CVE-2010-4257

CVE-2010-4257 is a SQL injection in WordPress up to version 3.0.2 affecting the do_trackbacks function in wp-includes/comment.php. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field due to improper input sanitization. Related adviso...

Design/Logic Flaw

Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action...

CVE-2010-3831

Photos in Apple iOS before 4.2 enables support for HTTP Basic Authentication over an unencrypted connection, which allows man-in-the-middle attackers to read MobileMe account passwords by spoofing a MobileMe Gallery server during a "Send to MobileMe" action...

kernel: RDS sockets local privilege escalation

The rdspagecopyuser function in net/rds/page.c in the Reliable Datagram Sockets RDS protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the sendmsg and recvmsg syste...

CVE-2010-3457

Multiple cross-site scripting XSS vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 fieldswebsite parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or 2 send-emailrecipient parameter to...

Sql injection

SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-emailrecipient parameter to about/. NOTE: some of these details are obtained from third party information...

CVE-2010-3458

CVE-2010-3458 describes a SQL injection in Symphony CMS (versions 2.0.7 and 2.1.1) where remote attackers could execute arbitrary SQL via the send-email[recipient] parameter to about/. The OpenVAS entry also notes a broader set of vulnerabilities for Symphony

Cross-site Request Forgery (CSRF) Vulnerabilities in Amiro.CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Amiro.CMS which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in Amiro.CMS 1.1 The vulnerability exists due to insufficient validation of the request origin i...

CVE-2010-1568

The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to obtain cleartext contents of e-mail messages that were intended to be encrypted, aka bug 65623...

CVE-2010-1568

The Send Secure functionality in the Cisco IronPort Desktop Flag Plug-in for Outlook before 6.5.0-006 does not properly handle simultaneously composed messages, which might allow remote attackers to obtain cleartext contents of e-mail messages that were intended to be encrypted, aka bug 65623...

CVE-2010-1558

Unspecified vulnerability in HP Multifunction Peripheral MFP Digital Sending Software before 4.18.3 allows local users to bypass intended restrictions on the MFP "Send to e-mail" feature, and obtain sensitive information, via unknown vectors...

SafeSHOP 1.5.6 - Cross-Site Scripting Multiple Cross-Site Request Forgery Vulnerabilities

SafeSHOP 1.5.6 - Cross-Site Scripting Multiple Cross-Site Request Forgery Vulnerabilities Exploit Title: SafeSHOP | www.DigitalWhisper.co.il Software Link: safeshop.co.il Version: = 1.5.6 Tested on: ASP Cross Site Scripting Cross-Site Scripting attacks are a type of injection problem, in which...

SafeSHOP 1.5.6 Cross Site Request Forgery / Cross Site Scripting / SQL Injection

Exploit Title: SafeSHOP | www.DigitalWhisper.co.il Software Link: safeshop.co.il Version: = 1.5.6 Tested on: ASP Cross Site Scripting Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site...

SafeSHOP 1.5.6 - Cross-Site Scripting / Multiple Cross-Site Request Forgery Vulnerabilities

Exploit Title: SafeSHOP | www.DigitalWhisper.co.il Software Link: safeshop.co.il Version: = 1.5.6 Tested on: ASP Cross Site Scripting Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site...

Insky CMS 006-0111 - Multiple Remote File Inclusions

\|/// \ - - // @ @ ----oOOo---oOOo-------------------------------------------------- Insky CMS v006-0111 Multiple Remote File Include Vulnerability Script: http://code.google.com/p/insky/downloads/list Author: mat Mail: [email protected]...

DEBIAN-CVE-2010-0726

Cross-site scripting XSS vulnerability in the tb-send.rb TrackBack transmission plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the 1 plugintburl and 2 plugintbexcerpt parameters...

Oracle Database - Remote Listener Memory Corruption

Oracle Database - Remote Listener Memory Corruption source: https://www.securityfocus.com/bid/37728/info Oracle Database is prone to a remote memory-corruption vulnerability in Listener. The vulnerability can be exploited over the 'Oracle Net' protocol. An attacker does not require privileges to...

DEBIAN-CVE-2009-4499

SQL injection vulnerability in the gethistorylastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the sendhistorylastid function in zabbixserver/trapper/nodehistory.c...

Recipe Script v5.0 Shell Upload/XSRF/XSS Multiple Vulnerabilities

Exploit for unknown platform in category web applications ================================================================= Recipe Script v5.0 Shell Upload/XSRF/XSS Multiple Vulnerabilities =================================================================...

Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities

Ez Cart 1.0 - Multiple Cross-Site Request Forgery Vulnerabilities ----------------------------------------------------------------------------------------------- Title: Ez Cart Multiple XSRF Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 15. December 2009...