|
21307
|
Views: 601
Description:
OvBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the thread.php script not properly sanitizing user-supplied input to the 'threadid' variable. Followup research along with vendor dispute indicates this issue can not be used to manipulate SQL queries. It is believed that non-numeric input may cause an SQL error giving the appearance of injection capability.
Comments: 0, Blogs: 0, References: 5
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| - Input Manipulation
- Information Disclosure
| - Loss of Integrity
- Loss of Confidentiality
| | | | |
|
OvBB thread.php threadid Parameter SQL Injection
|
|
18293
|
Views: 328
Description:
By default, many of Belkin wireless routers using a default ssid of "belkin54g" are preconfigured with a default password. The "admin" account has a null password which is publicly known and documented. This allows attackers to trivially access the program or system.
Comments: 1, Blogs: 0, References: 5
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| - Authentication Management
| | | | | |
|
Belkin 54G Routers Admin Account Default Null Password
|
|
18686
|
Views: 223
Description:
FreznoShop contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'product_details.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.
Comments: 0, Blogs: 0, References: 3
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| - Input Manipulation
- Information Disclosure
| - Loss of Integrity
- Loss of Confidentiality
| | | | |
|
FreznoShop product_details.php id Parameter SQL Injection
|
|
28364
|
Views: 176
Description:
Cybozu Garoon contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the phonemessage Facility not properly sanitizing user-supplied input to the 'uid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
Comments: 0, Blogs: 0, References: 14
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| - Input Manipulation
- Information Disclosure
| - Loss of Integrity
- Loss of Confidentiality
| | | | |
|
Cybozu Garoon phonemessage Facility uid Parameter SQL Injection
|
|
66387
|
Views: 167
Description:
Windows contains a flaw that may allow an attacker to execute arbitrary code. The issue is triggered by a specially crafted LNK which contains an icon resource that points to a malicious DLL file.
Comments: 0, Blogs: 1, References: 21
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Local / Remote
- Context Dependent
| | | | - Exploit Private
- Exploit Public
- Exploit Commercial
| - Discovered in the Wild
- Vendor Verified
- Uncoordinated Disclosure
| |
|
Microsoft Windows Shell LNK File Parsing Arbitrary Command Execution
|
|
382
|
Views: 157
Description:
By default, PostgresSQL installs without a default password for the postgres user account. This username and password combination is publicly known and documented. This allows attackers to trivially access the program or system with administrative priveleges.
Comments: 0, Blogs: 0, References: 19
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
- Remote / Network Access
- Local Access Required
| - Authentication Management
| - Loss of Confidentiality
- Loss of Integrity
- Loss of Availability
| | | | |
|
PostgreSQL Server Default Password
|
|
63031
|
Views: 129
Description:
CKForms Component for Joomla! contains a flaw that may allow a remote attacker to disclose potentially sensitive information. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../)and URL-encoded NULL bytes, supplied to the 'controller' parameter (when "option" is set to "com_ckforms"). This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
Comments: 0, Blogs: 0, References: 5
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
CKForms Component for Joomla! index.php controller Parameter Traversal Local File Inclusion
|
|
66618
|
Views: 122
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Comments: 0, Blogs: 0, References: 8
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | - Vendor Verified
- Coordinated Disclosure
| |
|
Novell GroupWise WebAccess Component User Proxy Overflow
|
|
63032
|
Views: 118
Description:
CKForms Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'fid' parameter (when "option" is set to "com_ckforms", "controller" is set to "ckdata", and "layout" is set to "detail"). This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Comments: 0, Blogs: 0, References: 7
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| - Input Manipulation
- Information Disclosure
| - Loss of Integrity
- Loss of Confidentiality
| | | | |
|
CKForms Component for Joomla! index.php fid Parameter SQL Injection
|
|
3092
|
Views: 111
Description:
A potentially interesting file, directory or CGI was found on the web server. While there is no known vulnerability or exploit associated with this, it may contain sensitive information which can be disclosed to unauthenticated remote users, or aid in more focused attacks.
Comments: 0, Blogs: 0, References: 770
Vulnerability Classification
| Location | Attack Type | Impact | Solution | Exploit | Disclosure | OSVDB |
|---|
| | | | | | |
|
Interesting Web Document Found
|