[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 246699 Download | Alert*

Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details are obtained from third party information.

Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter.

SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter.

PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter.

Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.

Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.

ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql.

WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.

Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative credentials.

Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.


Pages:      Start    11187    11188    11189    11190    11191    11192    11193    11194    11195    11196    11197    11198    11199    11200    ..   24669

© SecPod Technologies