Pixelpost index.php parent_id Parameter SQL Injection

The remote host is running Pixelpost, a photo blog application based on PHP and MySQL. The version of Pixelpost installed on the remote host fails to sanitize input to the 'parentid' parameter of the 'index.php' script before using it to perform database queries. Provided PHP's 'magicquotesgpc'...

X7 Chat index.php day Parameter SQL Injection

The remote host is running X7 Chat, a web-based chat program written in PHP. The version of X7 Chat installed on the remote host fails to sanitize input to the 'day' parameter of the 'index.php' script when 'page' is set to 'event' before using it in 'sources/infobox.php' to construct database...

CVE-2007-6667

SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413...

XOOPS 2.0.17.1 Mylinks Module - 'Brokenlink.php' SQL Injection

source: https://www.securityfocus.com/bid/26392/info Xoops Mylinks module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this vulnerability could permit remote attackers to pass maliciou...

XOOPS 2.0.17.1 Mylinks Module - Brokenlink.php SQL Injection

XOOPS 2.0.17.1 Mylinks Module - Brokenlink.php SQL Injection source: https://www.securityfocus.com/bid/26392/info Xoops Mylinks module is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this...

QuickEStore insertorder.cfm CFTOKEN Parameter SQL Injection

The remote host is running QuickEStore, a shopping cart application writtein in Cold Fusion. The version of QuickEStore installed on the remote host fails to sanitize input to the 'CFTOKEN' parameter of the 'insertorder.cfm' script before using it in database queries. An unauthenticated attacker...

SimpleFAQ Component for Joomla! 'aid' Parameter SQLi

The version of the SimpleFAQ component for Joomla! and Mambo running on the remote host is affected by a SQL injection vulnerability in the simplephp.php script due to improper sanitization of user-supplied input to the 'aid' parameter before using it to construct database queries in the...

GMaps Component for Joomla! 'mapId' Parameter SQLi

The version of the GMaps component for Joomla! running on the remote host is affected by a SQL injection vulnerability in the classes/gmapdao.class.php script due to improper sanitization of user-supplied input to the 'mapId' parameter before using it to construct database queries in the getMap...

MailMarshal Spam Quarantine Interface Arbitrary Account Password Retrieval

The remote host is running the Spam Quarantine Management web component of MailMarshal SMTP, a mail server for Windows. The version of the Spam Quarantine Management web component installed on the remote host fails to sanitize input to the 'emailTextBox' parameter of the 'Register.aspx' script...

paFileDB includes/search.php categories Parameter SQL Injection

The version of paFileDB installed on the remote host fails to sanitize user-supplied input to the 'categories' parameter before using it in the 'includes/search.php' script to make database queries. An unauthenticated attacker can exploit this issue to manipulate database queries, which could lea...

Calendarix calendar.php Multiple Parameter SQL Injection

The remote host is running Calendarix, a free web-based calendar application written in PHP. The version of Calendarix installed on the remote host fails to sanitize input to the 'month' and 'year' parameters of the 'calendar.php' script before using it in database queries. Provided PHP's...

Calendarix <= 0.7.20070307 calendar.php month and year parameter SQL Injection

Binary data 4113.prm...

YaNC Component for Joomla! 'listid' Parameter SQLi

The version of the YaNC component for Joomla! and Mambo running on the remote host is affected by a SQL injection vulnerability in the components/comyanc/yanc.html.php script due to improper sanitization of user-supplied input to the 'listid' parameter before using it to construct database querie...

Duyuru Scripti - Goster.asp SQL Injection

Duyuru Scripti - Goster.asp SQL Injection source: https://www.securityfocus.com/bid/22910/info Duyuru Scripti is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this vulnerability could perm...

S9Y Serendipity 1.1.1 - index.php SQL Injection

S9Y Serendipity 1.1.1 - index.php SQL Injection source: https://www.securityfocus.com/bid/22774/info Serendipity is affected by an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this vulnerability coul...

ExoPHPDesk faq.php id Parameter SQL Injection

The remote host is running Exo PHPDesk, a helpdesk application written in PHP. The version of Exo PHPDesk on the remote host fails to properly sanitize input to the 'id' parameter of the 'faq.php' script before using it in database queries. Provided PHP's 'magicquotesgpc' setting is disabled, an...

WoltLab Burning Board search.php Multiple Parameter SQL Injection

The version of Burning Board / Burning Board Lite on the remote host fails to sanitize user input to the 'boardids' parameter of the 'search.php' script before using it in database queries. Regardless of PHP's 'registerglobals' and 'magicquotesgpc' settings, an unauthenticated, remote attacker ca...

WordPress Trackback 'wp-trackback.php' 'tb_id' Parameter SQL Injection

The version of WordPress on the remote host fails to properly sanitize input to the 'tbid' parameter of the 'wp-trackback.php' script before using it in database queries. An unauthenticated, remote attacker can leverage this issue to launch SQL injection attacks against the affected application,...

WordPress Trackback Charset Decoding SQL Injection

The version of WordPress on the remote host supports trackbacks in alternate character sets and decodes them after escaping SQL parameters. By specifying an alternate character set and encoding input with that character set while submitting a trackback, an unauthenticated, remote attacker can...

Cacti copy_cacti_user.php template_user Variable SQL Injection

The remote host is running Cacti, a web-based, front end to RRDTool for network graphing. The version of Cacti on the remote host does not properly check whether the 'copycactiuser.php' script is being run from a commandline and fails to sanitize user-supplied input before using it in database...