Lucene search
K

3920 matches found

exploitpack
exploitpack
added 2005/11/12 12:0 a.m.16 views

PHPWebThings 1.4 - download.php?File SQL Injection

PHPWebThings 1.4 - download.php?File SQL Injection source: https://www.securityfocus.com/bid/15399/info phpWebThings is prone to an SQL injection vulnerability. This is an input validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure an...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2005/11/12 12:0 a.m.18 views

PHPWebThings 1.4 - 'download.php?File' SQL Injection

source: https://www.securityfocus.com/bid/15399/info phpWebThings is prone to an SQL injection vulnerability. This is an input validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query. It is likely that the issue cou...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/11/12 12:0 a.m.21 views

ActiveCampaign 1-2-All Broadcast Email 4.0 - Admin Control Panel 'Username' SQL Injection

source: https://www.securityfocus.com/bid/15400/info ActiveCampaign 1-2-All Broadcast Email is prone to an SQL-injection vulnerability. This is an input-validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query...

7.4AI score
Exploits0
NVD
NVD
added 2005/10/14 10:2 a.m.14 views

CVE-2005-3209

Aenovo products 1 aeNovo, 2 aeNovoShop, and 3 aeNovoWYSI store password information in plaintext in the a control, b content, and c page tables, which allows attackers with database access to obtain those passwords and gain privileges...

4.6CVSS6.5AI score0.00476EPSS
Exploits1References5
Cvelist
Cvelist
added 2005/10/14 4:0 a.m.20 views

CVE-2005-3209

Aenovo products 1 aeNovo, 2 aeNovoShop, and 3 aeNovoWYSI store password information in plaintext in the a control, b content, and c page tables, which allows attackers with database access to obtain those passwords and gain privileges...

6.5AI score0.00476EPSS
Exploits1References5
exploitpack
exploitpack
added 2005/10/08 12:0 a.m.9 views

Cyphor 0.19 - footer.php?t_login Cross-Site Scripting

Cyphor 0.19 - footer.php?tlogin Cross-Site Scripting source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to...

Exploits0
exploitpack
exploitpack
added 2005/10/08 12:0 a.m.11 views

Cyphor 0.19 - newmsg.php?fid SQL Injection

Cyphor 0.19 - newmsg.php?fid SQL Injection source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data...

0.8AI score
Exploits0
Exploit DB
Exploit DB
added 2005/10/08 12:0 a.m.28 views

Cyphor 0.19 - 'newmsg.php?fid' SQL Injection

source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible...

7.4AI score
Exploits0
NVD
NVD
added 2005/09/30 10:5 a.m.10 views

CVE-2005-3112

The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords...

2.1CVSS6.4AI score0.00353EPSS
Exploits0References4
Cvelist
Cvelist
added 2005/09/30 4:0 a.m.15 views

CVE-2005-3112

The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords...

6.4AI score0.00353EPSS
Exploits0References4
exploitpack
exploitpack
added 2005/09/30 12:0 a.m.9 views

PluggedOut CMS 0.4.8 - contenttypeid SQL Injection

PluggedOut CMS 0.4.8 - contenttypeid SQL Injection source: https://www.securityfocus.com/bid/14426/info PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access ...

8.7AI score
Exploits0
Exploit DB
Exploit DB
added 2005/09/30 12:0 a.m.28 views

PluggedOut CMS 0.4.8 - 'contenttypeid' SQL Injection

source: https://www.securityfocus.com/bid/14426/info PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible...

7AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2005/08/31 12:0 a.m.40 views

phpWebSite: Arbitrary command execution through XML-RPC and SQL injection

Background phpWebSite is a web site content management system. Description phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, "matrixkiller" reported that phpWebSite is vulnerable to an SQL injection attack. Impact A...

7.5CVSS7.6AI score0.05091EPSS
Exploits0
seebug.org
seebug.org
added 2005/08/18 12:0 a.m.25 views

ASP-Nuke <= 0.80 comment_post.asp远程SQL注入漏洞

ASPNuke中存在SQL注入漏洞,远程攻击者可以利用此漏洞非授权访问数据库。 起因是没有正确的过滤用户输入。请看/module/support/task/commentpost.asp的第36行和第75行代码: ... nTaskID = steNForm TaskID ... If sErrorMsg = Then prevent dup posting here sStat = SELECT TaskID & FROM tblTaskComment & WHERE TaskID = & nTaskID & & AND Subject = & ReplacesSubject, , &...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2005/07/14 4:0 a.m.23 views

CVE-2000-1235

The default configurations of 1 the port listener and 2 modplsql in Oracle Internet Application Server IAS 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor DAD files...

8.8AI score0.04827EPSS
Exploits1References6
securityvulns
securityvulns
added 2005/06/10 12:0 a.m.28 views

[SA15627] C-JDBC Exposure of Cached Results

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

0.7AI score
Exploits0
securityvulns
securityvulns
added 2005/05/28 12:0 a.m.31 views

[Full-disclosure] Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability

If an non-root admin goes to delete their own group, they are taken to a screen that says "Move users in this group to..." in which they can select the root admin group and move themselves into it. actually, they can move all users in any group into the root admin group root admins have complete...

1AI score
Exploits0
Cvelist
Cvelist
added 2005/05/18 4:0 a.m.21 views

CVE-2005-1645

Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...

6.5AI score0.0287EPSS
Exploits1References5
NVD
NVD
added 2005/05/18 4:0 a.m.16 views

CVE-2005-1645

Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information...

5CVSS6.5AI score0.0287EPSS
Exploits1References5
exploitpack
exploitpack
added 2005/04/30 12:0 a.m.13 views

JGS-Portal 3.0.1 - ID SQL Injection

JGS-Portal 3.0.1 - ID SQL Injection source: https://www.securityfocus.com/bid/13451/info JGS-Portal is prone to an SQL injection. This issue may potentially be exploited to compromise the software or gain unauthorized access to the database. The consequences of exploitation will depend on the...

8.6AI score
Exploits0
Rows per page
Query Builder