Grandora Rialto 1.6 - 'searchkey.asp' Multiple SQL Injections

source: https://www.securityfocus.com/bid/21191/info Grandora Rialto is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to steal...

Debian DSA-1210-1 : mozilla-firefox - several vulnerabilities

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function...

Debian DSA-1206-1 : php4 - several vulnerabilities

Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3353 Tim Starling discovered that missing...

Link CMS - 'navigacija.php?IDMeniGlavni' SQL Injection

source: https://www.securityfocus.com/bid/21464/info Link CMS is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to...

Texas Rankem - tournament_id SQL Injection

Texas Rankem - tournamentid SQL Injection source: https://www.securityfocus.com/bid/21168/info ClickTech Texas Rank'em is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow...

Active News Manager - 'catID' SQL Injection

source: https://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an...

BestWebApp Dating Site Login Component - Multiple Field SQL Injections

BestWebApp Dating Site Login Component - Multiple Field SQL Injections source: https://www.securityfocus.com/bid/21158/info BestWebApp Dating Site is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently...

Digipass Go3不安全加密实现漏洞

Digipass GO3是一种非常轻巧和便于使用的双重认证装置，旨在向客户提供安全的一次性密码OTP。 Digipass Go3使用不安全的单密钥加密算法加密敏感数据，允许攻击者暴力猜测加密密钥，访问敏感信息。 Vasco Digipass Go3 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.vasco.com/ c 2006-2006 faypou a.k.a fc / include stdio.h include stdlib.h include ctype.h include time.h include...

CVE-2006-5910

CVE-2006-5910 involves multiple PHP remote file inclusion vulnerabilities in Campware Campsite prior to 20061110. The underlying flaw allows an attacker to cause remote code execution by supplying a URL in the g_documentRoot parameter to (1) bugreporter/thankyou.php and (2) feedback/thankyou.php ...

ASPIntranet 2.1 - Multiple SQL Injections

ASPIntranet 2.1 - Multiple SQL Injections source: https://www.securityfocus.com/bid/21105/info ASPIntranet is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...

SitesOutlet eCommerce Kit - Multiple SQL Injections

source: https://www.securityfocus.com/bid/21056/info SitesOutlet Ecommerce Kit is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the...

Car Site Manager - csmasplistings.asp Multiple Cross-Site Scripting Vulnerabilities

Car Site Manager - csmasplistings.asp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/21066/info Car Site Manager is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data...

Evolve Merchant - viewcart.asp SQL Injection

Evolve Merchant - viewcart.asp SQL Injection source: https://www.securityfocus.com/bid/21070/info Evolve Merchant is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...

Digipass Go3 tokens weak encryption

Weakened implementation of 3DES is used...

MGinternet Property Site Manager - 'detail.asp?p' SQL Injection

source: https://www.securityfocus.com/bid/21073/info MGinternet Property Site Manager is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could exploit these issu...

Pilot Cart 7.2 - 'Pilot.asp' SQL Injection

source: https://www.securityfocus.com/bid/21065/info Pilot Cart is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...

MGinternet Property Site Manager - 'admin_login.asp' Multiple SQL Injections

source: https://www.securityfocus.com/bid/21073/info MGinternet Property Site Manager is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because it fails to sufficiently sanitize user-supplied input. An attacker could exploit these issu...

INFINICART - browse_group.asp?groupid SQL Injection

INFINICART - browsegroup.asp?groupid SQL Injection source: https://www.securityfocus.com/bid/21043/info Infinicart is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A...

Bitweaver 1.x - fisheyelist_galleries.php?sort_mode SQL Injection

Bitweaver 1.x - fisheyelistgalleries.php?sortmode SQL Injection source: https://www.securityfocus.com/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could...

bitweaver 1.x - '/newsletters/edition.php?tk' SQL Injection

source: https://www.securityfocus.com/bid/20988/info Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include multiple HTML-injection issues and multiple SQL-injection issues. A successful...