Cross site request forgery (csrf)

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...

CVE-2014-8244

Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remot...

WordPress Plugin Spider Facebook - 'facebook.php' SQL Injection

source: https://www.securityfocus.com/bid/69675/info Spider Facebook plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

Authentication flaw

Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors...

CVE-2014-5285

CVE-2014-5285 affects the Authentication Module of TIBCO Spotfire Server prior to specific versions: 4.5.2, 5.0.x prior to 5.0.3, 5.5.x prior to 5.5.2, 6.0.x prior to 6.0.3, and 6.5.x prior to 6.5.1. The issue is described as an unspecified flaw in the Authentication Module that enables remote at...

CVE-2014-5285

Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors...

WordPress Malmonation Theme - SQL Injection

This WordPress Malmonation theme is prone to an SQL injection via "debate.php" file in "id" parameter. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the theme...

WordPress Daily Edition Theme <= 1.6.2 - SQL Injection

This theme is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the theme...

WordPress Plugin FB Gorilla - &#039;game_play.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/69222/info FB Gorilla plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent...

CVE-2014-2622

Unspecified vulnerability in HP Intelligent Management Center iMC before 7.0 E02020P03 and Branch Intelligent Management System BIMS before 7.0 E0201P02 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors, aka ZDI-CAN-2312...

Code injection

Unspecified vulnerability in HP Intelligent Management Center iMC before 7.0 E02020P03 and Branch Intelligent Management System BIMS before 7.0 E0201P02 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors, aka ZDI-CAN-2312...

xClassified - ads.php SQL Injection

xClassified - ads.php SQL Injection source: https://www.securityfocus.com/bid/68438/info xClassified is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

xClassified - &#039;ads.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/68438/info xClassified is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

Enthrallweb eHomes homeDetail.asp AD_ID Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21193/info eHome is prone to multiple input-validation vulnerabilities, including cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploi...

K Web CMS 'sayfala.asp' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30745/info K Web CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

Unique Ads Banner.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22164/info Unique Ads is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

Logaholic profiles.php newconfname Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27003/info Logaholic is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues, a cross-site scripting issue, and an HTML-injection issue. The issues occur because the application fail...

Calendar Express 2.2 Month.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18314/info Calendar Express is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit coul...

AdMan 1.0.20051221 ViewStatement.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17208/info AdMan is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an...

ASP-DEV XM Events Diary 'cat' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/32809/info ASP-DEV XM Events Diary is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...