JVideo! Component for Joomla! 'user_id' Parameter SQLi

The version of the JVideo! component for Joomla! running on the remote host is affected by a SQL injection vulnerability in the models/user.php script due to improper sanitization of user-supplied input to the 'userid' parameter before using it to construct database queries in the getUsername...

Geeklog SEC_authenticate Function SQL Injection

The version of Geeklog installed on the remote host fails to sanitize input to the 'username' argument of the 'SECauthenticate' function in '/system/lib-security.php' before using it to construct database queries. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated attacker can explo...

SocialEngine Blog Plugin category_id Parameter SQL Injection

The remote host is running SocialEngine, a PHP-based social network platform. The version of the Blog plugin for SocialEngine installed on the remote host fails to sanitize input to the 'categoryid' parameter of the 'blog.php' script before using it to construct database queries. Regardless of...

Meeting Room Booking System (MRBS) month.php area Parameter SQL Injection

The remote host is running Meeting Room Booking System MRBS, a PHP application for booking meeting rooms or other resources. The version of MRBS installed on the remote host fails to sanitize user-supplied input to the 'area' parameter of the 'month.php' script before using it to construct databa...

Eventing Component for Joomla! 'catid' Parameter SQLi

The version of the Eventing component for Joomla! running on the remote host is affected by a SQL injection vulnerability in eventing.php due to improper sanitization of user-supplied input to the 'catid' parameter before using it to construct database queries. Regardless of the PHP...

myEvent 1.6 - 'eventdate' SQL Injection

myEvent 1.6 viewevent.php Remote SQL Injection Vulnerability url: http://mywebland.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use it at your own risk. Author will be not responsible...

OpenX ac.php bannerid Parameter SQL Injection

The remote host is running OpenX formerly Openads, an open source ad serving application written in PHP. The installed version of OpenX does not validate user-supplied input to the 'bannerid' parameter of the 'www/delivery/ac.php' script before using it in database queries. Regardless of PHP's...

SA-2008-061 - Everyblog - Multiple vulnerabilities

The module does not follow Drupal best practices for database queries and handling of user submitted data, leading to a number of vulnerabilities. Of special concern is that an unprivileged user may become logged in to the account of an existing user, including an administrator. Versions Affected...

Joomla! reset.php Reset Token Validation Forgery

The version of Joomla! running on the remote host is affected by a password reset vulnerability in components/comuser/models/reset.php script due to improper validation of user-supplied input to the 'token' parameter before using it to construct database queries in the confirmReset function. An...

TrailScout Module For Drupal Session Cookie SQL Injection

The remote host is running TrailScout, a third-party module for Drupal that displays a breadcrumb-like trail showing pages a user recently visited on a site. The version of the TrailScout module installed on the remote host fails to sanitize user-supplied input to the session cookie before using ...

nBill component for Joomla! 'cid' Parameter SQLi

The version of the nBill also known as netinvoice component for Joomla! and Mambo running on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'cid' parameter before using it to construct database queries. Regardless of the PHP...

AEC Subscription Manager Component for Mambo / Joomla! 'usage' Parameter SQLi

The version of the AEC Subscription Manager component for Joomla! and Mambo running on the remote host is affected by a SQL injection vulnerability in the acctexp.class.php script due to improper sanitization of user-supplied input to the 'usage' parameter before using it to construct database...

DatsoGallery Component for Joomla! sub_votepic.php User-Agent HTTP Header SQLi

The version of the DatsoGallery component for Joomla! or Mambo running on the remote host is affected by a SQL injection vulnerability in subvotepic.php due to improper sanitization of user-supplied input to the User-Agent header before using it to construct database queries. Regardless of the PH...

Webhosting Component for Joomla! 'catid' Parameter SQLi

The version of the Webhosting component for Joomla! running on the remote host is affected by a SQL injection vulnerability in webhosting.php due to improper sanitization of user-supplied input to the 'catid' parameter before using it to construct database queries in the showoverview function...

MyBlog 1.x - SQL Injection Remote File Inclusion

MyBlog 1.x - SQL Injection Remote File Inclusion source: https://www.securityfocus.com/bid/28313/info MyBlog is prone to multiple input-validation vulnerabilities, including: - Multiple SQL-injection vulnerabilities - Multiple remote file-include vulnerabilities - A privilege-escalation...

Acajoom Component for Joomla! 'mailingid' Parameter SQLi

The version of the Acajoom component for Joomla! running on the remote host is affected by a SQL injection vulnerability in the class.mailing.php script due to improper sanitization of user-supplied input to the 'mailingid' parameter before using it to construct database queries in the...

MyBlog 1.x - SQL Injection / Remote File Inclusion

source: https://www.securityfocus.com/bid/28313/info MyBlog is prone to multiple input-validation vulnerabilities, including: - Multiple SQL-injection vulnerabilities - Multiple remote file-include vulnerabilities - A privilege-escalation vulnerability An attacker may exploit these issues to...

Cacti index.php/sql.php Login Action login_username Parameter SQL Injection

The remote host is running Cacti, a web-based front-end to RRDTool for network graphing. The version of Cacti installed on the remote host fails to sanitize user input to the 'loginusername' parameter before using it in the 'authlogin.php' script to perform database queries. Regardless of PHP's...

AkoGallery Component for Mambo / Joomla! 'id' Parameter SQLi

The version of the AkoGallery component for Joomla! running on the remote host is affected by a SQL injection vulnerability in the akogallery.php script due to improper sanitization of user-supplied input to the 'id' parameter before using it to construct database queries in the GalleryHeader...

CandyPress Store admin/utilities_ConfigHelp.asp helpfield Parameter SQL Injection

The remote host is running CandyPress, a commercial shopping cart script written in ASP. The version of CandyPress installed on the remote host fails to sanitize user-supplied input to the 'helpfield' parameter of the 'admin/utilitiesConfigHelp.asp' script before using it to perform database...