Lucene search
+L

486 matches found

Exploit DB
Exploit DB
added 2005/04/06 12:0 a.m.45 views

CubeCart 2.0.x - 'view_cart.php?add' Full Path Disclosure

source: https://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These issues affect the 'index.php',...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2005/03/31 12:0 a.m.30 views

InterAKT Online MX Shop 1.1.1 - SQL Injection

source: https://www.securityfocus.com/bid/12957/info MX Shop is reportedly affected by an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. This vulnerability could permit remote attackers to pas...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2004/10/24 12:0 a.m.12 views

Phorum 5.0.11 - Read.php SQL Injection

Phorum 5.0.11 - Read.php SQL Injection source: https://www.securityfocus.com/bid/14095/info Phoroum is prone to SQL injection attacks. Insufficient sanitization of user input may allow a malicious user to manipulate the structure and logic of database queries. Successful exploitation could allow...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2004/09/30 12:0 a.m.55 views

Silent Storm Portal - Multiple Vulnerabilities

Demonstration: Register a user account then login and run the exploit.html ---exploit.html---- 1" ---/exploit.html--- That's All! What Happened? The 3rd line of exploit.html injected Administrator level "1" into the database file. 1: Administrator,2: is Normal User. milw0rm.com 2004-09-30...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/09/03 12:0 a.m.28 views

Oracle Database Server 8.1.7/9.0.x - ctxsys.driload Access Validation

source: https://www.securityfocus.com/bid/11099/info Oracle Database Server is prone to an access validation vulnerability that may permit unprivileged users to execute commands as the DBA. This could compromise the database. SQL exec ctxsys.driload.validatestmt 'create user hacker identified by...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2004/06/09 12:0 a.m.24 views

US-CERT Technical Cyber Security Alert TA04-160A -- SQL Injection Vulnerabilities in Oracle E-Business Suite

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical Cyber Security Alert TA04-160A SQL Injection Vulnerabilities in Oracle E-Business Suite Original release date: June 8, 2004 Last revised: -- Source: US-CERT Systems Affected Oracle Applications 11.0 all releases Oracle E-Business Suite 11i,...

0.8AI score
Exploits0
exploitpack
exploitpack
added 2004/06/09 12:0 a.m.19 views

cPanel 5-9 - Passwd SQL Injection

cPanel 5-9 - Passwd SQL Injection source: https://www.securityfocus.com/bid/10505/info cPanel is reportedly affected by a remote SQL injection vulnerability in the passwd script. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter input before using ...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2004/06/09 12:0 a.m.50 views

cPanel 5-9 - Passwd SQL Injection

source: https://www.securityfocus.com/bid/10505/info cPanel is reportedly affected by a remote SQL injection vulnerability in the passwd script. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter input before using it in an SQL query. The problem...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2004/05/28 12:0 a.m.22 views

jPORTAL 2.2.1 - 'print.php' SQL Injection

source: https://www.securityfocus.com/bid/10430/info JPortal is reportedly affected by a remote SQL injection vulnerability in the print.inc.php script. This issue is due to a failure of the application to properly sanitize user-supplied URI input before using it in an SQL query. As a result of...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2004/03/20 12:0 a.m.124 views

[Full-Disclosure] iDEFENSE Security Advisory 03.19.04: Borland Interbase admin.ib Administrative Access Vulnerability

Borland Interbase admin.ib Administrative Access Vulnerability iDEFENSE Security Advisory 03.19.04 www.idefense.com/application/poi/display?id=80&type=vulnerabilities March 19, 2004 I. BACKGROUND Borland Interbase is a small, high performance commercial database for Linux, Solaris, and Windows...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2004/02/18 12:0 a.m.17 views

eCommerce Corporation Online Store Kit 3.0 - shop.php?cat SQL Injection

eCommerce Corporation Online Store Kit 3.0 - shop.php?cat SQL Injection source: https://www.securityfocus.com/bid/9687/info It has been reported that Online Store Kit is prone to multiple SQL injection vulnerabilities. These issues arise due to insufficient sanitation of user-supplied input via t...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2004/02/18 12:0 a.m.57 views

eCommerce Corporation Online Store Kit 3.0 - 'shop_by_brand.php?cat_manufacturer' SQL Injection

source: https://www.securityfocus.com/bid/9687/info It has been reported that Online Store Kit is prone to multiple SQL injection vulnerabilities. These issues arise due to insufficient sanitation of user-supplied input via the URI. As a result of this a malicious user may influence database...

7AI score
Exploits0
exploitpack
exploitpack
added 2003/12/22 12:0 a.m.23 views

osCommerce 2.2 - products_id SQL Injection

osCommerce 2.2 - productsid SQL Injection source: https://www.securityfocus.com/bid/9275/info It has been reported that one of the scripts included with osCommerce fails to validate user-supplied input, rendering it vulnerable to a SQL injection attack. It has been reported that an attacker may...

0.1AI score
Exploits0
FreeBSD
FreeBSD
added 2003/12/12 12:0 a.m.15 views

SQL injection vulnerability in phpnuke

Multiple researchers have discovered multiple SQL injection vulnerabilities in some versions of Php-Nuke. These vulnerabilities may lead to information disclosure, compromise of the Php-Nuke site, or compromise of the back-end database...

1.9AI score
Exploits0References4
securityvulns
securityvulns
added 2003/12/05 12:0 a.m.29 views

Improper authentication checking in Alan Ward Acart

Vulnerability: Improper authentication checking for delete Discussion: Due to improper authentication checking a pop-up opened by any of the multiple XSS vulnerabilities by the admin of the site can cause a database compromise. Exploit: By using one of the multiple XSS vulnerabilities in this...

1.6AI score
Exploits0
Exploit DB
Exploit DB
added 2003/10/19 12:0 a.m.21 views

Geeklog 1.3.8 - Forgot Password SQL Injection

source: https://www.securityfocus.com/bid/8849/info An SQL injection vulnerability has been reported in the Geeklog "forgot password" feature introduced in Geeklog 1.3.8. Due to insufficient sanitization of user-supplied input, it is possible for remote attacks to influence database queries. This...

7AI score
Exploits0
exploitpack
exploitpack
added 2003/05/23 12:0 a.m.15 views

IISProtect 2.12.2 - Web Administration Interface SQL Injection

IISProtect 2.12.2 - Web Administration Interface SQL Injection source: https://www.securityfocus.com/bid/7675/info The IISProtect web administration interface does not properly sanitize user input. This could allow for SQL injection attacks on a Microsoft IIS server running IISProtect. Successful...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2003/04/30 12:0 a.m.25 views

Microsoft BizTalk Server 20002002 DTA - RawCustomSearchField.asp SQL Injection

Microsoft BizTalk Server 20002002 DTA - RawCustomSearchField.asp SQL Injection source: https://www.securityfocus.com/bid/7470/info A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic. The vulnerability exists in some of t...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2003/04/30 12:0 a.m.13 views

Microsoft BizTalk Server 20002002 DTA - rawdocdata.asp SQL Injection

Microsoft BizTalk Server 20002002 DTA - rawdocdata.asp SQL Injection source: https://www.securityfocus.com/bid/7470/info A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic. The vulnerability exists in some of the pages...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2003/04/30 12:0 a.m.24 views

Microsoft BizTalk Server 2000/2002 DTA - 'rawdocdata.asp' SQL Injection

source: https://www.securityfocus.com/bid/7470/info A vulnerability has been reported for BizTalk Server which may make it possible for remote users to modify database query logic. The vulnerability exists in some of the pages used by the DTA interface. This vulnerability may be the result of...

7.4AI score
Exploits0
Rows per page
Query Builder