580 matches found
BosDev BosDates 3.x SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9639/info An SQL injection vulnerability has been reported to affect BosDates calendar system. The issue arises due to insufficient sanitization of user supplied data. As a result of this issue an attacker could modify th...
cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attack...
Go Smart Inc GoSmart Message Board Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11361/info GoSmart Message Board is reported prone to multiple input validation vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting and SQL injection attacks. The cause of these iss...
Community Link Pro Login.CGI File Parameter Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14097/info Community Link Pro is prone to a remote arbitrary command execution vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. Due to this, an attacker can prefix arbitrar...
Uni-vert PhpLeague 0.82 Joueurs.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19880/info Uni-vert PhpLeague is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. This issue may allow an attacker to compromise the application, access or modify data,...
Iwebsns sql 第二枚。
简要描述: 过滤不严。 详细说明: 在action/users/userinfo.action.php中 $userid =getsessuserid; $model = shortcheckgetargg'model'; $birthyear = shortcheckgetargp'birthyear'; $birthmonth = shortcheckgetargp'birthmonth'; $birthday = shortcheckgetargp'birthday'; $residecity = shortcheckgetargp'residecity';...
Clix'N'Cash Clone 2010 - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/41202/info Clix'N'Cash Clone 2010 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access ...
Design/Logic Flaw
The ParamTraits::Read function in common/commonparamtraits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data,...
CVE-2010-0663
The ParamTraits::Read function in common/commonparamtraits.cc in Google Chrome before 4.0.249.78 does not initialize the memory locations that will hold bitmap data, which might allow remote attackers to obtain potentially sensitive information from process memory by providing insufficient data,...
Input validation
The Graphics Device Interface GDI in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, a...
PHPizabi 0.8 - notepad_body SQL Injection
PHPizabi 0.8 - notepadbody SQL Injection source: https://www.securityfocus.com/bid/34223/info PHPizabi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromi...
Silentum Uploader 1.4.0 - Remote File Deletion
Silentum Uploader 1.4.0 - Remote File Deletion Vendor: http://hypersilence.net Versions: Silentum Uploader 1.4.0 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/advisories.php?id=2 ---- Due to insufficient validation of client-si...
Quick Classifieds 1.0 - controlcenterupdate.php3?DOCUMENT_ROOT Remote File Inclusion
Quick Classifieds 1.0 - controlcenterupdate.php3?DOCUMENTROOT Remote File Inclusion source: https://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues...
PHP-Nuke Sections Module - artid SQL Injection
PHP-Nuke Sections Module - artid SQL Injection source: https://www.securityfocus.com/bid/27879/info The PHP-Nuke Sections module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could all...
XOOPS 'seminars' Module - 'id' SQL Injection
source: https://www.securityfocus.com/bid/27891/info The XOOPS 'seminars' module is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...
Particle Blogger 1.2.1 - 'Archives.php' SQL Injection
source: https://www.securityfocus.com/bid/24232/info Particle Blogger is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...
Viper Web Portal 0.1 - 'index.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/22979/info Viper Web Portal is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks ar...
Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/wordfilter.php?Admin' Remote File Inclusion
source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other...
Tagit! Tagit2b 2.1.B Build 2 - '/tagmin/index.php?adminpath' Remote File Inclusion
source: https://www.securityfocus.com/bid/22518/info TagIt! TagBoard is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other...
Magic Photo Storage Website - '/user/upload_photo.php?_config[site_path]' Remote File Inclusion
source: https://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying...