701 matches found
Unsafe Query Generation Risk in Active Record
There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. Impact ------ Due to the way Active Record interprets parameters in combination with the way that JSON parameters are...
FOG has multiple vulnerabilities
FOG is a free, open source, computer cloning and management solution. FOG has multiple vulnerabilities that allow input from certain unauthenticated users since parameters in the library function in the FOGManagerController.class.php file are not sanitized. An attacker can leverage this...
Ruby on Rails: Unsafe Query Generation (CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155) mitigation bypass
Unsafe Query Generation Risk in Active Record There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability has been assigned the CVE identifier CVE-2016-6317. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155...
phpMyAdmin cross-site scripting vulnerability (CNVD-2016-01426)
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A cross-site scripting vulnerability exists in...
SQL Injection in easy2map wordpress plugin v1.24
Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact: https://profiles.wordpress.org/stevenellis/ Advisory...
DEBIAN-CVE-2015-0222
ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when showhiddeninitial is set to True, allows remote attackers to cause a denial of service by submitting duplicate values, which triggers a large number of SQL queries...
Nagios XI < 2012R2.4 SQL Injection Vulnerability
Binary data 8369.prm...
XtremeASP PhotoGallery 2.0 Adminlogin.ASP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9438/info XtremeASP PhotoGallery is prone to an SQL injection vulnerability. The issue is reported to exist in the administration login interface, which does not sufficiently sanitize user-supplied input for username and...
SimpGB 1.0 Guestbook.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12801/info SimpGB is reportedly affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input passed to the 'guestbook.php' script before using it in a S...
Lighthouse Development Squirrelcart 1.5.5 - SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12944/info Squirrelcart is affected by an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attack...
PHP-Nuke 6.x/7.x Public Message SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9615/info It has been reported that the 'public message' feature of PHP-Nuke is vulnerable to an SQL injection vulnerability. The issue is due to improper sanitization of user-defined parameters supplied to the module. As...
Duyuru Scripti Goster.ASP SQL injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/22910/info Duyuru Scripti is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this vulnerability could permit remot...
WebCalendar 1.0.1 - Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/15662/info WebCalendar is prone to multiple SQL injection vulnerabilities. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other...
Qualiteam X-Cart 4.0.8 product.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remot...
PHP-Nuke 6.x/7.x Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/10135/info Reportedly PHP-Nuke is prone to multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied input. As a result of these issues an attacker cou...
CubeCart 2.0.x tellafriend.php product Variable Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These issues...
CubeCart 2.0.x view_cart.php add Variable Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These issues...
PDJK-support Suite 1.1 - Multiple SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/15598/info PDJK-support Suite is prone to multiple SQL injection vulnerabilities. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic o...
CubeCart 2.0.x view_product.php product Variable Path Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These issues...
Widget Property 1.1.19 Property.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15701/info Widget Press Widget Property is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'property.php' script before using it i...