738 matches found
[EXPL] Invision Power Board SQL Injection Vulnerability (member_id, Exploit)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
MetaCart E-Shop V-8 - 'IntProdID' SQL Injection
source: https://www.securityfocus.com/bid/13376/info An SQL injection vulnerability affects MetaCart e-Shop V-8. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to manipulate SQL...
PunBB profile.php id Parameter SQL Injection
According to its banner, the version of PunBB installed on the remote host fails to properly sanitize user input to the script 'profile.php' through the 'changeemail' parameter prior to using it in a SQL query. Once authenticated, an attacker can exploit this flaw to manipulate database queries,...
MercuryBoard 1.1 - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/12359/info Multiple input validation vulnerabilities affect MercuryBoard. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in critical functionality. An attacker may leverage these issues to...
FreezingCold Broadboard - 'search.asp' SQL Injection
source: https://www.securityfocus.com/bid/11250/info Reportedly BroadBoard Message Board is affected by multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI input prior to using it in an SQL query. An attacker may...
Jaws 0.2/0.3/0.4 - 'ControlPanel.php' SQL Injection
source: https://www.securityfocus.com/bid/10826/info JAWS is reportedly affected by a remote SQL injection vulnerability. This issue occurs in the controlpanel.php script due to a failure of the application to properly sanitize user-supplied URI parameter input before using it in an SQL query...
PHPGedView 2.52.6 - Timeline.php SQL Injection
PHPGedView 2.52.6 - Timeline.php SQL Injection source: https://www.securityfocus.com/bid/11925/info It is reported that PhpGedView is susceptible to a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to including ...
phpBB 2.0.x - 'profile.php' SQL Injection
source: https://www.securityfocus.com/bid/8994/info A SQL injection vulnerability has been reported for phpBB systems. phpBB, in some cases, does not sufficiently sanitize user-supplied input, which is used when constructing SQL queries to execute on the underlying database. As a result, it is...
pnews.txt
Admin Access Vulnerability in P-News 1.6 Url: http://www.ppopn.net It is possible to gain admin access if you possess a 'Member' account due to a flaw in the 'p-news.php' file. You can inject an entire arbitrary account, including all the fields, into the 'Name' field, which will push all the...
PHP-Nuke 6.0/6.5 Forum Module - 'viewtopic.php' SQL Injection
source: https://www.securityfocus.com/bid/7193/info It has been reported that an input validation error exists in the 'viewtopic.php' script included with PHPNuke as part of the Forum module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker ...
PHP-Nuke 5.6/6.x News Module - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/7173/info It has been reported that an input validation error exists in the index.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to...
PHP-Nuke 5.66.x News Module - index.php SQL Injection
PHP-Nuke 5.66.x News Module - index.php SQL Injection source: https://www.securityfocus.com/bid/7173/info It has been reported that an input validation error exists in the index.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string...
PHP-Nuke 5.66.x - banners.php Banner Manager Password Disclosure
PHP-Nuke 5.66.x - banners.php Banner Manager Password Disclosure source: https://www.securityfocus.com/bid/7170/info It has been reported that an input validation error exists in the banners.php file included with PHPNuke. Because of this, an attacker could send a malicious string through PHPNuke...
PHP-Nuke 5.6/6.x - 'banners.php' Banner Manager Password Disclosure
source: https://www.securityfocus.com/bid/7170/info It has been reported that an input validation error exists in the banners.php file included with PHPNuke. Because of this, an attacker could send a malicious string through PHPNuke that would allow the attacker to manipulate the database, and...
Multiple Vulnerabilities in CafeLog Weblog Package
Security Advisory: Multiple Vulnerabilities in CafeLog Weblog Package Additional Details: http://www.murphy.101main.net/vulns/2002-26.txt Issue: Multiple vulnerabilities -- the most serious could allow malicious users to execute commands against a web server running the vulnerable package. Risk:...
IBM Informix Web DataBlade: SQL injection
IBM Informix Web DataBlade: SQL injection By Simon Lodal, Denmark Vendor status: Notified months ago, said they would be working on updates, never heard anything. Software: Web DataBlade 4.12, IDS 9.20/9.21, Linux 2.2/2.4, SunOS 5.7 OS, IDS and WDB versions seem to be irrelevant. Impact: SQL code...
GOBBLES CGI MARATHON #001
PRODUCT AdRotate Pro http://www.vanbrunt.com/adrotate/ This is used by a lot of sites out there in the wild. DESCRIPTION AdRotate is ad rotating software written in Perl language, which uses DBI with mysql driver to access database. Included with software is module adrotate.pm which contains...
UNIX locale format string vulnerability
CORE SDI http://www.core-sdi.com UNIX locale format string vulnerability Date Published: September 4th, 2000 early release Advisory ID: CORE-090400 Bugtraq ID: 1634 CVE CAN: None currently assigned. Title: UNIX locale format string vulnerability Class: Input Validation Error Remotely Exploitable:...