Lucene search
K

712 matches found

Tenable Nessus
Tenable Nessus
added 2007/07/16 12:0 a.m.25 views

paFileDB includes/search.php categories Parameter SQL Injection

The version of paFileDB installed on the remote host fails to sanitize user-supplied input to the 'categories' parameter before using it in the 'includes/search.php' script to make database queries. An unauthenticated attacker can exploit this issue to manipulate database queries, which could lea...

7.5CVSS5.6AI score0.02493EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2007/06/26 12:0 a.m.166 views

Calendarix calendar.php Multiple Parameter SQL Injection

The remote host is running Calendarix, a free web-based calendar application written in PHP. The version of Calendarix installed on the remote host fails to sanitize input to the 'month' and 'year' parameters of the 'calendar.php' script before using it in database queries. Provided PHP's...

6.8CVSS5.6AI score0.04496EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2007/06/25 12:0 a.m.15 views

Calendarix <= 0.7.20070307 calendar.php month and year parameter SQL Injection

Binary data 4113.prm...

6.8CVSS7.3AI score0.04496EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2007/05/17 12:0 a.m.20 views

YaNC Component for Joomla! 'listid' Parameter SQLi

The version of the YaNC component for Joomla! and Mambo running on the remote host is affected by a SQL injection vulnerability in the components/comyanc/yanc.html.php script due to improper sanitization of user-supplied input to the 'listid' parameter before using it to construct database querie...

7.5CVSS5.8AI score0.03757EPSS
Exploits0References2
exploitpack
exploitpack
added 2007/03/09 12:0 a.m.11 views

Duyuru Scripti - Goster.asp SQL Injection

Duyuru Scripti - Goster.asp SQL Injection source: https://www.securityfocus.com/bid/22910/info Duyuru Scripti is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this vulnerability could perm...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2007/03/01 12:0 a.m.21 views

S9Y Serendipity 1.1.1 - index.php SQL Injection

S9Y Serendipity 1.1.1 - index.php SQL Injection source: https://www.securityfocus.com/bid/22774/info Serendipity is affected by an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this vulnerability coul...

Exploits0
Tenable Nessus
Tenable Nessus
added 2007/02/01 12:0 a.m.2962 views

ExoPHPDesk faq.php id Parameter SQL Injection

The remote host is running Exo PHPDesk, a helpdesk application written in PHP. The version of Exo PHPDesk on the remote host fails to properly sanitize input to the 'id' parameter of the 'faq.php' script before using it in database queries. Provided PHP's 'magicquotesgpc' setting is disabled, an...

6.8CVSS5.9AI score0.08539EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2007/01/18 12:0 a.m.36 views

WoltLab Burning Board search.php Multiple Parameter SQL Injection

The version of Burning Board / Burning Board Lite on the remote host fails to sanitize user input to the 'boardids' parameter of the 'search.php' script before using it in database queries. Regardless of PHP's 'registerglobals' and 'magicquotesgpc' settings, an unauthenticated, remote attacker ca...

7.5CVSS5.6AI score0.01037EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2007/01/12 12:0 a.m.298 views

WordPress Trackback 'wp-trackback.php' 'tb_id' Parameter SQL Injection

The version of WordPress on the remote host fails to properly sanitize input to the 'tbid' parameter of the 'wp-trackback.php' script before using it in database queries. An unauthenticated, remote attacker can leverage this issue to launch SQL injection attacks against the affected application,...

7.5CVSS5.9AI score0.11044EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/01/12 12:0 a.m.526 views

WordPress Trackback Charset Decoding SQL Injection

The version of WordPress on the remote host supports trackbacks in alternate character sets and decodes them after escaping SQL parameters. By specifying an alternate character set and encoding input with that character set while submitting a trackback, an unauthenticated, remote attacker can...

6.8CVSS5.7AI score0.07357EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2007/01/02 12:0 a.m.16 views

Cacti copy_cacti_user.php template_user Variable SQL Injection

The remote host is running Cacti, a web-based, front end to RRDTool for network graphing. The version of Cacti on the remote host does not properly check whether the 'copycactiuser.php' script is being run from a commandline and fails to sanitize user-supplied input before using it in database...

6.1AI score
Exploits0
securityvulns
securityvulns
added 2006/11/02 12:0 a.m.124 views

[Full-disclosure] Invision Power Board 2.1.7 debug mode vulnerability

Debug mode is a feature in IPB 2.0.0-2.1.7 that shows all database queries for each forum page requested. If Debug mode is turned on, it is possible for anyone to request a forgotten password for an account, and capture the validation key that is sent to the account's email address. This allows a...

0.9AI score
Exploits0
Exploit DB
Exploit DB
added 2006/10/30 12:0 a.m.21 views

PunBB 1.x - SQL Injection

source: https://www.securityfocus.com/bid/20786/info PunBB is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may exploit these issues to execute arbitrary script code in the context of the webserver process or to pass...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/08/17 12:0 a.m.25 views

CubeCart < 3.0.12 Multiple Vulnerabilities (SQLi, XSS)

The version of CubeCart installed on the remote host fails to properly sanitize user-supplied input to several parameters and scripts before using it in database queries and to generate dynamic web content. An unauthenticated attacker may be able to exploit these issues to conduct SQL injection a...

7.5CVSS5.4AI score0.03361EPSS
Exploits2References4
exploitpack
exploitpack
added 2006/07/31 12:0 a.m.11 views

Seir Anphin V666 Community Management System - Multiple SQL Injections

Seir Anphin V666 Community Management System - Multiple SQL Injections source: https://www.securityfocus.com/bid/19244/info Seir Anphin V666 Community Management System is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2006/07/26 12:0 a.m.7 views

phpBB-Auction 1.x - auction_store.php?u SQL Injection

phpBB-Auction 1.x - auctionstore.php?u SQL Injection source: https://www.securityfocus.com/bid/19179/info PHPBB-Auction is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. These vulnerabilities...

8.6AI score
Exploits0
exploitpack
exploitpack
added 2006/07/26 12:0 a.m.11 views

phpBB-Auction 1.x - auction_room.php?ar SQL Injection

phpBB-Auction 1.x - auctionroom.php?ar SQL Injection source: https://www.securityfocus.com/bid/19179/info PHPBB-Auction is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. These vulnerabilities...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2006/07/26 12:0 a.m.26 views

phpBB-Auction 1.x - &#039;auction_store.php?u&#039; SQL Injection

source: https://www.securityfocus.com/bid/19179/info PHPBB-Auction is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. These vulnerabilities could permit remote attackers to pass malicious input...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/07/26 12:0 a.m.28 views

phpBB-Auction 1.x - &#039;auction_room.php?ar&#039; SQL Injection

source: https://www.securityfocus.com/bid/19179/info PHPBB-Auction is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. These vulnerabilities could permit remote attackers to pass malicious input...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/07/24 12:0 a.m.29 views

Invision Power Board classes/class_session.php CLIENT_IP HTTP Header SQL Injection

According to its banner, the installation of Invision Power Board on the remote host reportedly fails to sanitize input to the 'CLIENTIP' HTTP request header before using it in database queries. An unauthenticated attacker may be able to leverage this issue to disclose sensitive information, modi...

7.5CVSS5.5AI score0.01297EPSS
Exploits1References1
Rows per page
Query Builder