1303 matches found
CVE-2010-4822
core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters...
Openconstructor CMS 3.12.0 - id Multiple SQL Injections
Openconstructor CMS 3.12.0 - id Multiple SQL Injections Title: Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list...
Openconstructor CMS 3.12.0 SQL Injection
Title: Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list http://esectorsolutions.com/about/whats-new/esector-news/detailed/?id=234 Description: Openconstructor...
Scientific Linux Security Update : perl-DBD-Pg on SL5.x i386/x86_64
A heap-based buffer overflow flaw was discovered in the pggetline function implementation. If the pggetline or getline functions read large, untrusted records from a database, it could cause an application using these functions to crash or, possibly, execute arbitrary code. CVE-2009-0663 Note:...
FreeBSD : rubygem-activerecord -- multiple vulnerabilities (748aa89f-d529-11e1-82ab-001fd0af1a4c)
rubygem-activerecord -- multiple vulernabilities Due to the way Active Record interprets parameters in combination with the way that Rack parses query parameters, it is possible for an attacker to issue unexpected database queries with 'IS NULL' where clauses. This issue does not let an attacker...
Wordpress Automatic Plugin v2.0.3 CSRF Exploit
Exploit for php platform in category web applications Title: ====== Wordpress Automatic Plugin v2.0.3 CSRF Exploit Date: ===== 2012-06-15 Website: =========== http://codecanyon.net/item/wordpress-automatic-plugin/1904470 Introduction: ============= Wordpress automatic plugin posts quality targete...
WordPress Automatic 2.0.3 Cross Site Request Forgery
Title: ====== Wordpress Automatic Plugin v2.0.3 CSRF Exploit Date: ===== 2012-06-15 Website: =========== http://codecanyon.net/item/wordpress-automatic-plugin/1904470 Introduction: ============= Wordpress automatic plugin posts quality targeted articles, Amazon Products, clickbank Products, Youtu...
Joomla Estate Agent Component 'id' Parameter SQL Injection Vulnerability
This host is running Joomla The Estate Agent component and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlacomestateagentsqlinjvuln.nasl 6022 2017-04-25 12:51:04Z teissa $ Joomla Estate Agent Component 'id' Parameter SQL Injection Vulnerability Authors: Madhuri D...
ArticleSetup - Multiple Persistence Cross-Site Scripting SQL Injections
ArticleSetup - Multiple Persistence Cross-Site Scripting SQL Injections Title : ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://www.articlesetup.com/ Advisory :...
ArticleSetup Multiple Persistence XSS / SQL Injection Vulnerabilities
Exploit for php platform in category web applications Title : ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities Overview: --------- ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities. Technical Description:...
ArticleSetup 1.11 Cross Site Scripting / SQL Injection
Title : ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://www.articlesetup.com/ Advisory : http://secpod.org/blog/?p=497 http://secpod.org/advisories/SecPodArticleSetupMultipleVuln.txt...
phpList 2.10.17 Cross Site Scripting / SQL Injection
phpList 2.10.17 Remote SQL Injection and XSS Vulnerability Vendor: phpList Ltd Product web page: http://www.phplist.com Affected version: 2.10.17 Summary: phplist is the world's most popular open source email campaign manager. phplist is free to download, install and use, and is easy to integrate...
phpList 2.10.17 Remote SQL Injection / XSS Vulnerability
Exploit for php platform in category web applications phpList 2.10.17 Remote SQL Injection and XSS Vulnerability Vendor: phpList Ltd Product web page: http://www.phplist.com Affected version: 2.10.17 Summary: phplist is the world's most popular open source email campaign manager. phplist is free ...
phpList 2.10.17 - SQL Injection / Cross-Site Scripting
phpList 2.10.17 Remote SQL Injection and XSS Vulnerability Vendor: phpList Ltd Product web page: http://www.phplist.com Affected version: 2.10.17 Summary: phplist is the world's most popular open source email campaign manager. phplist is free to download, install and use, and is easy to integrate...
Ubuntu Update for colord USN-1289-1
Ubuntu Update for Linux kernel vulnerabilities USN-1289-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12891.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for colord USN-1289-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...
Promise WebPAM v2.2.0.13 Multiple Remote Vulnerabilities
Summary WebPAM is a web based Promise Array Management Software that's easy-to use, designed to simplify RAID storage management. WebPAM is specifically designed for Promise HBA. WebPAM can configure, manage or monitor Promise RAID products remotely from a web browser from anywhere in the world...
VOXTRONIC Voxlog Professional 3.7.x - userlogdetail.php?idclient SQL Injection
VOXTRONIC Voxlog Professional 3.7.x - userlogdetail.php?idclient SQL Injection source: https://www.securityfocus.com/bid/52081/info VOXTRONIC Voxlog Professional is prone to a file-disclosure vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize...
Multiple vulnerabilities in LEPTON
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in LEPTON, which can be exploited to perform Local File Inclusion, Cross Site Scripting and SQL Injection attacks. 1 Local File Inclusion in LEPTON: CVE-2012-0998 Input passed via the "language" POST parameter to...
CVE-2011-4634
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...
[USN-1289-1] colord vulnerability
========================================================================== Ubuntu Security Notice USN-1289-1 December 07, 2011 colord vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...