Facile Forms 1.x 'catid' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27880/info Facile Forms is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

Oracle Forms Servlet TLS Listener Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15039/info Oracle Forms is susceptible to a vulnerability that allows remote attackers to stop the TNS Listener service, denying further database service to legitimate users. By issuing a specific HTTP request, remote...

Palo Alto Networks Pan-OS 5.0.8 - Multiple Vulnerabilities

No description provided by source. from http://thomaspollet.blogspot.be/2013/11/Palo-Alto-XSS.html : A couple of bugs exist in Palo Alto Networks PANOS = 5.0.8 which can be exploited to conduct cross-site scripting attacks. - Certificate fields are displayed in the firewall web interface without...

Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/26414/info Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities. Attackers can exploit these issues to crash Internet Explorer and deny service to legitimate...

Microsoft IE4 Clipboard Paste Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/215/info The Windows clipboard contains data that has been cut or copied from various windows applications. This data can be accessed and posted to malicious web forms at web sites without the knowledge of the visiting...

Public Media Manager

No description provided by source. Discovered by cr4wl3r \ cr4wl3r4tlinuxmaildotorg Public Media Manager = 1.3 formsdir Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/pmm-cms/files/ Dork : dieLamers attempt; :D Vuln : ./pmm-cms-1.3/comcal/calmenu.php line 4 ?p...

Beetel 450TC2 Router Admin Password CSRF Vulnerability

No description provided by source. ??!-- Exploit Title: Beetel 450TC2 Router Admin Password Cross Site Request Forgery Vulnerability Date: 30/04/2014 Exploit Author: shyamkumar somana Vendor Homepage: www.beetel.in Version: 450TC2 - Firmware version : TX6-0Q-005retail Tested on: Windows 8 Beetel...

WordPress Business Directory Plugin <= 1.0.2 - Multiple XSS

Because of these vulnerabilities in forms/search.php, the attackers can inject arbitrary web script or HTML via the few parameters: "edit", "pagelinks", searchterm, "page" or "pageid". Solution Update the plugin...

CVE-2014-4155

Cross-site request forgery CSRF vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0aZRDLK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/toolsadmin1...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0aZRDLK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/toolsadmin1...

CVE-2014-4155

Cross-site request forgery CSRF vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0aZRDLK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/toolsadmin1...

CVE-2014-4162

Multiple cross-site request forgery CSRF vulnerabilities in the Zyxel P-660HW-T1 v3 wireless router allow remote attackers to hijack the authentication of administrators for requests that change the 1 wifi password or 2 SSID via a request to Forms/WLANGeneral1...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Zyxel P-660HW-T1 v3 wireless router allow remote attackers to hijack the authentication of administrators for requests that change the 1 wifi password or 2 SSID via a request to Forms/WLANGeneral1...

CVE-2014-4162

Multiple cross-site request forgery CSRF vulnerabilities in the Zyxel P-660HW-T1 v3 wireless router allow remote attackers to hijack the authentication of administrators for requests that change the 1 wifi password or 2 SSID via a request to Forms/WLANGeneral1...

openSUSE Security Update : chromium (openSUSE-SU-2014:0243-1)

Chromium was updated to version 32.0.1700.102: Stable channel update : - Security Fixes : - CVE-2013-6649: Use-after-free in SVG images - CVE-2013-6650: Memory corruption in V8 - and 12 other fixes - Other : - Mouse Pointer disappears after exiting full-screen mode - Drag and drop files into...

openSUSE Security Update : chromium (openSUSE-SU-2013:1729-1)

Chromium was updated to 30.0.1599.114 : Stable Channel update: fix build for 32bit systems - Update to Chromium 30.0.1599.101 - Security Fixes : + CVE-2013-2925: Use after free in XHR + CVE-2013-2926: Use after free in editing + CVE-2013-2927: Use after free in forms. + CVE-2013-2928: Various fix...

web_spider

This plugin is a classic web spider, it will request a URL and extract all links and forms from the response. Three configurable parameter exist: onlyforward ignoreRegex followRegex IgnoreRegex and followRegex are commonly used to configure the webspider to spider all URLs except the "logout" or...

Soraya Malware Packs Form Grabbing, Memory Scraping Functionality

Malware capable of infecting point-of-sale devices once was a novelty, but it’s quickly becoming more common. Researchers at Arbor Networks have unearthed a new strain of PoS malware called Soraya that can scrape memory and has the ability to intercept information sent from Web forms, a specialty...

PYSEC-2014-110

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

CVE-2014-3792

Cross-site request forgery CSRF vulnerability in Beetel 450TC2 Router with firmware TX6-0Q-005retail allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the uiViewToolsPassword and uiViewToolsPasswordConfirm parameters to...