CVE-2013-4729

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request...

CVE-2013-4729

CVE-2013-4729 affects phpMyAdmin 4.x before 4.0.4.1. The import.php script does not properly restrict input data, allowing remote authenticated users to modify the GLOBALS superglobal and thereby change configuration via a crafted request. The NVD entry assigns CVSSv2 5.5 (AV:N/AC:L/Au:S/C:N/I:P/...

CVE-2013-4729

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request...

Mandriva Linux Security Advisory : curl (MDVSA-2013:180)

A vulnerability has been discovered and corrected in curl : libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL encoded strings to raw binary data. URL encoded octets are represented with %HH combinations...

FreeBSD : cURL library -- heap corruption in curl_easy_unescape (01cf67b3-dc3b-11e2-a6cd-c48508086173)

cURL developers report : libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curleasyunescape decodes URL-encoded strings to raw binary data. URL-encoded octets are represented with %HH combinations where HH is a two-digit hexadecimal...

PHP 5.3.x < 5.3.14 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is 5.3.x earlier than 5.3.14, and is, therefore, potentially affected the following vulnerabilities : - An integer overflow error exists in the function 'pharparsetarfile' in the file 'ext/phar/tar.c'. This error can lead to...

Joomla! Component JA T3 Framework - Directory Traversal

Joomla! Component JA T3 Framework - Directory Traversal source: https://www.securityfocus.com/bid/53039/info The JA T3 Framework component for Joomla! is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow...

eFront 3.6.10 - &#039;download&#039; Directory Traversal

source: https://www.securityfocus.com/bid/51302/info eFront is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Successfully exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks...

Open Redirect Weakness in MBoard

High-Tech Bridge SA Security Research Lab has discovered weakness in MBoard which could be exploited to perform phishing attacks. 1 Open redirect weakness in MBoard The weakness exists due to insufficient validation of the input data in the "url" parameter in go.php when redirecting users to...

IceWarp install/index.html lang Parameter XSS

The remote web server hosts a PHP script that is susceptible to a cross-site scripting attack. The script 'install/index.html' does not properly sanitize input data to the 'lang' parameter before including it in HTML generated dynamically. As a result of this vulnerability, it is possible for a...

CVE-2010-4196

The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors...

CVE-2011-0270

Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name...

Blog System 1.5 - Multiple Vulnerabilities

Blog System 1.5 - Multiple Vulnerabilities Exploit Title: Blog System | www.DigitalWhisper.co.il Software Link: http://www.netartmedia.net/blogsystem/ | http://www.netartmedia.net/blogsystem/demo.html Version: = 1.5 Tested on: PHP Cross Site Scripting Cross-Site Scripting attacks are a type of...

vBulletin 2.3.x - SQL Injection

vBulletin 2.3.x - SQL Injection Title: vbulletin Vulnerability versions 2.3 . - SQL injection. Author: Discovered by ROOTEGY Version: vBulletin Version 2.3 =========================================================== www.sec-war.com ===========================================================...

CVE-2010-0409

Buffer overflow in the GMIMEUUENCODELEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via input data for a uuencode operation...

Invision Power Board 2.3.6/3.0.4 - Local File Inclusion / SQL Injection

============================================= - Severity: Moderately High ============================================= I. VULNERABILITY ------------------------- Invision Power Board = 3.0.4 Local PHP File Inclusion and SQL Injection Invision Power Board = 2.3.6 SQL Injection II. BACKGROUND...

Claroline 'notfound.php' Cross-Site Scripting Vulnerability

The host is running Claroline and is prone to SQL Injection Vulnerability. OpenVAS Vulnerability Test $Id: gbclarolinexssvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ Claroline 'notfound.php' Cross-Site Scripting Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone Networks Gmb...

Openfire 3.6.2 - &#039;user-properties.jsp&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/32938/info Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Dreamcost HostAdmin 3.1 - &#039;index.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/31538/info Dreamcost HostAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user...

Datafeed Studio 1.6.2 - &#039;search.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/30660/info Datafeed Studio is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...