TCExam 11.2.x - admincodetce_edit_question.php?subject_module_id SQL Injection

TCExam 11.2.x - admincodetceeditquestion.php?subjectmoduleid SQL Injection source: https://www.securityfocus.com/bid/54861/info TCExam is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A...

TCExam 11.2.x - admincodetce_edit_answer.php Multiple SQL Injections

TCExam 11.2.x - admincodetceeditanswer.php Multiple SQL Injections source: https://www.securityfocus.com/bid/54861/info TCExam is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful...

TCExam 11.2.x - '/admin/code/tce_edit_answer.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/54861/info TCExam is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access...

TCExam 11.2.x - '/admin/code/tce_edit_question.php?subject_module_id' SQL Injection

source: https://www.securityfocus.com/bid/54861/info TCExam is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access...

Zoho BugTracker Multiple Stored XSS Vulnerabilities

Summary Zoho Bug Tracker is an online bug tracking software that combines a clean and an intuitive interface to submit and track bugs with custom workflows, business rules, custom fields and filters for the bugs that software projects are bound to generate and fix all bugs fast. Description The B...

VideoLAN VLC Media Player 2.0.2 - '.3gp' File Divide-by-Zero Denial of Service

source: https://www.securityfocus.com/bid/54791/info VLC Media Player is prone to a denial-of-service vulnerability. Successful exploits may allow attackers to crash the affected application, denying service to legitimate users. VLC Media Player 2.0.2 is vulnerable; other versions may also be...

Scrutinizer 9.0.1.19899 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/54725/info Scrutinizer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in th...

Symantec Web Gateway Remote Shell Command Execution Vulnerability

Symantec Web Gateway is prone to a vulnerability that can allow an attacker to execute arbitrary commands. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Serendipity 'functions_trackbacks.inc.php' SQLi Vulnerability - Active Check

Serendipity is prone to an SQL injection SQLi vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Atmail WebAdmin and Webmail Control Panel SQL Root Password Disclosure

Atmail WebAdmin and Webmail Control Panel suffers from a SQL root password disclosure vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

MyMp3 Player Stack .m3u DEP Bypass Exploit

Exploit for windows platform in category local exploits ''' Title: MyMp3-Player '.m3u' Stack BOF Bypass DEP Author: Daniel Romero Perez @danielrome Software & Version: MyMp3-Player 3.02.067 Tested on: Windows XP SP3 - ES Mail: email protected Blog: unlearningsecurity.blogspot.com Advisor:...

ALLMediaServer Request Handling Buffer Overflow Vulnerability

ALLMediaServer is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Vivotek Network Cameras Information Disclosure Vulnerability - Active Check

Vivotek Network Cameras are prone to an information disclosure vulnerability. Copyright C 2012 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program i...

Elite Bulletin Board - Multiple SQL Injections

Elite Bulletin Board - Multiple SQL Injections source: https://www.securityfocus.com/bid/54452/info Elite Bulletin Board is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit...

WordPress Plugin PHPFreeChat - 'url' Cross-Site Scripting

source: https://www.securityfocus.com/bid/54332/info PHPFreeChat is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

plow - '.plowrc' File Buffer Overflow

source: https://www.securityfocus.com/bid/54290/info plow is prone to a buffer-overflow vulnerability. Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. plow 0.0.5 and prior are vulnerable. perl -...

Log1 CMS <= 2.0 PHP Code Injection Vulnerability - Active Check

Log1 CMS is prone to a remote PHP code injection vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Edimax IC-3030iWn Web Admin Auth Bypass exploit

Exploit for hardware platform in category web applications This exploit against: - Edimax IC-3030i - Edimax IC-3015 - Airlive WN 500 !/usr/bin/env python """ Exploit Title: Edimax IC-3030iWn Web Admin Auth Bypass exploit Date: 4 April 2012 Exploit Author: email protected, @y3dips URL:...

Joomla! Component mod_artuploader - upload.php Arbitrary File Upload

Joomla! Component modartuploader - upload.php Arbitrary File Upload source: https://www.securityfocus.com/bid/53969/info The Art Uploader component for Joomla! is prone to a vulnerability that lets attackers upload arbitrary files because the application fails to adequately sanitize user-supplied...

Microsoft Wordpad '.doc'文件空指针引用拒绝服务漏洞

Microsoft Wordpad是windows系统中自带的写字板程序。 Microsoft Wordpad不正确处理'.doc'文件，可触发空指针引用，攻击者可以构建恶意文件，诱使用户解析使应用程序崩溃。 0 Microsoft WordPad 5.1 厂商解决方案 目前没有详细解决方案提供： http://www.microsoft.com/ http://www.securityfocus.com/data/vulnerabilities/exploits/53751.zip...