MetaCart E-Shop productsByCategory.ASP Multiple Vulnerabilities

The remote host is running the MetaCart e-Shop, an online store written in ASP. Due to a lack of user input validation, the remote version of this software is vulnerable to various SQL injection and cross-site scripting attacks. An attacker may exploit these flaws to execute arbitrary SQL command...

PT-2005-2483 · Fishcart · Fishcart

Name of the Vulnerable Software and Affected Versions: FishCart version 3.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the cartid parameter to 'upstnt.php' or the psku parameter to 'display.php'. The vendor disputes this report,...

phpMyWebHosting Authentication SQL Injection

The remote host is running PHPMyWebHosting, a web hosting management interface written in PHP. The remote version of this software does not perform a proper validation of user-supplied input and is, therefore, vulnerable to a SQL injection attack. An attacker may execute arbitrary SQL statements...

IBProArcade index.php Arcade Module gameid Parameter SQL Injection

The remote host is running ibProArcade, a web-based score board system written in PHP. One of the application's CGIs, index.php, is affected by a SQL injection vulnerability in the 'gameid' parameter. An attacker may exploit this flaw to execute arbitrary SQL statements against the remote databas...

CVE-2004-2324

SQL injection vulnerability in DotNetNuke formerly IBuySpy Workshop 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the 1 table and 2 field parameters in LinkClick.aspx...

Owl < 0.74.0 Multiple Vulnerabilities

The remote host is using owl intranet engine, an open source file sharing utility written in php. The remote version of this software is vulnerable to various flaws, which may allow an attacker to execute arbitrary SQL statements against the remote database or to perform a cross site scripting...

Invision Power Board ibProArcade Module index.php cat Parameter SQL Injection

The installation of Invision Power Board on the remote host includes an optional module, named 'Arcade', that allows unauthorized users to inject SQL commands into the remote SQL database through the 'cat' parameter. An attacker may use this flaw to gain control of the remote database and possibl...

Invision PowerBoard < 2.0.3 SQL Injection

Binary data 2422.prm...

Nucleus CMS action.php itemid Parameter SQL Injection

The remote host is running Nucleus CMS, an open source content management system. There is a SQL injection condition in the remote version of this software that could allow an attacker to execute arbitrary SQL commands against the remote database. An attacker could exploit this flaw to gain...

Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS)

The remote host is running the Comersus Shopping Cart Software. There is a flaw in this interface that allows an attacker to log in as any user by using a SQL injection flaw in the code of comersusbackofficelogin.php. An attacker may use this flaw to gain unauthorized access on this host, or to...

SUSE-SA:2003:0008: imp

The remote host is missing the patch for the advisory SUSE-SA:2003:0008 imp. IMP is a well known PHP-based web-mail system. Some SQL-injection vulnerabilities were found in IMP 2.x that allow an attacker to access the underlying database. No authentication is needed to exploit this bug. An attack...

Oracle E-Business Suite SQL Injection vulnerabilities

Overview Oracle E-Business Suite fails to filter user input permiting the exploitation of SQL injection vulnerabilities. These vulnerabilities may allow a remote attacker to execute procedures or SQL queries and updates on the vulnerable database application. Description According to the Oracle...

[Full-Disclosure] Firebird [ AND Interbase 7 ] Database Remote Database Name Overflow

Someone that has had some success communicating things security wise to Borland may wish to contact them about this. root@CloneRiot bin rpm -ivh /root/InterBaseSSLI-V7.1.0-1.i386.rpm kf@CloneRiot bin$ pwd /opt/interbase/bin kf@CloneRiot bin$ ./gsec -database 127.0.0.1:perl -e'print "A"x300' gdb c...

NewsTraXor Website Management Script 2.9 Beta - Database Disclosure

NewsTraXor Website Management Script 2.9 Beta - Database Disclosure source: https://www.securityfocus.com/bid/10194/info Reportedly NewsTraXor is affected by a remote database disclosure vulnerability. This issue is due to a design error that allows the database file to be globally readable. This...

[VulnWatch] Macromedia Dreamweaver Remote Database Scripts &#40;#NISR05042004B&#41;

NGSSoftware Insight Security Research Advisory Name: Macromedia Dreamweaver Remote Database Scripts Systems Affected: IIS/Dreamweaver MX and UltraDev 4 Severity: Critical Vendor URL: http://www.macromedia.com/ Author: David Litchfield [email protected] Date Vendor Notified: 10th March 2004 Da...

New Macromedia Security Zone Bulletin Posted

Security Bulletin MPSB 04-05 Potential Risk in Dreamweaver Remote Database Connectivity Originally posted: April 1, 2004 Last updated: April 1, 2004 Summary: Dreamweaver's remote database connectivity for testing dynamic database-driven websites installs scripts that may reveal DSNs to outside...

cfWebStore Multiple Vulnerabilities (SQLi, XSS)

The remote host is running cfWebStore 5.0.0 or older. There is a flaw in this software that could allow a remote attacker to execute arbitrary SQL statements in the remote database that could in turn be used to gain administrative access on the remote host, read, or modify the content of the remo...

vBulletin calendar.php eventid Parameter SQL Injection

A vulnerability has been discovered in the 'calendar.php' script that allows unauthorized users to inject SQL commands through the 'eventid' parameter. An attacker may use this flaw to gain the control of the remote database. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From:...

phpBB 2.0.x - &#039;profile.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/8994/info A SQL injection vulnerability has been reported for phpBB systems. phpBB, in some cases, does not sufficiently sanitize user-supplied input, which is used when constructing SQL queries to execute on the underlying database. As a result, it is...

phpWebSite < 0.9.x Multiple Vulnerabilities

There are multiple flaws in the remote version of phpWebSite that may allow an attacker to gain the control of the remote database, or to disable this site entirely. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...