CVE-2008-0855

SQL injection vulnerability in the Facile Forms comfacileforms component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php...

Facile Forms 1.x - 'catid' SQL Injection

source: https://www.securityfocus.com/bid/27880/info Facile Forms is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

Facile Forms 1.x - catid SQL Injection

Facile Forms 1.x - catid SQL Injection source: https://www.securityfocus.com/bid/27880/info Facile Forms is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Cross site request forgery (csrf)

The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete custom editor interfaces...

CVE-2007-6320

Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery CSRF attacks...

Microsoft Forms 2.0 ActiveX控件内存访问冲突拒绝服务漏洞

BUGTRAQ ID: 26414 CNCAN ID:CNCAN-2007111603 Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities Microsoft Forms 2.0是一款微软提供的表单控件。 Microsoft Forms包含的ActiveX控件存在设计错误，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 构建恶意的WEB页，诱使用户访问，可导致使用Microsoft Forms的应用程序崩溃。 Microsoft Forms...

Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service

Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service source: https://www.securityfocus.com/bid/26414/info Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities. Attackers can exploit these issues to crash...

Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service

source: https://www.securityfocus.com/bid/26414/info Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities. Attackers can exploit these issues to crash Internet Explorer and deny service to legitimate users. Note: Forms 2.0 ActiveX is...

CVE-2007-5594

Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery CSRF attack...

CVE-2007-5590

Multiple buffer overflows in Miranda before 0.7.1 allow remote attackers to execute arbitrary code via unspecified vectors involving 1 IRC options, 2 Jabber forms, and unspecified aspects of the 3 ICQ and 4 Yahoo! instant messaging functionality. NOTE: some of these details are obtained from thir...

Cross site request forgery (csrf)

Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery CSRF attack...

SA-2007-029 - Drupal core - User deletion cross site request forgery

The Drupal Forms API protects against cross site request forgeries CSRF, where a malicous site can cause a user to unintentionally submit a form to a site where he is authenticated. The user deletion form does not follow the standard Forms API submission model and is therefore not protected again...

SA-2007-021: Project issue tracking - XSS vulnerabilities in subscription forms.

The Project issue tracking module provides a subscription functionality enabling users to sign up for e-mail notification of issue updates. The subscriptions can be edited on both an individual or overview form. Users who have permissions to create or edit projects may be able to inject arbitrary...

Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information

US-CERT released an advisory on August 28, 2007 regarding multiple stack buffer overflows in the Oracle Jinitiator product Vulnerability Note VU474433/CVE-2007-4467. Due to limited public technical information on Jinitiator, no access to the Oracle support website, and maybe lack of cooperation...

Stack overflow

Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control beans.ocx 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later...

Cross site scripting

Cross-site scripting XSS vulnerability in Forms/General1 in the management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter...

CVE-2007-4318

Cross-site scripting XSS vulnerability in Forms/General1 in the management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General1 with the 1 sysSystemName and 2...

[DRUPAL-SA-2007-017] Drupal 5.2 fixes multiple CSRF vulnerabilities

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2007-017 ---------------------------------------------------------------------------- Project: Drupal core Version: 5.x Date: 2007-July-26 Security risk: Moderately critical Exploitable...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...