Scrutinizer < 9.0.1 d4d/alarms.php Multiple Parameters SQLi

The version of Scrutinizer installed on the remote web server is affected by a SQL injection vulnerability in multiple parameters of the 'd4d/alarms.php' script. An unauthenticated remote attacker can leverage this issue to manipulate database queries, leading to disclosure of sensitive...

Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injections

The remote web application fails to properly sanitize user-supplied input to the following servlets : - Printer.getPrinterAgentKey in the SoapServlet servlet - User.updateUserValue in the register.do servlet - User.isExistingUser in the logon.do servlet - Asset.getHWKey in the CallHomeExec servle...

NextBBS 0.6.0 Authentication Bypass / SQL Injection / XSS

waraxe-2012-SA080 - Multiple Vulnerabilities in NextBBS 0.6.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-80.html Description of vulnerable software:...

Tivoli Provisioning Manager Express for Software Distribution Multiple SQL Injection Vulnerabilities

Binary data 6398.prm...

UBUNTU-CVE-2012-0937

DISPUTED wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attackers to use WordPress as a proxy for brute-force attacks or denial of service attacks via th...

PT-2011-5169 · Pligg · Pligg Cms

Name of the Vulnerable Software and Affected Versions: Pligg CMS version 1.1.2 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the status parameter in the "search.php" file. Recommendations: For Pligg CMS version 1.1.2, consider restricting...

[SECURITY] Fedora 14 Update: phpMyAdmin-3.4.7.1-1.fc14

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 14 Update: phpMyAdmin-3.4.7-1.fc14

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index =3D es, users, permissions, while you still have the ability to...

AlphaRegistration Component for Joomla! 'email' Parameter SQLi

The version of the AlphaRegistration Component for Joomla! running on the remote host is affected by a SQL injection vulnerability in assets/scripts/checkemail.php due to improper sanitization of user-supplied input to the 'email' parameter before using it to construct database queries. Provided...

Symantec Web Gateway login.php Blind SQL Injection (SYM11-001)

According to its self-reported version number, the version of Symantec Web Gateway running on the remote host has a SQL injection vulnerability. Input to the 'USERNAME' parameter of the 'login.php' script is not properly sanitized. A remote, unauthenticated attacker could exploit this to manipula...

Nmap NSE net: ms-sql-tables

Queries Microsoft SQL Server ms-sql for a list of tables per database. The sysdatabase table should be accessible by more or less everyone The script attempts to use the sa account over any other if it has the password in the registry. If not the first account in the registry is used. Once we hav...

EgY SpIdEr ShElL : Shell strongest in the history the hacker !

Sites get hacked every day. The bad guys often install a toolkit to control remote servers effectively. Here is one called EgY SpIdEr ShElL: When logging in, you get a quick overview of the machine with what services are running, as well as some hardware specs.: The toolkit provides you with...

SA-CONTRIB-2011-015 - Translation Management - Multiple Vulnerabilities

This Translation Management module helps to manage the process of translating content on your site. The module has several vulnerabilities. It doesn't sufficiently escape user text when printed to the browser nor when used in database queries resulting in Cross Site Scripting XSS and SQL Injectio...

Symantec IM Manager whereClause Parameter SQL Injection (SYM10-010)

The version of Symantec IM Manager installed on the remote Windows host fails to sanitize input to the 'whereClause' parameter of the 'rdpageimlogic.aspx' script before using it in the 'LoggedInUsers.lgx' definition file to construct database queries. An unauthenticated attacker may be able to...

Huru Helpdesk Component for Joomla! 'cid[0]' Parameter SQLi

The version of the Huru Helpdesk component for Joomla! running on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'cid0' parameter before using it to construct database queries. Regardless of the PHP 'magicquotesgpc' setting,...

RokModule Component for Joomla! 'moduleid' Parameter SQi

The version of the RokModule component for Joomla! running on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'moduleid' parameter before using it to construct database queries. Regardless of the PHP 'magicquotesgpc' setting,...

JS Jobs Component for Joomla! 'md' Parameter SQLi

The version of the JS Jobs component for Joomla! running on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'md' parameter before using it to construct database queries. Regardless of the PHP 'magicquotesgpc' setting, an...

BF Survey Pro Component for Joomla! 'table' Parameter SQLi

The version of BF Survey Pro or BF Survey Pro Free for Joomla! running on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'table' parameter in a POST request when 'task' is set to 'updateOnePage' before using it to construct...

FlexCMS Login Cookie SQL Injection

The remote host is running FlexCMS, a content management system written in PHP. The version of the FlexCMS installed on the remote host fails to sanitize input passed to the login cookie 'FCLoginData12345' before using it in database queries. Provided PHP's 'magicquotesgpc' setting is disabled, a...

Log Rover pword Parameter SQL Injection

The remote host is running Log Rover, an ASP application for analyzing web server log files. The web interface included with the version of Log Rover installed on the remote host fails to sanitize user-supplied input to the 'pword' parameter of the 'login.asp' script before using it to construct...