PT-2005-3150 · Dragonfly · Dragonfly Commerce

Name of the Vulnerable Software and Affected Versions: Dragonfly Commerce versions affected versions not specified Description: The issue allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via several parameters, including the key parameter to "dc...

phpCOIN <= 1.2.2 Multiple SQL Injection Vulnerabilities

The remote host is running phpCOIN version 1.2.2 or older. These versions suffer from several SQL injection vulnerabilities due to their failure to properly sanitize input to the 'search' parameter of the 'index.php' script, the 'phpcoinsessid' parameter of the 'login.php' script and the 'id',...

wfsections 1.07 advisory

Program: wfsections Verion: 1.07 Bug Type: SQL Injection Bug Discription: ================================= In file class/wfsfiles.php, we can see this function: //START function getAllbyArticle$articleid $db =& Database::getInstance; $table = $db-prefix"wfsfiles"; $ret = array; $sql = "SELECT FR...

2BGal 2.5.1 - SQL Injection

2BGal 2.5.1 - SQL Injection source: https://www.securityfocus.com/bid/12083/info A remote SQL injection vulnerability reportedly affects 2Bgal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacker may leverag...

IPBProArcade 2.5 - SQL Injection

IPBProArcade 2.5 - SQL Injection source: https://www.securityfocus.com/bid/11719/info A remote SQL injection vulnerability reportedly affects ipbProArcade. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacker...

Simple Machines Forum %lt; 1.1.4 / 1.0.12 SQL Injection

Binary data 4574.prm...

Jaws 0.20.30.4 - ControlPanel.php SQL Injection

Jaws 0.20.30.4 - ControlPanel.php SQL Injection source: https://www.securityfocus.com/bid/10826/info JAWS is reportedly affected by a remote SQL injection vulnerability. This issue occurs in the controlpanel.php script due to a failure of the application to properly sanitize user-supplied URI...

CVE-2004-0197

Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query...

jPORTAL 2.2.1 - print.php SQL Injection

jPORTAL 2.2.1 - print.php SQL Injection source: https://www.securityfocus.com/bid/10430/info JPortal is reportedly affected by a remote SQL injection vulnerability in the print.inc.php script. This issue is due to a failure of the application to properly sanitize user-supplied URI input before...

CVE-2004-0197

Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query...

CVE-2004-0197

CVE-2004-0197 is a buffer-overrun vulnerability in the Microsoft Jet Database Engine 4.0. The issue allows remote code execution by sending a specially crafted database query to an application that uses Jet, with the attacker gaining the same privileges as the affected process. Microsoft Security...

PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection

source: https://www.securityfocus.com/bid/9948/info Reportedly the MS-Analysis module is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user supplied HTTP header input before using it in an SQL query. As a result of this, a malicious user may...

Invision Power Top Site List 1.1 RC 2 - SQL Injection

Invision Power Top Site List 1.1 RC 2 - SQL Injection Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 1.1 RC 2 Website: http://www.invisiontsl.com/ BID: 9945 Description: Invision Power Top Site List is a flexible site...

PHP-Nuke 6.x7.x - Public Message SQL Injection

PHP-Nuke 6.x7.x - Public Message SQL Injection source: https://www.securityfocus.com/bid/9615/info It has been reported that the 'public message' feature of PHP-Nuke is vulnerable to an SQL injection vulnerability. The issue is due to improper sanitization of user-defined parameters supplied to t...

YABB SE 1.x - SSI.php ID_MEMBER SQL Injection

YABB SE 1.x - SSI.php IDMEMBER SQL Injection source: https://www.securityfocus.com/bid/9449/info A problem with YaBB SE could make it possible for a remote user launch SQL injection attacks. It has been reported that a problem exists in the SSI.php script distributed as part of YaBB SE. Due to...

PHP-Nuke 6.6 - &#039;admin.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/8798/info It has been reported that PHP-Nuke is prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The issue is said to occur within the admin.php file, specifically when...

Microsoft BizTalk Server 2000/2002 DTA - &#039;RawCustomSearchField.asp&#039; SQL Injection

source: https://www.securityfocus.com/bid/7470/info A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic. The vulnerability exists in some of the pages used by the DTA interface. This vulnerability may be the result of...

Buffer overflows in Microsoft SQL Server 7.0 and SQL Server 2000

Overview There is a buffer overflow in Microsoft SQL Server 2000 and SQL Server 7.0 which could allow an intruder to execute arbitrary code on vulnerable systems. Description Microsoft Windows SQL Server 2000 and SQL Server 7.0 contain a buffer overflow in functions associated with text messages...

CVE-2000-0325

The CVE-2000-0325 entry concerns the Microsoft Jet database engine, where an attacker can execute commands through a database query via the VBA Shell vulnerability. The available sources (NVD/CVE listing) describe command execution as the impact, but do not provide details on affected product ver...

CVE-2000-0325

The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability...