93 matches found
Symantec Web Gateway upload_file Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec Web Gateway. Authentication is not required to exploit this vulnerability. The specific flaw exists because Symantec Web Gateway allows unauthenticated users to upload a file while...
CitrusDB 2.4.1 - Local File Inclusion / SQL Injection
source: https://www.securityfocus.com/bid/52946/info CitrusDB is prone to a local file-include vulnerability and an SQL-injection vulnerability. An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, an...
Maxs Guestbook 1.0 - Multiple Remote Vulnerabilities
Maxs Guestbook 1.0 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/52471/info Max's Guestbook is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser,...
Manx Multiple Cross Site Scripting and Directory Traversal Vulnerabilities
Manx is prone to multiple cross-site scripting and directory-traversal vulnerabilities because it fails to sufficiently sanitize user- supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
Manx 1.0.1 - '/admin/admin_blocks.php?Filename' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/50839/info Manx is prone to multiple cross-site scripting and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser...
Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/50839/info Manx is prone to multiple cross-site scripting and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser...
Manx 1.0.1 - '/admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/50839/info Manx is prone to multiple cross-site scripting and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser...
TA.CMS (TeachArabia) - 'lang' Traversal Local File Inclusion
source: https://www.securityfocus.com/bid/50773/info TA.CMS is prone to multiple local file-include and SQL-injection vulnerabilities. An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and view and...
TA.CMS (TeachArabia) - 'index.php?id' SQL Injection
source: https://www.securityfocus.com/bid/50773/info TA.CMS is prone to multiple local file-include and SQL-injection vulnerabilities. An attacker can exploit these issues to compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and view and...
RuubikCMS 'f' Parameter Information Disclosure Vulnerability
RuubikCMS is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attacker can exploit this issue to download local files in the context of the webserver process. This may allow the attacker to obtain sensitive information; other attack...
TinyWebGallery 1.8.4 - Local File Inclusion SQL Injection
TinyWebGallery 1.8.4 - Local File Inclusion SQL Injection source: https://www.securityfocus.com/bid/49393/info TinyWebGallery is prone to multiple local file-include and SQL-injection vulnerabilities. An attacker can exploit these issues to compromise the application, access or modify data, explo...
Calibre 0.7.34 - Cross-Site Scripting / Directory Traversal
source: https://www.securityfocus.com/bid/45532/info Calibre is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in t...
Splunk Cross Site Scripting and Directory Traversal Vulnerabilities
Splunk is prone to multiple cross-site scripting vulnerabilities and multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser of an unsuspecting user i...
Core FTP Server 1.0.343 - Directory Traversal
Core FTP Server 1.0.343 - Directory Traversal source: https://www.securityfocus.com/bid/40422/info Core FTP Server is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view...
Blog System 1.x - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/39406/info Blog System is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, SQL-injection, and cross-site-scripting issues. Exploiting these...
Accellion Secure File Transfer Appliance - Multiple Command Restriction Privilege Escalations
Accellion Secure File Transfer Appliance - Multiple Command Restriction Privilege Escalations source: https://www.securityfocus.com/bid/38176/info Accellion File Transfer Appliance is prone to multiple remote vulnerabilities, including: - Multiple privilege-escalation issues - A directory-travers...
Check Point Connectra R62 - '/Login/Login' Arbitrary Script Injection
source: https://www.securityfocus.com/bid/36466/info Check Point Connectra is prone to an arbitrary-script-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the context of the webserver...
phpCommunity2 Multiple Vulnerabilities (Mar 2009) - Active Check
phpCommunity2 is prone to multiple input validation vulnerabilities, including multiple directory traversal issues and SQL-injection issues, and a cross-site scripting issue. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...
MKPortal 1.2.1 - modulesblogindex.php Home Template Textarea SQL Injection
MKPortal 1.2.1 - modulesblogindex.php Home Template Textarea SQL Injection source: https://www.securityfocus.com/bid/33300/info MKPortal is prone to multiple security vulnerabilities, including SQL-injection, HTML-injection, cross-site scripting, arbitrary-file-upload, and...
Dokeos 1.8.4 - whoisonline.php?id SQL Injection
Dokeos 1.8.4 - whoisonline.php?id SQL Injection source: https://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue...