74 matches found
CVE-2014-6926
The Allt om Brollop aka com.paperton.wl.alltombrollop application 1.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-6926
The CVE-2014-6926 entry involves the Android app Allt om Brollop (package com.paperton.wl.alltombrollop) at version 1.53, where SSL/TLS connections do not verify X.509 certificates. This root cause enables potential man‑in‑the‑middle (MITM) attacks, allowing an attacker to spoof servers and acces...
CVE-2014-6926
The Allt om Brollop aka com.paperton.wl.alltombrollop application 1.53 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-4250
CVE-2014-4250 affects Oracle Siebel CRM 8.1.1 and 8.2.2, specifically the Siebel Core – Server OM Frwks component. The vulnerability is described as an unspecified issue that could allow remote authenticated users to affect confidentiality via unknown vectors related to Object Manager. The connec...
CVE-2012-6065
The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553...
Code injection
The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the 1 Menu Title 2 Link Title, 3 Path...
CVE-2012-6065
The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553...
CVE-2012-5553
CVE-2012-5553 relates to multiple XSS vulnerabilities in the Drupal OM Maximenu module. Affected software: OM Maximenu 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44. The issue arises when authenticated users with the "administer OM Maximenu" permission can inject arbitrary web script or HTM...
CVE-2012-6065
The CVE-2012-6065 vulnerability affects the Drupal OM Maximenu module (6.x-1.43 and earlier). When the “Title has PHP” option is enabled, remote authenticated users with the "Administer OM Maximenu" permission can trigger execution of arbitrary PHP code via a Link Title. This is a distinct issue ...
SA-CONTRIB-2012-160 - OM Maximenu - Cross Site Scripting (XSS)
This module enables you to create custom menus with effects and integrate module blocks as it's menu item content. The module doesn't sufficiently state the risk of giving permission to create OM Maximenus. This vulnerability is mitigated by the fact that an attacker must have a role with the...
Enform / Thecaryard SQL Injection
. . . | |/ |\ | \ ..\ | | //||| /\ | / \ / | | /\ | / / / / / / // / / Title : Site Designed enform Powered by thecaryard Multiple SQL Injection Vulnerabilities Vendor/Software : www.enform.co.nz & www.thecaryard.co.nz Author : kebumen cyber J feat R Contact : [email protected]...
Centralia SQL Injection
Exploit : Centralia Sql Injenction Date : 16 July 2011 Author : Netrondoank Version : n/a Googel DorK : inurl:showcat.asp?id= Home : www.indotek.or.id Email: [email protected] + Exploit 1 Centralia showcat.asp?/display.asp? Sql Injenction - http://site/showcat.asp?id=sqli -...
CVE-2010-3533
CVE-2010-3533 affects PeopleSoft Enterprise SCM OM and CRM Order Capture (Oracle PeopleSoft/JD Edwards), specifically in PeopleSoft versions 8.9, 9.0 and 9.1. The initial description identifies an unspecified vulnerability that allows remote authenticated users to compromise confidentiality and i...