ClickContact - default.asp Multiple SQL Injections

ClickContact - default.asp Multiple SQL Injections source: https://www.securityfocus.com/bid/21302/info ClickContact is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow...

MidiCart ASP - Item_Show.asp?ID2006quant SQL Injection

MidiCart ASP - ItemShow.asp?ID2006quant SQL Injection source: https://www.securityfocus.com/bid/21273/info MidiCart ASP is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacke...

MidiCart ASP - 'Item_Show.asp?ID2006quant' SQL Injection

source: https://www.securityfocus.com/bid/21273/info MidiCart ASP is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data...

Fixit iDms Pro Image Gallery - 'filelist.asp' Multiple SQL Injections

source: https://www.securityfocus.com/bid/21282/info Fixit iDMS Pro is prone to multiple input-validation vulnerabilities, including SQL-injection issues and an HTML-injection issue, because the application fails to properly sanitize user-supplied input. Successful exploits of these vulnerabiliti...

CreaDirectory 1.2 - search.asp?category SQL Injection

CreaDirectory 1.2 - search.asp?category SQL Injection source: https://www.securityfocus.com/bid/21230/info Creascripts creadirectory is prone to multiple input-validation vulnerabilities, inculding SQL-injection issues and a cross-site scripting issue, because the application fails to sufficientl...

JiRos Link Manager 1.0 - openlink.asp?LinkID SQL Injection

JiRos Link Manager 1.0 - openlink.asp?LinkID SQL Injection source: https://www.securityfocus.com/bid/21226/info JiRos Links Manager is prone to multiple input-validation vulnerabilities, including SQL- and HTML-injection issues, because it fails to sufficiently sanitize user-supplied data...

Debian DSA-1210-1 : mozilla-firefox - several vulnerabilities

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function...

Grandora Rialto 1.6 - 'searchkey.asp' Multiple SQL Injections

source: https://www.securityfocus.com/bid/21191/info Grandora Rialto is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to steal...

Debian DSA-1206-1 : php4 - several vulnerabilities

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3353 Tim Starling discovered that missing...

Enthrallweb eClassifieds - 'dirSub.asp?sid' SQL Injection

source: https://www.securityfocus.com/bid/21192/info eClassifieds is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access ...

vSpin Classified System 2004 - search.asp?minprice Cross-Site Scripting

vSpin Classified System 2004 - search.asp?minprice Cross-Site Scripting source: https://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to...

Enthrallweb eClassifieds - 'ad.asp' Multiple SQL Injections

source: https://www.securityfocus.com/bid/21192/info eClassifieds is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access ...

Link CMS - 'navigacija.php?IDMeniGlavni' SQL Injection

source: https://www.securityfocus.com/bid/21464/info Link CMS is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to...

Active News Manager - 'catID' SQL Injection

source: https://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...

Texas Rankem - tournament_id SQL Injection

Texas Rankem - tournamentid SQL Injection source: https://www.securityfocus.com/bid/21168/info ClickTech Texas Rank'em is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow...

BestWebApp Dating Site Login Component - Multiple Field SQL Injections

BestWebApp Dating Site Login Component - Multiple Field SQL Injections source: https://www.securityfocus.com/bid/21158/info BestWebApp Dating Site is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently...

Digipass Go3不安全加密实现漏洞

Digipass GO3是一种非常轻巧和便于使用的双重认证装置，旨在向客户提供安全的一次性密码OTP。 Digipass Go3使用不安全的单密钥加密算法加密敏感数据，允许攻击者暴力猜测加密密钥，访问敏感信息。 Vasco Digipass Go3 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.vasco.com/ c 2006-2006 faypou a.k.a fc / include stdio.h include stdlib.h include ctype.h include time.h include...

CVE-2006-5910

CVE-2006-5910 involves multiple PHP remote file inclusion vulnerabilities in Campware Campsite prior to 20061110. The underlying flaw allows an attacker to cause remote code execution by supplying a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php ...

ASPIntranet 2.1 - Multiple SQL Injections

ASPIntranet 2.1 - Multiple SQL Injections source: https://www.securityfocus.com/bid/21105/info ASPIntranet is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...

SitesOutlet eCommerce Kit - Multiple SQL Injections

source: https://www.securityfocus.com/bid/21056/info SitesOutlet Ecommerce Kit is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the...