WordPress Light Post Plugin 'abspath' Parameter Remote File Include Vulnerability

The Light Post WordPress Plugin is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

2Moons 1.4 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/50046/info 2Moons is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker to obtain sensitive information or execute arbitrary...

Jaws 0.8.14 - Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/50022/info Jaws is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker to obtain sensitive information or execute arbitrary...

WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection

source: https://www.securityfocus.com/bid/49893/info The WP Bannerize plug-in for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability

IBM WebSphere Application Server is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain actions in the context of an authorized user and gain access to the affected application; other attacks are also possible. IBM WebSphere...

WordPress Mailing List Plugin 'wpabspath' Parameter Remote File Include Vulnerability

The Mailing List plug-in for WordPress is prone to a remote file- include vulnerability because it fails to sufficiently sanitize user- supplied input. Exploiting this issue could allow an attacker to compromise the application and the underlying system. Other attacks are also possible. Mailing...

WordPress <= 0.1 Filedownload Plugin Local File Disclosure Vulnerability

The Filedownload plugin for WordPress is prone to a local file- disclosure vulnerability because it fails to adequately validate user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...

OpenSSH Ciphersuite Specification Information Disclosure Weakness

OpenSSH is prone to a security weakness that may allow attackers to downgrade the ciphersuite. Successfully exploiting this issue in conjunction with other latent vulnerabilities may allow attackers to gain access to sensitive information that may aid in further attacks. Releases prior to OpenSSH...

In-link 2.3.45.1.3 RC1 - cat SQL Injection

In-link 2.3.45.1.3 RC1 - cat SQL Injection source: https://www.securityfocus.com/bid/49508/info In-link is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Blue Coat Reporter Directory Traversal Vulnerability

Blue Coat Reporter is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

MantisBT Cross Site Scripting and SQL Injection Vulnerabilities

MantisBT is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...

Lasernet CMS 'id' Parameter SQL Injection Vulnerability

Lasernet CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...

Joomla Component mod_spo SQL Injection Vulnerability

No description provided by source. Exploit Title: Simple Page Option LFI Google Dork: inurl:modspo Date: 15/07/2011 Author: SeguridadBlanca.Blogspot.com or SeguridadBlanca Software Link: http://joomlacode.org/gf/download/frsrelease/11841/47776/modspo1.5.16.zip Version: 1.5.x Tested on: Backtrack...

Joomla Simple Page Option Local File Inclusion

Simple Page Option – LFI Vulnerable-Code: $slang =& JRequest::getVar'spositelang'; fileexistsdirnameFILE.DS.'languages'.DS.$slang.'.php' ? includedirnameFILE.DS.'languages'.DS.$slang.'.php' : includedirnameFILE.DS.'languages'.DS.'english.php'; Vulnerable-Var: spositelang= Expl0iting:...

Oracle HTTP Server Header Cross Site Scripting

--------------------------------------------------------------------------------------------------------- Oracle HTTP Server XSS Header Injection --------------------------------------------------------------------------------------------------------- Attack Pattern ID : CAPEC-86 CWE ID : CI-79...

Storecalc Simple Web-Server <= 1.2 Directory Traversal Vulnerability - Active Check

Simple web-server is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting Multiple SQL Injections

ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting Multiple SQL Injections source: https://www.securityfocus.com/bid/48083/info ARSC Really Simple Chat is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize...

Novell Netware eDirectory DoS Vulnerability

Exploit for windows platform in category dos / poc nSense Vulnerability Research Security Advisory NSENSE-2011-002 --------------------------------------------------------------- Affected Vendor: Novell Affected Product: Netware, eDirectory Platform: Netware / Linux Impact: Remote Denial of Servi...

Joostina (Multiple Components) - SQL Injection

Joostina Multiple Components - SQL Injection source: https://www.securityfocus.com/bid/47595/info Multiple Joostina components are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could all...

LightNEasy 3.2.3 - &#039;userhandle&#039; Cookie SQL Injection

source: https://www.securityfocus.com/bid/47541/info LightNEasy is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...