Lucene search
K

972 matches found

NVD
NVD
added 2006/06/09 10:2 a.m.11 views

CVE-2006-2912

Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the 1 albumID parameter to a viewalbum.php or b index.php, 2 imageID parameter to c popup.php, or 3 username and 4 password parameters to d admin/member.php...

7.5CVSS8.7AI score0.01967EPSS
Exploits3References11
Prion
Prion
added 2006/06/05 5:2 p.m.13 views

Sql injection

SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum aka CAForum 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

7.5CVSS9.3AI score0.01337EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2006/03/28 8:2 p.m.15 views

Sql injection

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the 1 date parameter in index.php or bypass authentication via the 2 password parameter in admin/index.php...

7.5CVSS9.7AI score0.01935EPSS
Exploits1References8
NVD
NVD
added 2006/03/28 8:2 p.m.16 views

CVE-2006-1426

Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the 1 date parameter in index.php or bypass authentication via the 2 password parameter in admin/index.php...

7.5CVSS8.9AI score0.01935EPSS
Exploits1References8
Cvelist
Cvelist
added 2006/03/06 8:0 p.m.26 views

CVE-2006-1000

Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 newsid parameter to newsdetailsview.asp and 2 password parameter to login.asp...

8.9AI score0.03308EPSS
Exploits1References10
Prion
Prion
added 2006/02/15 10:6 p.m.11 views

Sql injection

SQL injection vulnerability in memberlogin.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the 1 username parameter, which is used by the E-mail address field, and 2 password parameter...

7.5CVSS9.3AI score0.01244EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2006/02/13 11:6 a.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the 1 username and 2 password parameters, which are not sanitized before being written to users.php. NOTE: while this issue...

3.5CVSS6.5AI score0.01109EPSS
Exploits1References8Affected Software1
Prion
Prion
added 2006/01/19 1:3 a.m.9 views

Sql injection

SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the 1 username and 2 password parameter...

7.5CVSS9.4AI score0.01377EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2006/01/13 11:3 a.m.11 views

Sql injection

SQL injection vulnerability in LoginValidate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp...

7.5CVSS9.1AI score0.02149EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2006/01/13 11:3 a.m.10 views

CVE-2006-0192

SQL injection vulnerability in LoginValidate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp...

7.5CVSS8.4AI score0.02149EPSS
Exploits0References7
Cvelist
Cvelist
added 2006/01/13 11:0 a.m.15 views

CVE-2006-0192

SQL injection vulnerability in LoginValidate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp...

8.4AI score0.02149EPSS
Exploits0References7
Cvelist
Cvelist
added 2005/10/14 4:0 a.m.23 views

CVE-2005-3208

Multiple SQL injection vulnerabilities in 1 aeNovo, 2 aeNovoShop and 3 aeNovoWYSI allow remote attackers to execute arbitrary SQL code via a the password parameter in control.asp, and b the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages...

7.8AI score0.02152EPSS
Exploits1References10
Cvelist
Cvelist
added 2005/06/28 4:0 a.m.24 views

CVE-2002-1845

Cross-site scripting XSS vulnerability in index.php in Yet Another Bulletin Board YaBB 1.40 and 1.41 allows remote attackers to inject arbitrary web script or HTML via the password passwrd parameter...

5.9AI score0.0359EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2005/06/08 12:0 a.m.4 views

PT-2005-2861 · Jiro · Jiro'S Upload System

Name of the Vulnerable Software and Affected Versions: JiRo's Upload System JUS version 1 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the password parameter in the login.asp file. Recommendations: For JiRo's Upload System JUS version 1, avoid...

7.5CVSS8.3AI score0.01211EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2005/06/05 12:0 a.m.4 views

PT-2005-2867 · Wwweb Concepts · Wwweb Concepts Events System

Name of the Vulnerable Software and Affected Versions: WWWeb Concepts Events System version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands via the password variable in the login.asp file. This can lead to unauthorized access and manipulation of database...

7.5CVSS8.5AI score0.01316EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2005/05/31 12:0 a.m.4 views

PT-2005-2748 · Unknown · Activenews Manager

Name of the Vulnerable Software and Affected Versions: Active News Manager affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the password variable in the "admin/login.asp" API endpoint. This could potentially lead to unauthorized...

7.5CVSS7.8AI score0.01316EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2005/05/31 12:0 a.m.5 views

PT-2005-2753 · Zongg · Zongg

Name of the Vulnerable Software and Affected Versions: ZonGG version 1.2 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the password parameter in the "ad/login.asp" endpoint. Recommendations: For ZonGG version 1.2, avoid using th...

7.5CVSS8.2AI score0.0133EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2005/05/28 12:0 a.m.4 views

PT-2005-2772 · Os4E · Unknown Product

Name of the Vulnerable Software and Affected Versions: Unknown product by Online Solutions for Educators OS4E affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the password variable in the login.asp file. This could potentially le...

7.5CVSS7.7AI score0.0112EPSS
Exploits0References6
NVD
NVD
added 2005/05/25 4:0 a.m.12 views

CVE-2005-1750

SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

7.5CVSS8.5AI score0.0133EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2005/05/25 12:0 a.m.4 views

PT-2005-2754 · Funkyasp · Funkyasp Ad System

Name of the Vulnerable Software and Affected Versions: FunkyASP AD System version 1.1 Description: The issue allows remote attackers to execute arbitrary SQL commands and gain privileges. This is achieved via the password parameter in the admin.asp file. Recommendations: For FunkyASP AD System...

7.5CVSS8AI score0.01345EPSS
Exploits1References5
Rows per page
Query Builder