Lucene search
K

971 matches found

Prion
Prion
added 2009/01/27 1:30 a.m.12 views

Sql injection

SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

7.5CVSS9.2AI score0.00999EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2009/01/23 7:0 p.m.12 views

CVE-2008-5959

Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the 1 useremail parameter aka username field or 2 password parameter aka password field. NOTE: some of these details are obtained from third party information...

7.5CVSS8.6AI score0.0101EPSS
Exploits0References4
Cvelist
Cvelist
added 2009/01/23 6:38 p.m.18 views

CVE-2008-5959

Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the 1 useremail parameter aka username field or 2 password parameter aka password field. NOTE: some of these details are obtained from third party information...

8.6AI score0.0101EPSS
Exploits0References4
NVD
NVD
added 2009/01/12 8:0 p.m.23 views

CVE-2008-5892

Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via 1 the ID parameter to admindblayers.asp in an update action, 2 the adminid parameter to adminloginCheck.asp aka the USERNAME field in adminmain.asp, and 3 the PassWord parameter to...

7.5CVSS8.5AI score0.00973EPSS
Exploits1References4
Cvelist
Cvelist
added 2009/01/12 7:27 p.m.16 views

CVE-2008-5888

Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 hitcounter.asp, 2 userdelete.asp, and 3 userupdate.asp; 4 the userid parameter to adminlogin.asp aka the USERNAME field in admin.asp; and 5 the PassWord paramete...

8.5AI score0.00973EPSS
Exploits1References4
Prion
Prion
added 2008/12/17 5:30 p.m.13 views

Sql injection

SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the 1 useremail parameter aka username field or the 2 password parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS9.2AI score0.00999EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2008/12/17 5:30 p.m.12 views

Sql injection

SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the 1 username parameter aka Email field or the 2 password parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS9.2AI score0.00999EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2008/12/17 5:0 p.m.21 views

CVE-2008-5627

SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the 1 username parameter aka Email field or the 2 password parameter. NOTE: some of these details are obtained from third party information...

8.5AI score0.00999EPSS
Exploits0References3
Prion
Prion
added 2008/12/16 7:7 p.m.15 views

Sql injection

SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter aka passwd field in a login action. NOTE: some of these details are obtained from third party information...

7.5CVSS9.2AI score0.01042EPSS
Exploits0References5
Cvelist
Cvelist
added 2008/12/16 6:0 p.m.21 views

CVE-2008-5599

SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter aka passwd field in a login action. NOTE: some of these details are obtained from third party information...

8.5AI score0.01042EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2008/01/08 11:46 a.m.2 views

CVE-2007-6671

SQL injection vulnerability in loginform.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information...

7.5CVSS6.3AI score0.01214EPSS
Exploits2References8
Prion
Prion
added 2007/12/20 8:46 p.m.14 views

Sql injection

SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

6.8CVSS8.9AI score0.00927EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2007/12/20 8:46 p.m.12 views

CVE-2007-6484

SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

6.8CVSS8.2AI score0.00927EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2007/12/20 8:46 p.m.2 views

CVE-2007-6484

SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

6.8CVSS6.3AI score0.00927EPSS
Exploits0References2
Cvelist
Cvelist
added 2007/12/20 8:0 p.m.17 views

CVE-2007-6484

SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

8.2AI score0.00927EPSS
Exploits0References1
CVE
CVE
added 2007/12/17 6:0 p.m.51 views

CVE-2007-6399

CVE-2007-6399 affects Flat PHP Board 1.2 and earlier. The vulnerability allows remote authenticated users to obtain the current user’s password by reading the password parameter value in the HTML source of the page generated by a profile action. The underlying cause is exposure of the password pa...

6.5CVSS6.3AI score0.0207EPSS
Exploits0References4Affected Software1
seebug.org
seebug.org
added 2007/11/30 12:0 a.m.24 views

GOUAE DWD Realty密码参数SQL注入漏洞

GOUAE DWD Realty是一款基于PHP的WEB应用程序。 GOUAE DWD Realty不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于脚本对用户提交的用户名参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或可能操作数据库。 GOUAE DWD Reality 目前没有解决方案提供: http://ebusiness.gouae.com/realty.asp Username: Admin Password: anything' OR 'x'='x...

7.1AI score
Exploits0
Prion
Prion
added 2007/11/29 1:46 a.m.12 views

Sql injection

SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword aka Password parameter. NOTE: some of these details are obtained from third party information...

7.5CVSS8.6AI score0.00991EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/11/29 1:0 a.m.21 views

CVE-2007-6163

SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword aka Password parameter. NOTE: some of these details are obtained from third party information...

8.2AI score0.00991EPSS
Exploits0References5
Prion
Prion
added 2007/11/27 7:46 p.m.18 views

Sql injection

SQL injection vulnerability in default.asp aka the Login Page in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter...

7.5CVSS8.9AI score0.01173EPSS
Exploits1References5
Rows per page
Query Builder