SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/. Date published : 2014-06-09 https://github.com/JojoCMS/Jojo-CMS/commit/972757c4500d94b4b1306bf092e678add3a987d8 https://www.htbridge.com/advisory/HTB23153
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file. Date published : 2014-06-09 http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file. Date published : 2014-06-09 http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors. Date published : 2014-06-09 http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html
The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive...
The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request. Date published : 2014-06-09 http://www.securityfocus.com/bid/58225...
SAP Open Hub Service has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Date published : 2014-06-09 http://www.securityfocus.com/bid/67920 http://scn.sap.com/docs/DOC-8218
SAP Capacity Leveling has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Date published : 2014-06-09 http://www.securityfocus.com/bid/67920 http://scn.sap.com/docs/DOC-8218
SAP Transaction Data Pool has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Date published : 2014-06-09 http://www.securityfocus.com/bid/67920 http://scn.sap.com/docs/DOC-8218
SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Date published : 2014-06-09 http://www.securityfocus.com/bid/67920 http://scn.sap.com/docs/DOC-8218
SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Date published : 2014-06-09 http://www.securityfocus.com/bid/67920 http://scn.sap.com/docs/DOC-8218
The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Date published : 2014-06-09 http://www.securityfocus.com/bid/67920 http://scn.sap.com/docs/DOC-8218
The SAP Trader’s and Scheduler’s Workbench (TSW) for SAP Oil & Gas has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Date published : 2014-06-09 http://www.securityfocus.com/bid/67920 http://scn.sap.com/docs/DOC-8218
SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. Date published : 2014-06-09 http://www.securityfocus.com/bid/67920 http://scn.sap.com/docs/DOC-8218