1417 matches found
Joomla! Component com_shop - SQL Injection
source: https://www.securityfocus.com/bid/47971/info The 'comshop' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
Joomla! Component Map Locator - cid SQL Injection
Joomla! Component Map Locator - cid SQL Injection source: https://www.securityfocus.com/bid/47941/info The 'commaplocator' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this...
Imperva SecureSphere - SQL Query Filter Security Bypass
source: https://www.securityfocus.com/bid/47780/info Imperva SecureSphere is prone to a security-bypass vulnerability. An attacker can leverage this vulnerability to bypass certain security restrictions. Successful exploits may allow attackers to exploit SQL-injection vulnerabilities. 15 and...
EmbryoCore 1.03 - index.php SQL Injection
EmbryoCore 1.03 - index.php SQL Injection source: https://www.securityfocus.com/bid/47763/info EmbryoCore is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
GateSoft Docusafe 'ECO.asp' SQL Injection Vulnerability
GateSoft Docusafe is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Devil Shell v1.1 [new Release] Download !
Devil Shell v1.1 new Release Download ! Nice to share next version of shell with all of you with new features DDoS Information area server ip,server port,etc Design new Download any File Remove some Bugs Comming Soon in Next Version Mail Bomb SQL Query You can Download at :Download Devil Shell v1...
Rae Media Real Estate Single Agent SQL Injection
Real Estate Single is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the...
ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability
ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-050 February 7, 2011 - This vulnerability is being disclosed publicly without a patch in accordance with the ZDI 180 day deadline. To view mitigations for...
Design/Logic Flaw
The PMABookmarkget function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark...
CVE-2011-0987
The PMABookmarkget function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark...
SQL query could be executed under another user.
PMASA-2011-2 Announcement-ID: PMASA-2011-2 Date: 2011-02-11 Summary SQL query could be executed under another user. Description It was possible to create a bookmark which would be executed unintentionally by other users. Severity We consider this vulnerability to be critical. Mitigation factor To...
Mandriva Linux Security Advisory : proftpd (MDVSA-2011:023)
A vulnerability has been found and corrected in proftpd : Heap-based buffer overflow in the sqlpreparewhere function contrib/modsql.c in ProFTPD before 1.3.3d, when modsql is enabled, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted...
(0Day) IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Informix Database Server. SQL query execution privileges are required to exploit this vulnerability. The specific flaw exists within the oninit process bound to TCP port 9088 when processing th...
CVE-2010-4652
Heap-based buffer overflow in the sqlpreparewhere function contrib/modsql.c in ProFTPD before 1.3.3d, when modsql is enabled, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly...
Heap overflow
Heap-based buffer overflow in the sqlpreparewhere function contrib/modsql.c in ProFTPD before 1.3.3d, when modsql is enabled, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly...
CVE-2010-4652
Heap-based buffer overflow in the sqlpreparewhere function contrib/modsql.c in ProFTPD before 1.3.3d, when modsql is enabled, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly...
CVE-2010-4652
Heap-based buffer overflow in the sqlpreparewhere function contrib/modsql.c in ProFTPD before 1.3.3d, when modsql is enabled, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly...
CVE-2010-4652
Heap-based buffer overflow in the sqlpreparewhere function contrib/modsql.c in ProFTPD before 1.3.3d, when modsql is enabled, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted username containing substitution tags, which are not properly...
CVE-2010-4652
ProFTPD (with mod_sql) is affected by CVE-2010-4652: a heap-based buffer overflow in sql_prepare_where in contrib/mod_sql.c can be triggered by a crafted username containing substitution tags, leading to a crash or potential arbitrary code execution. The issue is in ProFTPD versions prior to 1.3....
Joomla! Component com_virtuemart 1.1.6 - SQL Injection
source: https://www.securityfocus.com/bid/46070/info The VirtueMart eCommerce component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...