285 matches found
openSUSE Security Update : inn (openSUSE-SU-2012:1171-1)
fix starttls command injection issue CVE-2012-3523, bnc776967 - handle /var/run on tmpfs. bnc778439 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-600. The text description of...
SuSE 10 Security Update : inn (ZYPP Patch Number 8276)
A STARTTLS injection issue has been fixed in inn. CVE-2012-3523 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid62061;...
CVE-2012-2976
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue...
CVE-2012-2976
Symantec Web Gateway is affected by CVE-2012-2976: the management console in 5.0.x up to 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts (injection). Connected sources corroborate a remote command execution/Vulnerabilities in the SYM12...
CVE-2012-2976
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary shell commands via crafted input to application scripts, related to an "injection" issue...
Fedora 17 : moodle-2.2.3-1.fc17 (2012-8284)
CVE-2012-2353 MSA-12-0024: Hidden information access issue CVE-2012-2354 MSA-12-0025: Personal communication access issue CVE-2012-2355 MSA-12-0026: Quiz capability issue CVE-2012-2356 MSA-12-0027: Question bank capability issues CVE-2012-2357 MSA-12-0028: Insecure authentication issue...
CVE-2012-0319
The file-management system in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote authenticated users to execute arbitrary commands by leveraging the file-upload feature, related to an "OS Command Injection" issue...
New-CMS 1.08 - Multiple Local File Inclusion HTML Injection Vulnerabilities
New-CMS 1.08 - Multiple Local File Inclusion HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/38307/info New-CMS is prone to multiple local file-include vulnerabilities and an HTML-Injection vulnerability because it fails to properly sanitize user-supplied input. An attack...
CS-Cart 1.3.5 - Authentication Bypass
CS-Cart 1.3.5 - Authentication Bypass GulfTech Security Research September 02, 2008 Vendor : CS-Cart.com URL : http://www.cs-cart.com/ Version : CS-Cart = 1.3.5 Risk : SQL Injection Description: CS-Cart Cart is a full featured online ecommerce application written in php that allows users to build...
PHP Live Helper <= 2.0.1 Multiple Remote Vulnerabilities
No description provided by source. GulfTech Security Research August 16, 2008 Vendor : Turnkey Web Tools, Inc URL : http://www.turnkeywebtools.com Version : PHP Live Helper = 2.0.1 Risk : Multiple Vulnerabilities Description: PHP Live Helper is an online support system written in php that allows...
JSPWiki 2.5.139 - UserPreferences.jsp Multiple Cross-Site Scripting Vulnerabilities
JSPWiki 2.5.139 - UserPreferences.jsp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/25803/info JSPWiki is prone to multiple input-validation vulnerabilities, including multiple cross-site scripting issues and an HTML-injection issue, because the applicati...
Cross site scripting
Cross-site scripting XSS vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection...
CVE-2006-1720
Cross-site scripting XSS vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection...
CVE-2005-4262
Cross-site scripting XSS vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the 1 startrow and 2 catid parameter. NOTE: this issue might be resultant from the SQL injection problem CVE-2005-4263...
AzDGDatingPlatinum multiple vulnerabilities
ADZ Security Team =================== Info Program: AzDGDatingPlatinum Version: tested 1.1.0 Modules: view.php, members/index.php Bug type: SQL Injection, XSS Vendor site: http://www.azdg.com/ Vendor Informed: Yes =================== Bug Info SQL Injection: At module view.php I've found a logical...
WebHost Automation Helm Control Panel 3.1.x - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/11586/info Helm Control Panel is reported prone to multiple vulnerabilities. These include an SQL injection issue and an HTML injection vulnerability. A remote attacker can execute arbitrary HTML and script code in a user's browser. Manipulation of SQL...
Full path disclosure and sql injection on CubeCart 2.0.1
-------------------------------------------------------- Full path disclosure and sql injection on CubeCart 2.0.1 -------------------------------------------------------- 1Introduction 2The Problem 3The Solution 4Timeline 5Feddback 1Introduction "CubeCart is an eCommerce script written with PHP &...
PHP-Fusion Database Multiple Vulnerabilities
Binary data 2352.prm...
MyDms 1.4 - SQL Injection Directory Traversal
MyDms 1.4 - SQL Injection Directory Traversal source: https://www.securityfocus.com/bid/10996/info MyDMS is reportedly susceptible to both a directory traversal vulnerability and an SQL injection vulnerability. The SQL injection vulnerability is present because a script improperly sanitizes...
[Full-Disclosure] Bugtraq Security Systems XMAS Advisory 0001
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bugtraq Security Systems, Incorporated www.bugtraq.org Security Advisory Advisory Name: Command Injection Issue in Squirrelmail Release Date: 12/24/2003 Application: Squirrelmail Platform: Linux IA32 Linux sparc Linux sparc64 Linux hppa Linux ppc Linu...