972 matches found
CVE-2006-2912
Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the 1 albumID parameter to a viewalbum.php or b index.php, 2 imageID parameter to c popup.php, or 3 username and 4 password parameters to d admin/member.php...
Sql injection
SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum aka CAForum 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...
Sql injection
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the 1 date parameter in index.php or bypass authentication via the 2 password parameter in admin/index.php...
CVE-2006-1426
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the 1 date parameter in index.php or bypass authentication via the 2 password parameter in admin/index.php...
CVE-2006-1000
Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 newsid parameter to newsdetailsview.asp and 2 password parameter to login.asp...
Sql injection
SQL injection vulnerability in memberlogin.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the 1 username parameter, which is used by the E-mail address field, and 2 password parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the 1 username and 2 password parameters, which are not sanitized before being written to users.php. NOTE: while this issue...
Sql injection
SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 username and 2 password parameter...
Sql injection
SQL injection vulnerability in LoginValidate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp...
CVE-2006-0192
SQL injection vulnerability in LoginValidate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp...
CVE-2006-0192
SQL injection vulnerability in LoginValidate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp...
CVE-2005-3208
Multiple SQL injection vulnerabilities in 1 aeNovo, 2 aeNovoShop and 3 aeNovoWYSI allow remote attackers to execute arbitrary SQL code via a the password parameter in control.asp, and b the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages...
CVE-2002-1845
Cross-site scripting XSS vulnerability in index.php in Yet Another Bulletin Board YaBB 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password passwrd parameter...
PT-2005-2861 · Jiro · Jiro'S Upload System
Name of the Vulnerable Software and Affected Versions: JiRo's Upload System JUS version 1 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the password parameter in the login.asp file. Recommendations: For JiRo's Upload System JUS version 1, avoid...
PT-2005-2867 · Wwweb Concepts · Wwweb Concepts Events System
Name of the Vulnerable Software and Affected Versions: WWWeb Concepts Events System version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands via the password variable in the login.asp file. This can lead to unauthorized access and manipulation of database...
PT-2005-2748 · Unknown · Activenews Manager
Name of the Vulnerable Software and Affected Versions: Active News Manager affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the password variable in the "admin/login.asp" API endpoint. This could potentially lead to unauthorized...
PT-2005-2753 · Zongg · Zongg
Name of the Vulnerable Software and Affected Versions: ZonGG version 1.2 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the password parameter in the "ad/login.asp" endpoint. Recommendations: For ZonGG version 1.2, avoid using th...
PT-2005-2772 · Os4E · Unknown Product
Name of the Vulnerable Software and Affected Versions: Unknown product by Online Solutions for Educators OS4E affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the password variable in the login.asp file. This could potentially le...
CVE-2005-1750
SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...
PT-2005-2754 · Funkyasp · Funkyasp Ad System
Name of the Vulnerable Software and Affected Versions: FunkyASP AD System version 1.1 Description: The issue allows remote attackers to execute arbitrary SQL commands and gain privileges. This is achieved via the password parameter in the admin.asp file. Recommendations: For FunkyASP AD System...