The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks." Date published : 2010-05-11 http://www.securityfocus.com/archive/1/511176/100/0/threaded http://www.kb.cert.org/vuls/id/602801
The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes...
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for...
Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params."...
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute...
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain...
tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \.pipe__RepairService_pipe__company named pipe, which allows remote authenticated...
Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the...
Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. Date published : 2010-05-11 http://www.securityfocus.com/bid/39606...
SQL injection vulnerability in the JTM Reseller (com_jtm) component 1.9 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter in a search action to index.php. Date published :...
SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. Date published : 2010-05-11 http://www.exploit-db.com/exploits/12349 http://packetstormsecurity.org/1004-exploits/ajshoppingcart-sql.txt
Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller...
SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of...
SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some...