Viola DVR VIO-4/1000 - Multiple Directory Traversal Vulnerabilities

source: https://www.securityfocus.com/bid/47509/info Viola DVR is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting the issues can allow an attacker to obtain sensitive information that could aid in further attacks. Vio...

webEdition CMS HTML Injection and Local File Include Vulnerabilities

webEdition CMS is prone to multiple HTML-injection vulnerabilities and a local file-include vulnerability. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication...

7T Interactive Graphical SCADA System Multiple Security Vulnerabilities

7T Interactive Graphical SCADA System is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CMS Lokomedia Arbitrary File Download Vulnerability - Active Check

CMS Lokomedia is prone to a vulnerability that lets attackers download arbitrary files. This issue occurs because the application fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

Cosmoshop 10.05.00 - Multiple Cross-Site Scripting SQL Injections

Cosmoshop 10.05.00 - Multiple Cross-Site Scripting SQL Injections source: https://www.securityfocus.com/bid/46828/info CosmoShop is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input...

CubeCart 2.0.6 XSS and SQLi Vulnerabilities

CubeCart is prone to an SQL injection SQLi and a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VicFTPS 'LIST' Command Remote Denial of Service Vulnerability

VicFTPS is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

The Lesson of Stuxnet and Aurora: Get Back to Basics or Get Owned

SAN FRANCISCO–It’s often said that after decades of work and technological advances, the security industry hasn’t actually solved any problems or made things any better. But that’s not entirely true. The industry has in fact perfected the art of exploiting the scare ’em and snare ’em,...

TinyWebGallery Cross Site Scripting and Local File Include Vulnerabilities

TinyWebGallery is prone to local file-include and cross-site scripting vulnerabilities because the application fails to properly sanitize user- supplied input. A remote attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in...

Bugzilla Multiple Vulnerabilities

Bugzilla is prone to the following vulnerabilities: 1. A security-bypass issue. 2. Multiple cross-site scripting vulnerabilities. 3. Multiple cross-site request-forgery vulnerabilities. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute...

Sahana Agasti Multiple Remote File Include Vulnerabilities

Sahana Agasti is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Calibre Cross Site Scripting and Directory Traversal Vulnerabilities

Calibre is prone to a cross-site scripting vulnerability and a directory- traversal vulnerability because it fails to sufficiently sanitize user- supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context o...

GIMP 2.6.7 - Multiple File Plugins Remote Stack Buffer Overflow Vulnerabilities

source: https://www.securityfocus.com/bid/45647/info GIMP is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate checks on user-supplied input. Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the...

MyBB 1.6 - 'private.php?keywords' SQL Injection

source: https://www.securityfocus.com/bid/45565/info MyBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modif...

NCH Software Office Intercom SIP Invite Remote Denial of Service Vulnerability

NCH Software Office Intercom is prone to a remote denial-of-service vulnerability because it fails to properly handle specially crafted SIP INVITE requests. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

GDL 'id' Parameter SQL Injection Vulnerability

GDL Ganesha Digital Library is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilitie...

GDL <= 4.2 SQLi Vulnerability - Active Check

GDL Ganesha Digital Library is prone to an SQL injection SQLi vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrigh...

Dolphin SQL Injection and Information Disclosure Vulnerabilities

Dolphin is prone to an SQL-injection vulnerability and an information- disclosure vulnerability. Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Dolphi...

Bugzilla Response Splitting and Security Bypass Vulnerabilities

Bugzilla is prone to a response-splitting vulnerability and a security- bypass vulnerability. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions; obtain sensitive information; and influence or misrepresent how web content is served, cached, or...

Project Jug Directory Traversal Vulnerability

This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...