Wazi

Audio %26 Video Library 2.7.0 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Audio %26 Video Library 2.7.0 [High]

Description

SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4735
Severity: High

NIST National Vulnerabilities Database

Movie Library 2.7.0 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Movie Library 2.7.0 [High]

Description

SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4734
Severity: High

NIST National Vulnerabilities Database

Simpleloginsys 0.5 [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Simpleloginsys 0.5 [Medium]

Description

SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4733
Severity: Medium

NIST National Vulnerabilities Database

Tt Web Site Manager 0.5 [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Tt Web Site Manager 0.5 [Medium]

Description

SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tt_name parameter. NOTE: some of these details are obtained from third party information.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4732
Severity: Medium

NIST National Vulnerabilities Database

Model Agency Manager Pro [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Model Agency Manager Pro [High]

Description

SQL injection vulnerability in photos.php in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allows remote attackers to execute arbitrary SQL commands via the album parameter.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4731
Severity: High

NIST National Vulnerabilities Database

Adult Script 1.7 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Adult Script 1.7 [High]

Description

SQL injection vulnerability in report.php in x10 Adult Media Script 1.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4730
Severity: High

NIST National Vulnerabilities Database

Adult Script 1.7 [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Adult Script 1.7 [Medium]

Description

Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media Script 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, (3) id parameter to templates/header1.php, and (4) key parameter to video_listing.php.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4729
Severity: Medium

NIST National Vulnerabilities Database

Questions Answered 1.3 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Questions Answered 1.3 [High]

Description

SQL injection vulnerability in the administrative interface in Questions Answered 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4728
Severity: High

NIST National Vulnerabilities Database

Ajax Short Url Script [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Ajax Short Url Script [High]

Description

SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4727
Severity: High

NIST National Vulnerabilities Database

Quickdev4php [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Quickdev4php [Medium]

Description

Directory traversal vulnerability in download.php in Quickdev 4 PHP allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4726
Severity: Medium

NIST National Vulnerabilities Database

Arab Portal 2.2 [Medium]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Arab Portal 2.2 [Medium]

Description

Directory traversal vulnerability in modules/aljazeera/admin/setup.php in Arab Portal 2.2 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4725
Severity: Medium

NIST National Vulnerabilities Database

Ppscript [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Ppscript [High]

Description

SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4724
Severity: High

NIST National Vulnerabilities Database

Netpet Cms 1.9 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Netpet Cms 1.9 [High]

Description

Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4723
Severity: High

NIST National Vulnerabilities Database

Limny 1.01 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Limny 1.01 [High]

Description

SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4722
Severity: High

NIST National Vulnerabilities Database

Aw-bannerad 1.0 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Aw-bannerad 1.0 [High]

Description

Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. NOTE: some of these details are obtained from third party information.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4721
Severity: High

NIST National Vulnerabilities Database

Gnudip 2.1.1 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Gnudip 2.1.1 [High]

Description

SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4720
Severity: High

NIST National Vulnerabilities Database

Discloser 0.0.4 [High]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Discloser 0.0.4 [High]

Description

SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows remote attackers to execute arbitrary SQL commands via the more parameter.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2009-4719
Severity: High

NIST National Vulnerabilities Database

Broadcom and prior [Unknown Severity]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Broadcom and prior [Unknown Severity]

Description

Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors.

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0104
Severity: Unknown Severity

NIST National Vulnerabilities Database

Broadcom and prior [Unknown Severity]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Broadcom and prior [Unknown Severity]

Description

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0104
Severity: Unknown Severity

NIST National Vulnerabilities Database

Broadcom and prior [Unknown Severity]

Security Team — Tue, 30 Nov 1999 06:00:00 +0000

Affects:

Broadcom and prior [Unknown Severity]

Description

If you have questions about this security warning or need to have it translated and you have an active technical support contract, please call 1-888-OPENLOGIC or email us at support@openlogic.com.

CVE Identifier: CVE-2010-0104
Severity: Unknown Severity

NIST National Vulnerabilities Database