883 matches found
That’s a Wrap! Highlights from MIRcon 2012
Three years ago when we set out to create a conference that would bring together the greatest minds in the information security industry, we could not imagine the overwhelmingly positive response and growth MIRcon™ would receive year after year. Our goal for MIRcon is simple: to inform innovators...
CVE-2012-2105
Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameters...
Sql injection
Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameters...
CVE-2012-2105
Timesheet Next Gen 1.5.2 contains multiple SQL injection vulnerabilities in login.php that allow remote attackers to execute arbitrary SQL commands through the username or password parameters. This CVE entry is supported by NVD/NVD-derived records and multiple references. No remediation or fix de...
CVE-2012-2105
Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameters...
Next Gen CMS XSS Presistent Vulnerability
Exploit for php platform in category web applications Exploit Title: ACTIVE XSS Next Gen CMS Author: mix0x0 Vendor or Software Link: http://ngcms.ru/ Version: 0.9.3 Release SVN880+FIX01 Vulnerable to the field: "title", test blog Exploit test: var t = new Image;...
Timesheet Next Gen 1.5.2 - Multiple SQL Injections
Timesheet Next Gen 1.5.2 - Multiple SQL Injections Exploit Title: Timesheet Next Gen 1.5.2 Multiple SQLi Date: 02/23/12 Author: G13 Software Link: https://sourceforge.net/projects/tsheetx/ Version: 1.5.2 Category: webapps php Vulnerability The login.php page has multiple SQL injection...
Timesheet Next Gen 1.5.2 SQL Injection
Exploit Title: Timesheet Next Gen 1.5.2 Multiple SQLi Date: 02/23/12 Author: G13 Software Link: https://sourceforge.net/projects/tsheetx/ Version: 1.5.2 Category: webapps php Vulnerability The login.php page has multiple SQL injection vulnerabilities. Both the 'username' and 'password' parameters...
Timesheet Next Gen 1.5.2 - Multiple SQL Injections
Exploit Title: Timesheet Next Gen 1.5.2 Multiple SQLi Date: 02/23/12 Author: G13 Software Link: https://sourceforge.net/projects/tsheetx/ Version: 1.5.2 Category: webapps php Vulnerability The login.php page has multiple SQL injection vulnerabilities. Both the 'username' and 'password' parameters...
E-PHP B2B Cross Site Scripting / SQL Injection
/ Name : E-PHP B2B Marketplace Multiple Vulns WebSite : http://www.ephpscripts.com/b2b-trading-portal.php Price : 150 USD Author : Hamza 'MizoZ' N. Email : [email protected] / XSS - genconfirm.php shows the error message of $GET'errmsg' , but it's not protected against XSS - Exploit :...
NSA Director to Head U.S. Cyber Command
The U.S. Senate has approved Lt. Gen. Keith Alexander, director of the National Security Agency, to also head the military’s recently created U.S. Cyber Command. Read the full article. Computerworld...
CVE-2008-4939
apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.lex.cc, b /tmp/.deformat.l, c /tmp/.reformat.l, d /tmp/docxorig, e /tmp/docxsalida.zip, f /tmp/xlsxembed, g /tmp/xlsxorig, and h /tmp/xslxsalida.zip temporary files, related to the 1...
CVE-2008-4939
apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.lex.cc, b /tmp/.deformat.l, c /tmp/.reformat.l, d /tmp/docxorig, e /tmp/docxsalida.zip, f /tmp/xlsxembed, g /tmp/xlsxorig, and h /tmp/xslxsalida.zip temporary files, related to the 1...
CVE-2008-4939
apertium 3.0.7 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.lex.cc, b /tmp/.deformat.l, c /tmp/.reformat.l, d /tmp/docxorig, e /tmp/docxsalida.zip, f /tmp/xlsxembed, g /tmp/xlsxorig, and h /tmp/xslxsalida.zip temporary files, related to the 1...
CVE-2007-4208
SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the 1 UsersEmail or 2 UsersPassword parameter in an ExecuteTheLogin action...
Sql injection
SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the 1 UsersEmail or 2 UsersPassword parameter in an ExecuteTheLogin action...
CVE-2007-4208
The documents describe CVE-2007-4208 as a SQL injection vulnerability in default.asp of Next Gen Portfolio Manager. The issue allows remote attackers to manipulate the database by supplying crafted values in the ExecuteTheLogin action, specifically via the (1) Users_Email or (2) Users_Password pa...
CVE-2007-4208
SQL injection vulnerability in default.asp in Next Gen Portfolio Manager allows remote attackers to execute arbitrary SQL commands via the 1 UsersEmail or 2 UsersPassword parameter in an ExecuteTheLogin action...
Next Gen Portfolio Manager - default.asp Multiple SQL Injections
Next Gen Portfolio Manager - default.asp Multiple SQL Injections source: https://www.securityfocus.com/bid/25195/info Next Gen Portfolio Manager is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query...
CVE-2007-0501
PHP remote file inclusion vulnerability in index.php in Mafia Scum Tools 2.0.0 in Matthew Wardrop Advanced Random Generators adv-random-gen allows remote attackers to execute arbitrary PHP code via a URL in the gen parameter...