4938 matches found
Mambo Site Server XSS and Remote Arbitrary Code Execution Vulnerabilities (Jan 2003) - Active Check
An attacker may use the installed version of Mambo Site Server to perform a cross-site scripting attack on this host or execute arbitrary code through the gallery image uploader under the administrator directory. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpte...
Sendmail 8.8.8 - 8.9.2 Parsing Redirection DoS Vulnerability
The remote Sendmail server, according to its version number, allows remote attackers cause a denial of service by sending messages with a large number of headers. SPDX-FileCopyrightText: 2003 Xue Yong Zhi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...
Simple PHP Blog 0.4 - colors.php Multiple Cross-Site Scripting Vulnerabilities
Simple PHP Blog 0.4 - colors.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...
News2Net 3.0 - index.php SQL Injection
News2Net 3.0 - index.php SQL Injection source: https://www.securityfocus.com/bid/15274/info News2Net is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation coul...
ATutor 1.x - 'forum.inc.php' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/15221/info ATutor is prone to multiple vulnerabilities. These issues can allow remote attackers to execute arbitrary PHP commands and carry out local file include and cross-site scripting attacks. ATutor 1.5.1-pl1 and prior versions are affected...
GCards 1.43 - news.php SQL Injection
GCards 1.43 - news.php SQL Injection source: https://www.securityfocus.com/bid/15216/info gCards is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...
Nuked-klaN 1.7 Links Module - link_id SQL Injection
Nuked-klaN 1.7 Links Module - linkid SQL Injection source: https://www.securityfocus.com/bid/15181/info Nuked Klan is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Thes...
FlatNuke 2.5.x - 'index.php' Multiple Remote File Inclusions
source: https://www.securityfocus.com/bid/15172/info FlatNuke is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to execute arbitrary server-side scri...
MySource 2.14 - mail.php?PEAR_PATH Remote File Inclusion
MySource 2.14 - mail.php?PEARPATH Remote File Inclusion source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...
MySource 2.14 - Span.php?PEAR_PATH Remote File Inclusion
MySource 2.14 - Span.php?PEARPATH Remote File Inclusion source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...
MySource 2.14 - 'insert_table.php?bgcolor' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in t...
Talking about after the invasion of the hardware destruction method-vulnerability warning-the black bar safety net
| Internetthe field of security, one foot magic ridge, and then strong fortress also has his deadly colony, hackersarttoday, was born many kinds of means of attack, and in front of the defense method is endless, but whether it is anti-both, all overlooked an important aspect-that is, hardware...
Cyphor 0.19 - 'lostpwd.php?nick' SQL Injection
source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible. ?php ---...
Oracle HTML DB 1.51.6 - f?p Cross-Site Scripting
Oracle HTML DB 1.51.6 - f?p Cross-Site Scripting source: https://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context...
PluggedOut CMS 0.4.8 - 'contenttypeid' SQL Injection
source: https://www.securityfocus.com/bid/14426/info PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible...
vBulletin 1.0.1 lite/2.x/3.0 - '/admincp/modlog.php?orderby' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code...
Alkalay.Net (Multiple Scripts) - Remote Command Execution
Alkalay.Net Multiple Scripts - Remote Command Execution source: https://www.securityfocus.com/bid/14893/info Multiple Alkalay.net scripts are prone to arbitrary remote command execution vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input...
Land Down Under 800801 - links.php?w SQL Injection
Land Down Under 800801 - links.php?w SQL Injection source: https://www.securityfocus.com/bid/14618/info Land Down Under is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
Land Down Under 800 - journal.php?w Cross-Site Scripting
Land Down Under 800 - journal.php?w Cross-Site Scripting source: https://www.securityfocus.com/bid/14619/info Land Down Under is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...
PHPFreeNews 1.40 - searchresults.php Multiple SQL Injections
PHPFreeNews 1.40 - searchresults.php Multiple SQL Injections source: https://www.securityfocus.com/bid/14589/info PHPFreeNews is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL...