53 matches found
Nagasaki Electronic Prefectural Office System SQL injection vulnerability
Overview Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system contains SQL injection vulnerabilities. Impact A remote attacker may view or modify the database contents. Solution None...
PT-2008-2989 · Phpbp · Phpbp
Name of the Vulnerable Software and Affected Versions: phpBP version 2.204 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the id parameter in a "banner out" action. The vulnerable file is includes/functions/banners-external.php...
PT-2007-4557 · Postgresql +1 · Postgresql +1
Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 8.1 and later Description: The issue allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries. This is possible when local trust authentication is enabled and the Database Link library dblink ...
CVE-2006-6289
Woltlab Burning Board wBB Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbbuserid parameter to the top-level URI...
PT-2005-5482 · Unknown · Land Down Under
Name of the Vulnerable Software and Affected Versions: Land Down Under LDU versions v801 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via parameters including 1 the m parameter in "auth.php", 2 the f parameter in "events.php", ...
phpMyWebHosting Authentication SQL Injection
The remote host is running PHPMyWebHosting, a web hosting management interface written in PHP. The remote version of this software does not perform a proper validation of user-supplied input and is, therefore, vulnerable to a SQL injection attack. An attacker may execute arbitrary SQL statements...
IBProArcade index.php Arcade Module gameid Parameter SQL Injection
The remote host is running ibProArcade, a web-based score board system written in PHP. One of the application's CGIs, index.php, is affected by a SQL injection vulnerability in the 'gameid' parameter. An attacker may exploit this flaw to execute arbitrary SQL statements against the remote databas...
Nucleus CMS action.php itemid Parameter SQL Injection
The remote host is running Nucleus CMS, an open source content management system. There is a SQL injection condition in the remote version of this software that could allow an attacker to execute arbitrary SQL commands against the remote database. An attacker could exploit this flaw to gain...
SUSE-SA:2003:0008: imp
The remote host is missing the patch for the advisory SUSE-SA:2003:0008 imp. IMP is a well known PHP-based web-mail system. Some SQL-injection vulnerabilities were found in IMP 2.x that allow an attacker to access the underlying database. No authentication is needed to exploit this bug. An attack...
cfWebStore Multiple Vulnerabilities (SQLi, XSS)
The remote host is running cfWebStore 5.0.0 or older. There is a flaw in this software that could allow a remote attacker to execute arbitrary SQL statements in the remote database that could in turn be used to gain administrative access on the remote host, read, or modify the content of the remo...
IMP 2.x SQL injection vulnerabilities
IMP is a popular webmail package written in PHP. It ships with some UNIX systems and is also used on Windows servers. The version 2 of the program contains some SQL injection flaws which allow any remote user to access the webmail system's database. Valid user authentication is not required in...
MidiCart Shopping Cart Software database vulnerability
Summary MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product name, surname, address,...
CVE-2000-0148
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string...