267 matches found
Multiple vulnerabilities in Database Administration (dba) module
The Database Administration dba module allows site administrators with sufficient privileges to view and directly modify the Drupal database tables for a site. Numerous cross-site scripting XSS vulnerabilities were discovered when the administrator runs queries to display data from the database,...
MOTIONBORG Web Real Estate <= 2.1 SQL Injection Vulnerability
No description provided by source. Title : MOTIONBORG Web Real Estate = v2.1 Remote SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.motionborg.com $$ : Unlimited Agents- $1,475.00 ajann SQL Injector Beta= Script Tables & Columns -dtproperties- id objectid property value...
easy notes manager sql injection and authentication bypass
easy notes manager eNM version 0.0.1, available at http://217.172.179.216/evandor/html/index.php?id=103 is affected by multiple sql injection vulnerability due to a missing check of the user supplied input. An attacker can bypass the authentication procedure and get a full dump of the database...
webSPELL 4.01.01 - 'getsquad' SQL Injection
WebSPELL = 4.01.01 getsquad Remote SQL Injection Exploit by: Kiba EXPLOIT: http://PAGE/PATH/index.php?site=squads&getsquad=Where+1=0+Union+Select+1,1,username,1,password,1+from+PREFIXuser/ REPLACE: if the website is http://yourwebsite.de/webspell/index.php PAGE with "yourwebsite.de" PATH with...
Invision Power Board 2.1 < 2.1.6 - SQL Injection (1)
!/usr/bin/perl Invision Power Board v2.1 "r57ipb216gui" ; $mw-geometry '420x550' ; $mw-resizable0,0; $mw-Label-text = '!', -font = 'Webdings 22'-pack; $mw-Label-text = 'Invision Power Board 2.1. 'Verdana 7 bold',-foreground='red'-pack; $mw-Label-text = ''-pack; $fleft=$mw-Frame-pack -side = 'left...
Oracle views fail to enforce table security settings
Overview A vulnerability in the way Oracle handles views may allow an attacker to modify privileged database information. Description Database Views A view is a queryable aggregation of data from one or more tables that is stored and maintained. The Problem A vulnerability in the way that Oracle...
CVE-2004-1828
Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to uninstall.php...