Electrolink FM/DAB/TV Transmitter (Login Cookie) Authentication Bypass

Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...

COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS

Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The application allows an unauthenticated attacker to change the configuration of the DVR arguments and/or cause denial-of-service scenario throug...

Cannonbolt Portfolio Manager v1.0 Stored XSS and SQL Injection Vulnerabilities

Summary Cannonbolt Portfolio Manager is a sleek and AJAX based PHP script to manage projects and showcase. Description The application suffers from a stored cross-site scripting and a SQL Injection vulnerability when input is passed to the 'cname' POST parameter in 'add-category.php' and 'cdel' G...

web@all CMS 2.0 (_order) SQL Injection Vulnerability

Summary web@all is a PHP content management system CMS. If you know about it,you nearly can use it to do anything. Description The application suffers from an SQL Injection vulnerability. Input passed via the GET parameter 'order' is not properly sanitised before being returned to the user or use...

Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities

Summary WebPAM is a web based Promise Array Management Software that's easy-to use, designed to simplify RAID storage management. WebPAM is specifically designed for Promise HBA. WebPAM can configure, manage or monitor Promise RAID products remotely from a web browser from anywhere in the world...

Family Connections CMS 2.3.2 (POST) Stored XSS And XML Injection

Summary Family Connections is an open source content management system. It makes creating a private, family website easy and fun. Description FCMS suffers from a stored XSS vulnerability post-auth in messageboard.php script thru the 'subject' post parameter. XML Inj. lies in the /inc/getChat.php...

Pointter PHP Content Management System 1.2 Multiple Vulnerabilities

Summary Pointter PHP Content Management System is an advanced, fast and user friendly CMS script that can be used to build simple websites or professional websites with product categorization, product blogs, member login and search modules. The webmaster can create unlimited static page boxes,...

GAzie 5.10 (Login parameter) Multiple Remote Vulnerabilities

Summary GAzie is a multi-company management program ERP that runs on Apache web server with support for PHP and Mysql database. Open Source web-based application for small and medium enterprises. Description GAzie is prone to a cross-site scripting and an SQL Injection vulnerability because it...

Exponent CMS v0.97 Multiple Vulnerabilities

Summary Open Source Content Management System PHP+MySQL. Description Exponent CMS suffers from multiple vulnerabilities: 1. Local File Inclusion / File Disclosure Vulnerability 2. Arbitrary File Upload / File Modify Vulnerability 3. Reflected Cross-Site Scripting Vulnerability 1 LFI/FD occurs whe...

Employee TimeClock Software 0.99 - SQL Injection

Employee TimeClock Software 0.99 - SQL Injection source: http://www.securityfocus.com/archive/1/509995 ====================================================================== Secunia Research 10/03/2010 - Employee Timeclock Software SQL Injection Vulnerabilities -...

[ECHO_ADV_103$2009] taifajobs <= 1.0 (jobid) Remote SQL Injection Vulnerability

ECHOADV103$2009 ----------------------------------------------------------------------------------------- ECHOADV103$2009 taifajobs = 1.0 jobid Remote SQL Injection Vulnerability ----------------------------------------------------------------------------------------- Author : K-159 Date :...

wpcomment-multi.txt

ChX Security | Advisory 3 | ========== - "WP Comment Remix 1.4.3 Multiple Vulnerabilities" Advisory URL: http://chxsecurity.org/advisories/adv-3-full.txt Date of last update: 2008-10-13 CVE Name: -- Vulnerability Information | ================== Software: WP Comment Remix Version: 1.4.3 From:...

[SA23537] SPINE Cross-Site Request Forgery Vulnerability

TITLE: SPINE Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA23537 VERIFY ADVISORY: http://secunia.com/advisories/23537/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: SPINE 1.x http://secunia.com/product/13145/ DESCRIPTION:...

[SA23319] Messageriescripthp SQL Injection and Cross-Site Scripting

TITLE: Messageriescripthp SQL Injection and Cross-Site Scripting SECUNIA ADVISORY ID: SA23319 VERIFY ADVISORY: http://secunia.com/advisories/23319/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: Messageriescripthp 2.x...

Secunia Research: IBM Lotus Notes Insecure Default FolderPermissions

====================================================================== Secunia Research 18/10/2006 - IBM Lotus Notes Insecure Default Folder Permissions - ====================================================================== Table of Contents Affected...

[SA22063] NixieAffiliate Multiple Vulnerabilities

TITLE: NixieAffiliate Multiple Vulnerabilities SECUNIA ADVISORY ID: SA22063 VERIFY ADVISORY: http://secunia.com/advisories/22063/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: NixieAffiliate 1.x...

[SA21789] PhpLeague "id_joueur" SQL Injection Vulnerability

TITLE: PhpLeague "idjoueur" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA21789 VERIFY ADVISORY: http://secunia.com/advisories/21789/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: PhpLeague 0.x http://secunia.com/product/11879/ DESCRIPTION: DrEiNsTeI...

[SA21633] Sun Solaris pkgadd Insecure File Permissions

TITLE: Sun Solaris pkgadd Insecure File Permissions SECUNIA ADVISORY ID: SA21633 VERIFY ADVISORY: http://secunia.com/advisories/21633/ CRITICAL: Less critical IMPACT: Manipulation of data, Privilege escalation WHERE: Local system OPERATING SYSTEM: Sun Solaris 10 http://secunia.com/product/4813/...

[SA21565] indexcity SQL Injection and Script Insertion Vulnerabilities

TITLE: indexcity SQL Injection and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA21565 VERIFY ADVISORY: http://secunia.com/advisories/21565/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: indexcity 1.x...

[SA20030] MultiCalendars "calsids" Parameter SQL Injection Vulnerability

TITLE: MultiCalendars "calsids" Parameter SQL Injection Vulnerability SECUNIA ADVISORY ID: SA20030 VERIFY ADVISORY: http://secunia.com/advisories/20030/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: MultiCalendars 3.x http://secunia.com/product/9842/...