CVE-2012-5211

Unspecified vulnerability in HP Intelligent Management Center iMC User Access Manager UAM before 5.2 E0402 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1643...

CVE-2012-5214

HP ServiceCenter 6.2.8 before 6.2.8.10 is affected by CVE-2012-5214, enabling remote attackers to obtain sensitive information, modify data, or cause DoS via unknown vectors. HP’s security bulletin HPSBMU02849/SSRT101124 rev.1 discloses affected platforms and provides 6.2.8.10 as the fix (and pat...

CVE-2012-5210

HP iMC TACACS+ Authentication Manager (TAM) tamServletDownload vulnerability (CVE-2012-5210) is a directory-traversal flaw disclosed by ZDI-CAN-1646, enabling remote attackers to read files readable by SYSTEM and potentially disclose credentials. The issue affects TAM add-in module prior to 5.2 E...

CVE-2013-0465

Unspecified vulnerability in the IBM WebSphere Cast Iron physical and virtual appliance 6.0 and 6.1 before 6.1.0.15 and 6.3 before 6.3.0.1, when LDAP authentication is enabled, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors...

CVE-2012-3286

Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors...

Code injection

Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors...

CVE-2012-3286

Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors...

CVE-2012-3280

Multiple unspecified vulnerabilities on HP NonStop Servers H06.x and J06.x allow remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via an OSS Remote Operation over an Expand connection...

iCart Pro - section SQL Injection

iCart Pro - section SQL Injection source: https://www.securityfocus.com/bid/57564/info iCart Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the...

PHPWeby Free Directory Script - 'contact.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/57561/info The PHPWeby Free directory script is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. A successful exploit may allow an attacker to compromise the application, access or modify data,...

CVE-2012-6298

Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors...

Code injection

Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors...

CVE-2012-6298

Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to execute arbitrary commands or modify data via unknown vectors...

CVE-2012-6298

CA IdentityMinder (r12.0 through CR16, r12.5 before SP15, and r12.6 GA) contains an unspecified vulnerability that could allow a remote attacker to execute arbitrary commands or modify data via unknown vectors. The issue is documented in the CA Security Notice CA20121220-01 and is addressed by pa...

CVE-2012-5968

The Huawei E585 device does not validate the status of admin sessions, which allows remote attackers to obtain sensitive user information and the session ID, and modify data, by leveraging access to the LAN network...

MyBB Transactions Plugin - 'transaction' SQL Injection

source: https://www.securityfocus.com/bid/57009/info The Transactions Plugin for MyBB is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access o...

WordPress Theme Nest - codigo SQL Injection

WordPress Theme Nest - codigo SQL Injection source: https://www.securityfocus.com/bid/56792/info The Nest theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue...

WordPress Theme CStar Design - id SQL Injection

WordPress Theme CStar Design - id SQL Injection source: https://www.securityfocus.com/bid/56694/info The CStar Design theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploi...

CVE-2012-3270

Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3269...

Design/Logic Flaw

Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, a different vulnerability than CVE-2012-3270...