3920 matches found
PHPWebThings 1.4 - download.php?File SQL Injection
PHPWebThings 1.4 - download.php?File SQL Injection source: https://www.securityfocus.com/bid/15399/info phpWebThings is prone to an SQL injection vulnerability. This is an input validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure an...
PHPWebThings 1.4 - 'download.php?File' SQL Injection
source: https://www.securityfocus.com/bid/15399/info phpWebThings is prone to an SQL injection vulnerability. This is an input validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query. It is likely that the issue cou...
ActiveCampaign 1-2-All Broadcast Email 4.0 - Admin Control Panel 'Username' SQL Injection
source: https://www.securityfocus.com/bid/15400/info ActiveCampaign 1-2-All Broadcast Email is prone to an SQL-injection vulnerability. This is an input-validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query...
CVE-2005-3209
Aenovo products 1 aeNovo, 2 aeNovoShop, and 3 aeNovoWYSI store password information in plaintext in the a control, b content, and c page tables, which allows attackers with database access to obtain those passwords and gain privileges...
CVE-2005-3209
Aenovo products 1 aeNovo, 2 aeNovoShop, and 3 aeNovoWYSI store password information in plaintext in the a control, b content, and c page tables, which allows attackers with database access to obtain those passwords and gain privileges...
Cyphor 0.19 - footer.php?t_login Cross-Site Scripting
Cyphor 0.19 - footer.php?tlogin Cross-Site Scripting source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to...
Cyphor 0.19 - newmsg.php?fid SQL Injection
Cyphor 0.19 - newmsg.php?fid SQL Injection source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data...
Cyphor 0.19 - 'newmsg.php?fid' SQL Injection
source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible...
CVE-2005-3112
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords...
CVE-2005-3112
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords...
PluggedOut CMS 0.4.8 - contenttypeid SQL Injection
PluggedOut CMS 0.4.8 - contenttypeid SQL Injection source: https://www.securityfocus.com/bid/14426/info PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access ...
PluggedOut CMS 0.4.8 - 'contenttypeid' SQL Injection
source: https://www.securityfocus.com/bid/14426/info PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible...
phpWebSite: Arbitrary command execution through XML-RPC and SQL injection
Background phpWebSite is a web site content management system. Description phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, "matrixkiller" reported that phpWebSite is vulnerable to an SQL injection attack. Impact A...
ASP-Nuke <= 0.80 comment_post.asp远程SQL注入漏洞
ASPNuke中存在SQL注入漏洞,远程攻击者可以利用此漏洞非授权访问数据库。 起因是没有正确的过滤用户输入。请看/module/support/task/commentpost.asp的第36行和第75行代码: ... nTaskID = steNForm TaskID ... If sErrorMsg = Then prevent dup posting here sStat = SELECT TaskID & FROM tblTaskComment & WHERE TaskID = & nTaskID & & AND Subject = & ReplacesSubject, , &...
CVE-2000-1235
The default configurations of 1 the port listener and 2 modplsql in Oracle Internet Application Server IAS 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor DAD files...
[SA15627] C-JDBC Exposure of Cached Results
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
[Full-disclosure] Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability
If an non-root admin goes to delete their own group, they are taken to a screen that says "Move users in this group to..." in which they can select the root admin group and move themselves into it. actually, they can move all users in any group into the root admin group root admins have complete...
CVE-2005-1645
Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...
CVE-2005-1645
Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...
JGS-Portal 3.0.1 - ID SQL Injection
JGS-Portal 3.0.1 - ID SQL Injection source: https://www.securityfocus.com/bid/13451/info JGS-Portal is prone to an SQL injection. This issue may potentially be exploited to compromise the software or gain unauthorized access to the database. The consequences of exploitation will depend on the...