701 matches found
DUamazon Pro Multiple Scripts SQL Injection
The remote host is running DUamazon Pro, an ASP-based storefront from DUware for Amazon affiliates. The installed version of DUamazon Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database...
Simple Machines Forum msg Parameter SQL Injection Vulnerability
The remote host is running Simple Machines Forum SMF, an open source web forum application written in PHP. The installed version of SMF on the remote host fails to properly sanitize input to the 'msg' parameter before using it in SQL queries. By exploiting this flaw, an attacker can affect databa...
ProductCart Multiple Scripts SQL Injection
The remote host is running a version of the ProductCart shopping cart software that fails to properly sanitize user-supplied input before using it in SQL queries. An attacker may be able to exploit these flaws to alter database queries, disclose sensitive information, or conduct other such attack...
PT-2005-2748 · Unknown · Activenews Manager
Name of the Vulnerable Software and Affected Versions: Active News Manager affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the password variable in the "admin/login.asp" API endpoint. This could potentially lead to unauthorized...
Qualiteam X-Cart 4.0.8 - giftcert.php Multiple Cross-Site Scripting Vulnerabilities
Qualiteam X-Cart 4.0.8 - giftcert.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-suppli...
Qualiteam X-Cart 4.0.8 - error_message.php?id Cross-Site Scripting
Qualiteam X-Cart 4.0.8 - errormessage.php?id Cross-Site Scripting source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These...
Qualiteam X-Cart 4.0.8 - 'register.php?mode' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remote attackers to pass malicious inpu...
Qualiteam X-Cart 4.0.8 - 'error_message.php?id' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remote attackers to pass malicious inpu...
Qualiteam X-Cart 4.0.8 - 'help.php?section' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remote attackers to pass malicious inpu...
Qualiteam X-Cart 4.0.8 - 'orders.php?mode' SQL Injection
source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remote attackers to pass malicious inpu...
Qualiteam X-Cart 4.0.8 - 'register.php?mode' SQL Injection
source: https://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remote attackers to pass malicious inpu...
India Software Solution Shopping Cart - SQL Injection
India Software Solution Shopping Cart - SQL Injection source: https://www.securityfocus.com/bid/13812/info India Software Solution Shopping Cart is prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in...
India Software Solution Shopping Cart - SQL Injection
source: https://www.securityfocus.com/bid/13812/info India Software Solution Shopping Cart is prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. All...
e107 Website System 0.617 - Forum_viewforum.php SQL Injection
e107 Website System 0.617 - Forumviewforum.php SQL Injection source: https://www.securityfocus.com/bid/13576/info e107 Website System is prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification...
e107 Website System 0.617 - 'Forum_viewforum.php' SQL Injection
source: https://www.securityfocus.com/bid/13576/info e107 Website System is prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks...
Invision Power Board < 2.0.4 Multiple Vulnerabilities (SQLi, XSS)
According to its banner, the version of Invision Power Board on the remote host suffers from multiple vulnerabilities : - SQL Injection Vulnerability The application fails to sanitize user-input supplied through the 'passhash' cookie in the 'sources/login.php' script, which can be exploited to...
CJ Ultra Plus 1.0.31.0.4 - OUT.php SQL Injection
CJ Ultra Plus 1.0.31.0.4 - OUT.php SQL Injection source: https://www.securityfocus.com/bid/13533/info CJ Ultra Plus is prone to an SQL injection vulnerability. This issue affects the 'out.php' script and could permit remote attackers to pass malicious input to database queries, resulting in...
DUPortal/DUPortal Pro Multiple Scripts SQL Injection (1)
The remote host is running DUPortal, a content management system written in ASP. The remote version of this software is vulnerable to several SQL injection vulnerabilities in files 'details.asp', 'search.asp', 'default.asp' , 'cat.asp' and more. With a specially crafted URL, an attacker can explo...
phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities
The installed version of phpBB on the remote host includes a photo album module that has multiple vulnerabilities: - A SQL Injection Vulnerability An attacker can pass arbitrary SQL code through the 'mode' parameter of the 'albumsearch.php' script to manipulate database queries. - Various...
Azerbaijan Development Group AzDGDatingPlatinum 1.1.0 - view.php?id SQL Injection
Azerbaijan Development Group AzDGDatingPlatinum 1.1.0 - view.php?id SQL Injection source: https://www.securityfocus.com/bid/13082/info AzDGDatingPlatinum is reported prone to multiple vulnerabilities. The following specific issues were identified: - Multiple SQL-injection vulnerabilities. These...