CVE-2009-1804

CVE-2009-1804 refers to multiple SQL injection vulnerabilities in VideoScript.us YouTube Video Script, specifically in admin/index.php, where the attacker can manipulate the (1) username and (2) password parameters to execute arbitrary SQL commands remotely. The affected software/function is the ...

TCPDB Security Bypass Vulnerability

This host is installed with TCPDB and is prone to security bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodtcpdbsecbypassvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ TCPDB Security Bypass Vulnerability Authors: Nikita MR Copyright: Copyright c 2009 SecPod, http://www.secpod.com This...

Kensei Board <= 2.0.0b Multiple SQL Injection Vulnerabilities

No description provided by source. Kensei Board = 2.0.0b Multiple Remote SQL Injection Vulnerabilities Bug found && Exploited by cOndemned Greetz: SELECT FROM friends Download Script : http://www.kenseiboard.com/counter/click.php?id=2 --- source of index.php : ... 87. if $incfunction == "showforu...

Directory traversal

Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal...

CVE-2009-1774

Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal...

CVE-2009-1766

CVE-2009-1766 affects LightOpenCMS 0.1, where a SQL injection in index.php allows remote attackers to execute arbitrary SQL commands via the id parameter. The vulnerability arises in the input handling of id, enabling manipulation of the underlying database query. Public references include exploi...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in Catviz 0.4.0 beta 1 allow remote attackers to inject arbitrary web script or HTML via the 1 usermanform and 2 webpagesform parameters...

CVE-2009-1747

CVE-2009-1747 is a SQL injection vulnerability in the 26th Avenue bSpeak 1.10 application. The issue resides in index.php during a post action and can be triggered via the forumid parameter, allowing remote attackers to execute arbitrary SQL commands. The NVD entry lists a CVSSv2 base score of 7....

CVE-2009-1747

SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action...

Sql injection

SQL injection vulnerability in the GridSupport GS Ticket System comgsticketsystem component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php...

OpenBB index.php CID参数远程SQL注入漏洞

BUGTRAQ: 7401 OpenBB包含的'index.php'脚本对输入缺少充分检查，远程攻击者可以利用这个漏洞插入任意SQL命令到数据，导致信息泄露、数据破坏。 index.php脚本对CID参数过滤不充分，攻击者只要在参数数字后增加空格值，就可以在后面追加相关的SQL命令，注入恶意SQL命令可以导致数据库信息泄露，或破坏数据库。 OpenBB 1.0.5.-1.1.0 厂商补丁： OpenBB ------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.openbb.co.uk/...

OpenBB 1.0.6 index.php远程SQL注入漏洞

BUGTRAQ: 9300 OpenBB包含的index.php脚本对用户提交的数据缺少充分过滤，远程攻击者可以利用这个漏洞进行SQL注入攻击，可修改数据信息或获得敏感信息。 问题是index.php脚本对 CID 参数输入缺少充分过滤，可导致攻击者提交包含恶意SQL命令作为参数，会修改原来的SQL逻辑，获取数据库敏感信息，如管理员密码HASH信息，利用这些信息可能进一步控制论坛系统。 OpenBB 1.0.6 如果您不能立刻安装补丁或者升级，建议您采取以下措施以降低威胁： 在index.php文件，找到187行： $queryfcs-free; $queryforums = new...

CVE-2009-1670

user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information...

CVE-2009-1670

TCPDB 3.8 is vulnerable to a security bypass where user/index.php does not require administrative authentication, allowing remote attackers to add admin accounts via unspecified vectors. This is documented in multiple sources (NVD entry CVE-2009-1670 and OpenVAS entries) with CVSS base score 7.5 ...

CVE-2009-1670

user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information...

Sql injection

Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 Password fields, as reachable from admin/index.php...

CVE-2009-1661

SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php...

Directory traversal

Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the show parameter...

CVE-2009-1624

Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. dot dot in the show parameter...

RTWebalbum 1.0.462 (AlbumID) Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ======================================================== RTWebalbum 1.0.462 AlbumID Blind SQL Injection Exploit ======================================================== !/usr/bin/perl...