1167 matches found
Digiappz Freekot 1.01 - ASP SQL Injection
source: https://www.securityfocus.com/bid/19768/info Digiappz Freekot is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. A successful exploit could allow an attacker to compromise the application, retrieve sensitive information, or modify data...
VWar 1.x - war.php?page Cross-Site Scripting
VWar 1.x - war.php?page Cross-Site Scripting source: https://www.securityfocus.com/bid/19327/info Vwar is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues. These issues occur because the application fails to properly sanitize user-supplie...
Loudblog index.php id Parameter SQL Injection
The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The version of Loudblog installed on the remote host fails to sanitize input to the 'id' parameter of the 'index.php' script before using it in a database query. This may allow an unauthenticat...
LinksCaffe 3.0 - 'links.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/19149/info LinksCaffe is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successf...
Webvizyon - 'SayfalaAltList.asp' SQL Injection
source: https://www.securityfocus.com/bid/18899/info Webvizyon is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, o...
Ocean12 Technologies Calendar Manager Pro 1.0 1 - adminmain.asp?date SQL Injection
Ocean12 Technologies Calendar Manager Pro 1.0 1 - adminmain.asp?date SQL Injection source: https://www.securityfocus.com/bid/17877/info Calendar Manager Pro is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issu...
Default credentials
The 1 shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the 2 NetAccess database file has world readable and writable permissions, which allows local users to view sensitive...
CVE-2006-2045
The 1 shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the 2 NetAccess database file has world readable and writable permissions, which allows local users to view sensitive...
CVE-2006-2045
The 1 shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the 2 NetAccess database file has world readable and writable permissions, which allows local users to view sensitive...
Cartweaver 2.16.11 - Results.cfm SQL Injection
Cartweaver 2.16.11 - Results.cfm SQL Injection source: https://www.securityfocus.com/bid/17941/info Cartweaver ColdFusion is prone to SQL-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input before using it in SQL queries. Successfu...
Cartweaver 2.16.11 - 'Results.cfm' SQL Injection
source: https://www.securityfocus.com/bid/17941/info Cartweaver ColdFusion is prone to SQL-injection vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input before using it in SQL queries. Successful exploits could allow an attacker to compromis...
PHPKIT 1.6.1 R2 - 'Include.php' SQL Injection
source: https://www.securityfocus.com/bid/17467/info PHPKIT is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...
[Full-disclosure] Oracle read-only user can insert/update/delete data via specially crafted views
Hello Full Disclosure Last Thursday 6th April 2006, Oracle released a note on the Oracle knowledgebase Metalink with details about an unfixed security vulnerability =0day and a working test case =exploit code which effects all versions of Oracle from 9.2.0.0 to 10.2.0.3. This note "363848.1 - A...
O2PHP Oxygen 1.01.1 - post.php SQL Injection
O2PHP Oxygen 1.01.1 - post.php SQL Injection source: https://www.securityfocus.com/bid/17324/info Oxygen is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit cou...
DSLogin 1.0 - index.php Multiple SQL Injections
DSLogin 1.0 - index.php Multiple SQL Injections source: https://www.securityfocus.com/bid/17262/info DSLogin is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...
SaPHPLesson 2.0 - 'print.php' SQL Injection
source: https://www.securityfocus.com/bid/17239/info SaphpLesson is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...
Invision Power Board 2.1.5 - showtopic SQL Injection
source: https://www.securityfocus.com/bid/16971/info Invision Power Board is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...
DCI-Designs Dawaween 1.03 - Poems.php SQL Injection
DCI-Designs Dawaween 1.03 - Poems.php SQL Injection source: https://www.securityfocus.com/bid/16909/info Dawaween is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploits could allow a remote attacker...
NZ eCommerce System - index.php Multiple SQL Injections
NZ eCommerce System - index.php Multiple SQL Injections source: https://www.securityfocus.com/bid/16931/info NZ Ecommerce is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. A successful exploit could...
HiveMail 1.2.21.3 - addressbook.update.php?contactgroupid Arbitrary PHP Command Execution
HiveMail 1.2.21.3 - addressbook.update.php?contactgroupid Arbitrary PHP Command Execution source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL...