Aceboard forum, SQL injection

Aceboard is prone to a sql injection vulnerability because it fails to properly sanitize user-supplied input into Recherche.php form. An attacker can exploit this issue to modify initial query and reveal information from mysql databse. see u, karmaguedon...

WSPortal 1.0 - 'content.php' SQL Injection

source: https://www.securityfocus.com/bid/24513/info WSPortal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...

CVE-2007-1369

inimodifier sgid-zendtech in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this...

CVE-2007-1369

inimodifier sgid-zendtech in Zend Platform 2.2.3 and earlier allows local users to modify the system php.ini file by editing a copy of php.ini file using the -f parameter, and then performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and linking this...

CVE-2007-0516

Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-0516

Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information...

Code injection

Unspecified vulnerability in easy-content filemanager allows remote attackers to upload or modify arbitrary files via unspecified vectors...

Coppermine Photo Gallery 1.4.11 - SQL Injection

source: https://www.securityfocus.com/bid/21894/info Coppermine Photo Gallery is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

CVE-2006-6743

phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to 1 users/include/domakeprofile.inc.php and 2 users/include/copy.inc.php...

CVE-2006-6431

Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors...

Yener Haber Script 1.0/2.0 - SQL Injection

source: https://www.securityfocus.com/bid/20333/info Yener Haber Script is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromis...

CubeCart 3.0.x - 'view_order.php?order_id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of...

Bypassing the system“Group Policy”restrictions! - Vulnerability warning-the black bar safety net

In a system, since the system applied the Group Policy“only allow a license to run the program”of the limiting function, so that unauthorized programs cannot run, the pop-up message: this operation due to this computer restrictions and be cancelled. Please contact your system administrator. Next ...

CVE-2006-3227

Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, whi...

MyBulletinBoard (MyBB) 1.0.x1.1.x - usercp.php SQL Injection

MyBulletinBoard MyBB 1.0.x1.1.x - usercp.php SQL Injection source: https://www.securityfocus.com/bid/18602/info MyBulletinBoard is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...

CVE-2006-2743

Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with modmime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory...

Code injection

Secure Elements Class 5 AVR aka C5 EVM client and server before 2.8.1 do not verify the integrity of a message digest, which allows remote attackers to modify and replay messages...

CVE-2006-1174

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the...

The dvbbs7. 1 sp1 latest savepost. asp vulnerability research and use-vulnerability and early warning-the black bar safety net

Article author: Eolian prodigal son Information source: evil octal information security team www.eviloctal.com） Moving network ForumDVBBS 7.1.0 SP1Savepost. asp there is a serious vulnerability 1 0-May-0 6 Found:Bug. Center. Team Severity: serious Vendor name: dynamic network ForumDVBBS Program...

CVE-2006-2224

RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets...