Lucene search
K

53 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.1 views

Nagasaki Electronic Prefectural Office System SQL injection vulnerability

Overview Nagasaki Prefectural Government has developed an open source electronic prefectural office system. The system contains SQL injection vulnerabilities. Impact A remote attacker may view or modify the database contents. Solution None...

7.5CVSS8.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2008/03/20 12:0 a.m.7 views

PT-2008-2989 · Phpbp · Phpbp

Name of the Vulnerable Software and Affected Versions: phpBP version 2.204 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the id parameter in a "banner out" action. The vulnerable file is includes/functions/banners-external.php...

7.5CVSS7.8AI score0.01235EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2007/06/19 12:0 a.m.6 views

PT-2007-4557 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 8.1 and later Description: The issue allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries. This is possible when local trust authentication is enabled and the Database Link library dblink ...

7.2CVSS8.1AI score0.03855EPSS
Exploits3References46
ATTACKERKB
ATTACKERKB
added 2006/12/05 11:28 a.m.3 views

CVE-2006-6289

Woltlab Burning Board wBB Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbbuserid parameter to the top-level URI...

9.3CVSS6.5AI score0.0406EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2005/12/31 12:0 a.m.6 views

PT-2005-5482 · Unknown · Land Down Under

Name of the Vulnerable Software and Affected Versions: Land Down Under LDU versions v801 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via parameters including 1 the m parameter in "auth.php", 2 the f parameter in "events.php", ...

7.5CVSS7.7AI score0.02168EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2005/01/19 12:0 a.m.19 views

phpMyWebHosting Authentication SQL Injection

The remote host is running PHPMyWebHosting, a web hosting management interface written in PHP. The remote version of this software does not perform a proper validation of user-supplied input and is, therefore, vulnerable to a SQL injection attack. An attacker may execute arbitrary SQL statements...

7.5CVSS6.1AI score0.02444EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2005/01/02 12:0 a.m.84 views

IBProArcade index.php Arcade Module gameid Parameter SQL Injection

The remote host is running ibProArcade, a web-based score board system written in PHP. One of the application's CGIs, index.php, is affected by a SQL injection vulnerability in the 'gameid' parameter. An attacker may exploit this flaw to execute arbitrary SQL statements against the remote databas...

7.5CVSS6.2AI score0.0133EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2004/08/03 12:0 a.m.36 views

Nucleus CMS action.php itemid Parameter SQL Injection

The remote host is running Nucleus CMS, an open source content management system. There is a SQL injection condition in the remote version of this software that could allow an attacker to execute arbitrary SQL commands against the remote database. An attacker could exploit this flaw to gain...

7.5CVSS6.3AI score0.0123EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/07/25 12:0 a.m.20 views

SUSE-SA:2003:0008: imp

The remote host is missing the patch for the advisory SUSE-SA:2003:0008 imp. IMP is a well known PHP-based web-mail system. Some SQL-injection vulnerabilities were found in IMP 2.x that allow an attacker to access the underlying database. No authentication is needed to exploit this bug. An attack...

7.5CVSS5.7AI score0.24055EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/03/14 12:0 a.m.25 views

cfWebStore Multiple Vulnerabilities (SQLi, XSS)

The remote host is running cfWebStore 5.0.0 or older. There is a flaw in this software that could allow a remote attacker to execute arbitrary SQL statements in the remote database that could in turn be used to gain administrative access on the remote host, read, or modify the content of the remo...

7.5CVSS6.1AI score0.02142EPSS
Exploits0References2
securityvulns
securityvulns
added 2003/01/09 12:0 a.m.99 views

IMP 2.x SQL injection vulnerabilities

IMP is a popular webmail package written in PHP. It ships with some UNIX systems and is also used on Windows servers. The version 2 of the program contains some SQL injection flaws which allow any remote user to access the webmail system's database. Valid user authentication is not required in...

Exploits0
securityvulns
securityvulns
added 2002/08/12 12:0 a.m.203 views

MidiCart Shopping Cart Software database vulnerability

Summary MIDICART is s an ASP and PHP based shopping Cart application with MS Access and SQL database. A security vulnerability in the product allows remote attackers to download the product's database, thus gain access to sensitive information about users of the product name, surname, address,...

1.7AI score
Exploits0
Cvelist
Cvelist
added 2000/03/22 5:0 a.m.27 views

CVE-2000-0148

MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string...

7AI score0.04735EPSS
Exploits0References2
Rows per page
Query Builder