KLINK - SQL Injection

KLINK - SQL Injection Andr�s G�mez Exploit Title : KLINK Sql Injection Vulnerability Date : 2010-12-31 Author : Andr�s G�mez Software Developed by : http://www.contacto.com Contact : [email protected] Dork : "allinurl:.php?txtCodiInfo=" An attacker may execute arbitrary SQL statements on...

KLINK SQL Injection

Andr�s G�mez Exploit Title : KLINK Sql Injection Vulnerability Date : 2010-12-31 Author : Andr�s G�mez Software Developed by : http://www.contacto.com Contact : [email protected] Dork : "allinurl:.php?txtCodiInfo=" An attacker may execute arbitrary SQL statements on the vulnerable system...

XMB 1.9.11 Cross Site Request Forgery

...

Sql injection

SQL injection vulnerability in ogpshow.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter...

CVE-2008-2817

SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action...

dblink allows proxying of database connections via 127.0.0.1

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...

CVE-2005-0646

SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysqlprefix parameter...

CVE-2004-1835

Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the 1 img, 2 cat, 3 sortkey, 4 orderkey, 5 user, or 6 album parameters...

CVE-2004-1955

SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter...

CVE-2004-1622

SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter...

TorrentTrader download.php id Parameter SQL Injection

The remote host is running TorrentTrader, a web-based BitTorrent tracker. The remote version of this software is vulnerable to a SQL injection attack that may allow an attacker to inject arbitrary SQL statements in the remote database. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2004-0707

SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL...

CVE-2004-0366

SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements...

CVE-2004-0366

Removed by vendor...

PT-2004-1520 · Unknown · Libpam-Pgsql

Name of the Vulnerable Software and Affected Versions: libpam-pgsql versions prior to 0.5.2 Description: The issue allows attackers to execute arbitrary SQL statements due to a SQL injection vulnerability in the libpam-pgsql library. Recommendations: For versions prior to 0.5.2, update to version...

CVE-2004-0343

Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via 1 the msg parameter in ModifyMessage.php or 2 the postid parameter in ModifyMessage.php...

CVE-2003-0500

SQL injection vulnerability in the PostgreSQL authentication module modsqlpostgres for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name...

DSA-338 proftpd - SQL injection

Bulletin has no description...

CVE-2002-1457

SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter...

CVE-2003-0377

SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP...