22 matches found
EUVD-2015-1648
Malware in sbrugna...
EUVD-2015-1646
Malware in sbrugna...
FancyFon Software FAMOC SQL Injection Vulnerability
FancyFon Software FAMOC is a mobile device lifecycle management solution from FancyFon Software Ireland. The solution enables centralized remote management of smartphones using various operating systems over the Internet. A SQL injection vulnerability exists in FancyFon Software FAMOC versions...
CVE-2015-1514
Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow 1 remote attackers to execute arbitrary SQL commands via the device ID REST parameter PATHINFO to /ajax.php or 2 remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php...
CVE-2015-1512
Multiple cross-site scripting XSS vulnerabilities in FancyFon FAMOC before 3.17.4 allow remote attackers to inject arbitrary web script or HTML via the 1 LoginFormusername to ui/system/login or the 2 order or 3 myorgs to index.php...
Sql injection
Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow 1 remote attackers to execute arbitrary SQL commands via the device ID REST parameter PATHINFO to /ajax.php or 2 remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in FancyFon FAMOC before 3.17.4 allow remote attackers to inject arbitrary web script or HTML via the 1 LoginFormusername to ui/system/login or the 2 order or 3 myorgs to index.php...
CVE-2015-1514
Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow 1 remote attackers to execute arbitrary SQL commands via the device ID REST parameter PATHINFO to /ajax.php or 2 remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php...
CVE-2015-1514
FancyFon FAMOC is affected by SQL injection vulnerabilities in versions prior to 3.17.4. The flaws permit remote SQL command execution via the device ID REST parameter (PATH_INFO) to /ajax.php and via the order parameter to index.php. Root cause: inadequate input filtering on these parameters. Im...
CVE-2015-1512
Multiple cross-site scripting XSS vulnerabilities in FancyFon FAMOC before 3.17.4 allow remote attackers to inject arbitrary web script or HTML via the 1 LoginFormusername to ui/system/login or the 2 order or 3 myorgs to index.php...
CVE-2015-1512
CVE-2015-1512 affects FancyFon FAMOC prior to version 3.17.4. The issue is cross-site scripting (XSS) that allows remote attackers to inject arbitrary script/HTML via user-supplied input in (1) LoginForm[username] to ui/system/login, (2) order, or (3) myorgs to index.php. The provided documents d...
FancyFon FAMOC Session Fixation Vulnerability
FancyFon FAMOC is a mobile device management platform. FancyFon FAMOC suffers from a session fixation vulnerability that can be exploited by an attacker to hijack arbitrary sessions and gain unauthorized access in affected applications...
Multiple Cross-Site Scripting Vulnerabilities in FancyFon FAMOC
FancyFon FAMOC is a mobile device management platform. FancyFon FAMOC suffers from multiple cross-site scripting vulnerabilities because it fails to adequately filter user-supplied input. An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of an affecte...
[SYSS-2014-010] FancyFon FAMOC - SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-010 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Fixed Vendor Notification: 2014-12-19 Solution Date: 2015-01-23...
[SYSS-2014-013] FancyFon FAMOC - Use of a One-Way Hash without a Salt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-013 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: Use of a One-Way Hash without a Salt CWE-759 Risk Level: Low Solution Status: Fixed Vendor Notification: 2014-12-19...
[SYSS-2014-011] FancyFon FAMOC - Cross-Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-011 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Vendor Notification: 2014-12-19 Solution Date:...
[SYSS-2014-012] FancyFon FAMOC - Session Fixation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-012 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: Session Fixation CWE-384 Risk Level: Low Solution Status: Fixed Vendor Notification: 2014-12-19 Solution Date: 2015-01-...
FancyFon FAMOC 3.16.5 Cross Site Scripting / SQL Injection Vulnerabilities
FancyFon FAMOC version 3.16.5 suffers from a remote SQL injection and multiple cross site scripting vulnerabilities Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: SQL Injection CWE-89 / Cross-Site Scripting CWE-79 Risk Level: High Solution...
FancyFon FAMOC 3.16.5 Missing Salt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-013 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: Use of a One-Way Hash without a Salt CWE-759 Risk Level: Low Solution Status: Fixed Vendor Notification: 2014-12-19...
FancyFon FAMOC 3.16.5 SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-010 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: SQL Injection CWE-89 Risk Level: High Solution Status: Fixed Vendor Notification: 2014-12-19 Solution Date: 2015-01-23...