9133 matches found
DUclassified - 'detail.asp' SQL Injection
source: https://www.securityfocus.com/bid/17722/info DUclassified is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...
Design/Logic Flaw
Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as ...
Design/Logic Flaw
Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an...
Design/Logic Flaw
Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as a...
CVE-2006-2057
Argument injection vulnerability in Mozilla Firefox 1.0.6 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an...
CVE-2006-2055
Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as a...
CVE-2006-2058
Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as ...
CVE-2006-2056
Argument injection vulnerability in Internet Explorer 6 for Windows XP SP2 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " double quote characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary...
Cartweaver 2.16.11 - 'Results.cfm' SQL Injection
source: https://www.securityfocus.com/bid/17941/info Cartweaver ColdFusion is prone to SQL-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input before using it in SQL queries. Successful exploits could allow an attacker to compromis...
MKPortal 1.1 - Multiple Input Validation Vulnerabilities
MKPortal 1.1 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/17651/info MKPortal is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the...
MKPortal 1.1 - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/17651/info MKPortal is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful...
Change a user's password remotely
I would like to be able to change a user's password remotely. Suggested API and implementation as follows: codevoid changePasswordUser admin, String username, String password throws RemoteException, RemoteValidationException, RemotePermissionException;code code public void changePasswordUser admi...
aWebNews 1.2 - visview.php?_GET[cid] SQL Injection
aWebNews 1.2 - visview.php?GETcid SQL Injection source: https://www.securityfocus.com/bid/17352/info aWebBB is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to...
SoftBiz Image Gallery - 'suggest_image.php?cid' SQL Injection
source: https://www.securityfocus.com/bid/17339/info Softbiz Image Gallery is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacke...
SoftBiz Image Gallery - 'mage_desc.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/17339/info Softbiz Image Gallery is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacke...
O2PHP Oxygen 1.01.1 - post.php SQL Injection
O2PHP Oxygen 1.01.1 - post.php SQL Injection source: https://www.securityfocus.com/bid/17324/info Oxygen is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit cou...
PhxContacts 0.93 - contact_view.php?id_contact SQL Injection
PhxContacts 0.93 - contactview.php?idcontact SQL Injection source: https://www.securityfocus.com/bid/17306/info PhxContacts is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL...
OneOrZero 1.6.3 Helpdesk - index.php SQL Injection
OneOrZero 1.6.3 Helpdesk - index.php SQL Injection source: https://www.securityfocus.com/bid/17298/info OneOrZero Helpdesk is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...
Nuked-klaN 1.x - index.php SQL Injection
Nuked-klaN 1.x - index.php SQL Injection source: https://www.securityfocus.com/bid/17233/info Nuked-Klan is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit cou...
DSLogin 1.0 - 'index.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/17262/info DSLogin is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromis...