472 matches found
Arbitrary File Upload Vulnerability in Panavision OA System
Panavision OA Office System is a coordination office software. A SQL injection vulnerability exists in Panmicro OA Office System, which can be exploited by an attacker to obtain sensitive information from a website database...
TCCMSV9.0 Latest Version SQL Injection Vulnerability
TCCMS is a content management system. TCCMSV9.0 has multiple SQL injection vulnerabilities in app/controller/news.class.php, which can be exploited by attackers to either obtain sensitive database information...
Information disclosure
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors...
CVE-2015-0200
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors...
Authentication flaw
IBM Tivoli Application Dependency Discovery Manager TADDM 7.2.0.0 through 7.2.0.10, 7.2.1.0 through 7.2.1.6, and 7.2.2.0 through 7.2.2.2 does not require TADDM authentication for rptdesign downloads, which allows remote authenticated users to obtain sensitive database information via a crafted UR...
IPBProArcade 2.5 - Remote SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11719/info A remote SQL injection vulnerability reportedly affects ipbProArcade. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacke...
[Full-disclosure] [DSF-02-2009] - Zoki Catalog SQL Injection
Ref. DSF-02-2009 - Zoki Catalog SQL Injection Vendor: Zoki Soft www.zokisoft.com Status: Patched by vendor Original advisory: http://www.davidsopas.com/2009/06/15/zoki-catalog-sql-injection/ Zoki Catalog Smart Catalog is unique and convenient software. It is designed for many purposes whether you...
CVE-2008-1880
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISCPASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password...
Default configuration
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISCPASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password...
CVE-2008-1880
The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISCPASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password...
IPBProArcade 2.5 - SQL Injection
source: https://www.securityfocus.com/bid/11719/info A remote SQL injection vulnerability reportedly affects ipbProArcade. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacker may leverage this issue to...
Voxel Dot Net CBms 0.x - Multiple Code Injection Vulnerabilities
Voxel Dot Net CBms 0.x - Multiple Code Injection Vulnerabilities source: https://www.securityfocus.com/bid/4957/info It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute...