1348 matches found
Owl Intranet Engine <= 0.91 Multiple Vulnerabilities
The remote host is running Owl Intranet Engine, a web-based document management system written in PHP. The version of Owl Intranet Engine on the remote host fails to sanitize input to the session id cookie before using it in a database query. Provided PHP's 'magicquotesgpc' setting is disabled, a...
Loudblog index.php id Parameter SQL Injection
The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The version of Loudblog installed on the remote host fails to sanitize input to the 'id' parameter of the 'index.php' script before using it in a database query. This may allow an unauthenticat...
MyBB HTTP Header 'CLIENT-IP' Field SQLi
The version of MyBB installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'CLIENT-IP' request header before using it in a database query when initiating a session in the inc/classsession.php script. A remote attacker c...
CVE-2005-4744
Off-by-one error in the sqlerror function in sqlunixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service crash and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single...
CVE-2005-4744
Off-by-one error in the sqlerror function in sqlunixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service crash and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single...
LocazoList Classifieds 1.0 - SearchDB.asp Input Validation
LocazoList Classifieds 1.0 - SearchDB.asp Input Validation source: https://www.securityfocus.com/bid/15812/info LocazoList Classifieds is prone to an input validation vulnerability that allows cross-site scripting and SQL injection attacks. An attacker may leverage this issue to have arbitrary...
Relative Real Estate Systems 1.2 - SQL Injection
Relative Real Estate Systems 1.2 - SQL Injection source: https://www.securityfocus.com/bid/15714/info Relative Real Estate Systems is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script befor...
Widget Property 1.1.19 - 'Property.php' SQL Injection
source: https://www.securityfocus.com/bid/15701/info Widget Press Widget Property is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'property.php' script before using it in an SQL query. This vulnerability...
PT-2005-3150 · Dragonfly · Dragonfly Commerce
Name of the Vulnerable Software and Affected Versions: Dragonfly Commerce versions affected versions not specified Description: The issue allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via several parameters, including the key parameter to "dc...
phpCOIN <= 1.2.2 Multiple SQL Injection Vulnerabilities
The remote host is running phpCOIN version 1.2.2 or older. These versions suffer from several SQL injection vulnerabilities due to their failure to properly sanitize input to the 'search' parameter of the 'index.php' script, the 'phpcoinsessid' parameter of the 'login.php' script and the 'id',...
wfsections 1.07 advisory
Program: wfsections Verion: 1.07 Bug Type: SQL Injection Bug Discription: ================================= In file class/wfsfiles.php, we can see this function: //START function getAllbyArticle$articleid $db =& Database::getInstance; $table = $db-prefix"wfsfiles"; $ret = array; $sql = "SELECT FR...
2BGal 2.5.1 - SQL Injection
2BGal 2.5.1 - SQL Injection source: https://www.securityfocus.com/bid/12083/info A remote SQL injection vulnerability reportedly affects 2Bgal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacker may leverag...
IPBProArcade 2.5 - SQL Injection
IPBProArcade 2.5 - SQL Injection source: https://www.securityfocus.com/bid/11719/info A remote SQL injection vulnerability reportedly affects ipbProArcade. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacker...
Simple Machines Forum %lt; 1.1.4 / 1.0.12 SQL Injection
Binary data 4574.prm...
Jaws 0.20.30.4 - ControlPanel.php SQL Injection
Jaws 0.20.30.4 - ControlPanel.php SQL Injection source: https://www.securityfocus.com/bid/10826/info JAWS is reportedly affected by a remote SQL injection vulnerability. This issue occurs in the controlpanel.php script due to a failure of the application to properly sanitize user-supplied URI...
CVE-2004-0197
Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query...
jPORTAL 2.2.1 - print.php SQL Injection
jPORTAL 2.2.1 - print.php SQL Injection source: https://www.securityfocus.com/bid/10430/info JPortal is reportedly affected by a remote SQL injection vulnerability in the print.inc.php script. This issue is due to a failure of the application to properly sanitize user-supplied URI input before...
CVE-2004-0197
Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query...
CVE-2004-0197
CVE-2004-0197 is a buffer-overrun vulnerability in the Microsoft Jet Database Engine 4.0. The issue allows remote code execution by sending a specially crafted database query to an application that uses Jet, with the attacker gaining the same privileges as the affected process. Microsoft Security...
PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection
source: https://www.securityfocus.com/bid/9948/info Reportedly the MS-Analysis module is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user supplied HTTP header input before using it in an SQL query. As a result of this, a malicious user may...