Symantec IM Manager rdServer.dll sGetDefinition SQL Injection Vulnerability

This vulnerability allows remote attackers to inject arbitrary SQL into the backend database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IM Manager interface exposed by the web server which...

Symantec IM Manager Administrative Interface IMAdminScheduleReport.asp SQL Injection Vulnerability

This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager...

VulnCheck KEV: CVE-2010-2772

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568...

Zabbix 1.8.1 - SQL Injection

Zabbix 1.8.1 - SQL Injection ============================================= - Release date: April 1st, 2010 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- Zabbix = 1.8.1 SQL Injection II. BACKGROUND...

Microsoft SharePoint <= 12.0.0.6219 Team Services Information Disclosure Vulnerability (KB976829)

Microsoft SharePoint Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SharePoint 2007 Team Services source code disclosure

No description provided by source. ======= Summary ======= Name: SharePoint Team Services source code disclosure through download facility Release Date: 21 October 2009 Reference: NGS00532 Discover: Daniel Martin [email protected] Vendor: Microsoft Systems Affected: SharePoint 2007...

e107 &lt; 0.7.15 - &#039;extended_user_fields&#039; Blind SQL Injection

!/usr/bin/env perl e107 dbUpdate"userextended", $uefields." WHERE userextendedid = '".intval$inp."'"; ue POST variable needs a valid key such as "aim","msn" or other userextendedfields @fields array. Fix this sql injection using php function mysqlrealescapestring to the POST 'hide' key, otherwise...

FreeBSD : openfire -- multiple vulnerabilities (937adf01-b64a-11dd-a55e-00163e000016)

Andreas Kurtz reports : The jabber server Openfire = version 3.6.0a contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. - Authentication bypass - This...

Oracle Application Server PLSQL injection flaw

NGSSoftware Insight Security Research Advisory Name: PLSQL Injection in Oracle Application Server Systems Affected: Oracle Application Server 9.0.4.3, 10.1.2.2, 10.1.4.1 Severity: Critical Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 9th October 200...

Blind Sql-Injection in Joomla 1.5 RC3

Thanks to team of Darkc0de.com Blind Sql-Injection in Joomla 1.5 RC3 URL : http://localhost/index.php 1. Parameter = view The following changes were applied to the original request: • Set parameter 'view's value to 'somechars'20+20'article' POC URL :...

bcoos-sql.txt

Bcoops adresses/ratefile.php lid variable SQL injection vendor url: http://www.bcoops.net Advisore: http://lostmon.blogspot.com/2007/11/ bcoops-adressesratefilephp-lid-variable.html vendor notify:NO exploits available: YES bcoos is content-community management system written in PHP-MySQL. bcoops...

onecms24-sql.txt

!/usr/bin/perl OneCMS v2.4 Remote SQL Injection Exploit Description ----------- OneCMS contains a flaw that allows an attacker to carry out an SQL injection attack. The issue is due to the userreviews.php script not properly sanitizing user-supplied input to the 'abc' variable. This may allow an...

OneCMS 2.4 (userreviews.php abc) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl OneCMS v2.4 Remote SQL Injection Exploit Description ----------- OneCMS contains a flaw that allows an attacker to carry out an SQL injection attack. The issue is due to the userreviews.php script not properly sanitizing user-supplied input to the...

OneCMS 2.4 - abc SQL Injection

OneCMS 2.4 - abc SQL Injection !/usr/bin/perl OneCMS v2.4 Remote SQL Injection Exploit Description ----------- OneCMS contains a flaw that allows an attacker to carry out an SQL injection attack. The issue is due to the userreviews.php script not properly sanitizing user-supplied input to the 'ab...

OneCMS 2.4 - &#039;abc&#039; SQL Injection

!/usr/bin/perl OneCMS v2.4 Remote SQL Injection Exploit Description ----------- OneCMS contains a flaw that allows an attacker to carry out an SQL injection attack. The issue is due to the userreviews.php script not properly sanitizing user-supplied input to the 'abc' variable. This may allow an...

HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit

Exploit for multiple platform in category remote exploits ==================================================================== HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit ==================================================================== !/usr/bin/perl HP Mercury Qualit...

CVE-2004-2551

Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via 1 the syscommentid parameter in editcommentenduser.asp, 2 the syssuspendid parameter in editsuspensionuser.asp, 3 the table parameter in exportdata.asp, 4 the sysanalgroup...

PEEL 2.x sql injection

PEEL 2.x sql injection Author: r0t hackers.by.lv Date: 14. nov 2005 software: PEEL 2.x vendor: http://peel.fr/ Tested on 2.6 and 2.7 version Vulnerability Description: contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script...

CVE-2004-2324

SQL injection vulnerability in DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the 1 table and 2 field parameters in LinkClick.aspx...

CVE-2002-1723

Powerboards 2.2b is affected. An unauthenticated remote attacker can induce an error message in profiles.php by sending a cookie with a non-existent username, causing the full backend database path to be disclosed. This is a direct information disclosure vulnerability exposing directory/path deta...