712 matches found
CVE-2008-1246
The Cisco PIX/ASA Finesse Operation System 7.1 and 7.2 allows local users to gain privileges by entering characters at the enable prompt, erasing these characters via the Backspace key, and then holding down the Backspace key for one second after erasing the final character. NOTE: third parties,...
Unfixed XSS vulnerability at www.creativelearningpress.com
Security researcher skathgh420, has submitted on 02/07/2008 a cross-site-scripting XSS vulnerability affecting www.creativelearningpress.com, which at the time of submission ranked 10704379 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...
Ray Chi, a press release management system v3. 0 vulnerability is very simple. - Vulnerability warning-the black bar safety net
Ray Chi, a press release management system v3. 0 vulnerability is very simple. I just watched the two most direct vulnerability. Transferred from:bct The first is to get the Administrator's password and username. it. In the http://127.0.0.1/otype. asp? owen1=sports news Plus following a period of...
Mozilla Firefox focus spoofing
It's possible to spoof the focus of key press events...
CVE-2007-2554
Associated Press AP Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript...
CVE-2007-2554
Associated Press AP Newspower 4.0.1 and earlier uses a default blank password for the MySQL root account, which allows remote attackers to insert or modify news articles via shows.tblscript...
Word Press Sensitive Directory exposure (SQL)
Found By: r00tati Web App: Word Press Versions: unknown Level: low File Name: admin-functions.php //SQL EXAMPLE ERROR: Fatal error: Call to undefined function in /usr/local/www//data/wp-admin/admin-functions.php on line 1593 Thanks, r00t...
CVE-2006-3485
Multiple SQL injection vulnerabilities in AstroDog Press Some Chess 1.5-RC2 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the gameID parameter in board.php...
CVE-2006-3485
CVE-2006-3485 affects AstroDog Press Some Chess 1.5-RC2 and earlier. The vulnerability is a SQL injection in unspecified vectors, with potential involvement of the gameID parameter in board.php, allowing remote attackers to execute arbitrary SQL commands. Documents do not specify concrete exploit...
CVE-2006-3485
Multiple SQL injection vulnerabilities in AstroDog Press Some Chess 1.5-RC2 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the gameID parameter in board.php...
Sql injection
Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the 1 PressReleaseID parameter in press/details.asp, 2 ServiceID parameter in services/details.asp, and 3 ProductID parameter in products/details.asp...
WordPress 2.x < 2.6 'press-this.php' XSS
Binary data 4587.prm...