeBid 1.0.2 - Persistent Cross-Site Scripting via SQL Injection Exploit Title: presistent XSS through SQLi WeBid 1.0.2 Google Dork: "powered by WeBid" Date: 15-06-2011 Author: Saif El-Sherei Software Link: http://sourceforge.net/projects/simpleauction/ Version: 1.0.2 Tested on: Firefox 4, XAMPP...

WeBid 1.0.2 presistent XSS via SQL Injection

Exploit for php platform in category web applications Exploit Title: presistent XSS through SQLi WeBid 1.0.2 Google Dork: "powered by WeBid" Author: Saif El-Sherei Software Link: http://sourceforge.net/projects/simpleauction/ Version: 1.0.2 Tested on: Firefox 4, XAMPP Info: Open source php/mysql...