486 matches found
CubeCart 2.0.x - 'view_cart.php?add' Full Path Disclosure
source: https://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These issues affect the 'index.php',...
InterAKT Online MX Shop 1.1.1 - SQL Injection
source: https://www.securityfocus.com/bid/12957/info MX Shop is reportedly affected by an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. This vulnerability could permit remote attackers to pas...
Phorum 5.0.11 - Read.php SQL Injection
Phorum 5.0.11 - Read.php SQL Injection source: https://www.securityfocus.com/bid/14095/info Phoroum is prone to SQL injection attacks. Insufficient sanitization of user input may allow a malicious user to manipulate the structure and logic of database queries. Successful exploitation could allow...
Silent Storm Portal - Multiple Vulnerabilities
Demonstration: Register a user account then login and run the exploit.html ---exploit.html---- 1" ---/exploit.html--- That's All! What Happened? The 3rd line of exploit.html injected Administrator level "1" into the database file. 1: Administrator,2: is Normal User. milw0rm.com 2004-09-30...
Oracle Database Server 8.1.7/9.0.x - ctxsys.driload Access Validation
source: https://www.securityfocus.com/bid/11099/info Oracle Database Server is prone to an access validation vulnerability that may permit unprivileged users to execute commands as the DBA. This could compromise the database. SQL exec ctxsys.driload.validatestmt 'create user hacker identified by...
US-CERT Technical Cyber Security Alert TA04-160A -- SQL Injection Vulnerabilities in Oracle E-Business Suite
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical Cyber Security Alert TA04-160A SQL Injection Vulnerabilities in Oracle E-Business Suite Original release date: June 8, 2004 Last revised: -- Source: US-CERT Systems Affected Oracle Applications 11.0 all releases Oracle E-Business Suite 11i,...
cPanel 5-9 - Passwd SQL Injection
cPanel 5-9 - Passwd SQL Injection source: https://www.securityfocus.com/bid/10505/info cPanel is reportedly affected by a remote SQL injection vulnerability in the passwd script. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter input before using ...
cPanel 5-9 - Passwd SQL Injection
source: https://www.securityfocus.com/bid/10505/info cPanel is reportedly affected by a remote SQL injection vulnerability in the passwd script. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter input before using it in an SQL query. The problem...
jPORTAL 2.2.1 - 'print.php' SQL Injection
source: https://www.securityfocus.com/bid/10430/info JPortal is reportedly affected by a remote SQL injection vulnerability in the print.inc.php script. This issue is due to a failure of the application to properly sanitize user-supplied URI input before using it in an SQL query. As a result of...
[Full-Disclosure] iDEFENSE Security Advisory 03.19.04: Borland Interbase admin.ib Administrative Access Vulnerability
Borland Interbase admin.ib Administrative Access Vulnerability iDEFENSE Security Advisory 03.19.04 www.idefense.com/application/poi/display?id=80&type=vulnerabilities March 19, 2004 I. BACKGROUND Borland Interbase is a small, high performance commercial database for Linux, Solaris, and Windows...
eCommerce Corporation Online Store Kit 3.0 - shop.php?cat SQL Injection
eCommerce Corporation Online Store Kit 3.0 - shop.php?cat SQL Injection source: https://www.securityfocus.com/bid/9687/info It has been reported that Online Store Kit is prone to multiple SQL injection vulnerabilities. These issues arise due to insufficient sanitation of user-supplied input via t...
eCommerce Corporation Online Store Kit 3.0 - 'shop_by_brand.php?cat_manufacturer' SQL Injection
source: https://www.securityfocus.com/bid/9687/info It has been reported that Online Store Kit is prone to multiple SQL injection vulnerabilities. These issues arise due to insufficient sanitation of user-supplied input via the URI. As a result of this a malicious user may influence database...
osCommerce 2.2 - products_id SQL Injection
osCommerce 2.2 - productsid SQL Injection source: https://www.securityfocus.com/bid/9275/info It has been reported that one of the scripts included with osCommerce fails to validate user-supplied input, rendering it vulnerable to a SQL injection attack. It has been reported that an attacker may...
SQL injection vulnerability in phpnuke
Multiple researchers have discovered multiple SQL injection vulnerabilities in some versions of Php-Nuke. These vulnerabilities may lead to information disclosure, compromise of the Php-Nuke site, or compromise of the back-end database...
Improper authentication checking in Alan Ward Acart
Vulnerability: Improper authentication checking for delete Discussion: Due to improper authentication checking a pop-up opened by any of the multiple XSS vulnerabilities by the admin of the site can cause a database compromise. Exploit: By using one of the multiple XSS vulnerabilities in this...
Geeklog 1.3.8 - Forgot Password SQL Injection
source: https://www.securityfocus.com/bid/8849/info An SQL injection vulnerability has been reported in the Geeklog "forgot password" feature introduced in Geeklog 1.3.8. Due to insufficient sanitization of user-supplied input, it is possible for remote attacks to influence database queries. This...
IISProtect 2.12.2 - Web Administration Interface SQL Injection
IISProtect 2.12.2 - Web Administration Interface SQL Injection source: https://www.securityfocus.com/bid/7675/info The IISProtect web administration interface does not properly sanitize user input. This could allow for SQL injection attacks on a Microsoft IIS server running IISProtect. Successful...
Microsoft BizTalk Server 20002002 DTA - RawCustomSearchField.asp SQL Injection
Microsoft BizTalk Server 20002002 DTA - RawCustomSearchField.asp SQL Injection source: https://www.securityfocus.com/bid/7470/info A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic. The vulnerability exists in some of t...
Microsoft BizTalk Server 20002002 DTA - rawdocdata.asp SQL Injection
Microsoft BizTalk Server 20002002 DTA - rawdocdata.asp SQL Injection source: https://www.securityfocus.com/bid/7470/info A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic. The vulnerability exists in some of the pages...
Microsoft BizTalk Server 2000/2002 DTA - 'rawdocdata.asp' SQL Injection
source: https://www.securityfocus.com/bid/7470/info A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic. The vulnerability exists in some of the pages used by the DTA interface. This vulnerability may be the result of...