Searching module software vulnerabilities

The administration module in Sun Java web serve

comsunserverhttppagecompilejsp92JspServlet | administration | requesting | arbitrary | attackers | /servlet/ | uploading | commands | execute | invoke | module | begins | remote | allows | server | Java | code | web | tag | URL | Sun |

The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.


The POSIX Capability Linux Security Module (LSM

Capability | Security | Module | POSIX | Linux |

The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.


SQL injection vulnerability in PostNuke 7.2.6 a

vulnerability | injection | PostNuke | SQL |

SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.


Multiple SQL injection vulnerabilities in mod.p

vulnerabilities | injection | Multiple | phpCOIN | modphp | SQL |

Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module.


Multiple SQL injection vulnerabilities in Xanth

vulnerabilities | Xanthiaphp | injection | PostNuke | Multiple | Xanthia | module | SQL |

Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter.


The sql_escape_string function in auth/sql.c fo

sql_escape_string | authentication | mailutils | auth/sqlc | function | properly | module | quote | does | "\" | not | SQL |

The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.


Multiple SQL injection vulnerabilities in Contr

vulnerabilities | injection | Contrexx | Multiple | before | SQL |

Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) value parameter to the poll module or (2) pId parameter to the gallery module.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) term parameter to the search module or (2) title in the blog aggregation module.


Multiple SQL injection vulnerabilities in forum

vulnerabilities | injection | attackers | arbitrary | forumphp | commands | Multiple | execute | oaboard | remote | forum | allow | via | SQL |

Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.


Cross-site scripting (XSS) vulnerability in MyS

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword parameter in the SearchZoom module.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module.


Directory traversal vulnerability in PHPList 2.

vulnerability | traversal | Directory | PHPList |

Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable.


vtiger CRM 4.2.4, and possibly earlier, allows

vtiger | CRM |

vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.


Moodle before 1.6.2 does not properly validate

before | Moodle |

Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.


PHP remote file inclusion vulnerability in modu

modules/mx_smartor/albumphp | vulnerability | inclusion | Smartor | module | remote | Album | file | mxBB | PHP |

PHP remote file inclusion vulnerability in modules/mx_smartor/album.php in the mxBB Smartor Album module 1.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.


PHP remote file inclusion vulnerability in incl

includes/mx_commonphp | vulnerability | CalSnails | inclusion | Module | Portal | remote | MxBB | file | PHP |

PHP remote file inclusion vulnerability in includes/mx_common.php in the CalSnails Module for MxBB Portal 1.06 allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.


Software vulnerabilities results 1 to 20 of 718     
Page: 12345...36