1417 matches found
CartWIZ 1.10 - ProductCatalogSubCats.asp SQL Injection
CartWIZ 1.10 - ProductCatalogSubCats.asp SQL Injection source: https://www.securityfocus.com/bid/13331/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query...
CartWIZ 1.10 - ProductDetails.asp SQL Injection
CartWIZ 1.10 - ProductDetails.asp SQL Injection source: https://www.securityfocus.com/bid/13332/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query. Successf...
Active Auction House - 'ItemInfo.asp' SQL Injection
source: https://www.securityfocus.com/bid/13034/info Active Auction House is reportedly affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in a SQL query. Successful exploitation could result in a...
PHP BB bug
Hello, i dont know if my foundation is acceptable or not but here we go i post it... when u right an SQL query in the highlight section of the PHPBB u'll get all of the page highlighted example : forums/viewtopic.php?t=NUMBER HERE&highlight=Bug,SELECT FROM $table Thank You...
ASP Portal - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic content. An attacker may reportedly inje...
CVE-2003-0735
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter...
CVE-2002-0187
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."...
CVE-2002-0571
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax...
CVE-2002-2032
sqllayer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sqldebug parameter to 1 index.php and 2 modules.php...
Ingenium Learning Management System 5.1/6.1 - Reversible Password Hash
source: https://www.securityfocus.com/bid/5970/info Ingenium Learning Management System uses a weak algorithm to hash user and administrative credentials. Passwords may be trivially obtained by reversing the password hash. An attacker must be able to gain unauthorized access to the password hashe...
Reset any user's password in VBZoom forums
Name: VBZoom Version Affected: tested on v1.01 maybe other version vulnerable also Severity: Critical Category: Password reset Vendor URL: http://www.vbzoom.com Author: hishhish [email protected] Date: discloused on 28th August 2002 Published at 8th oct 2002 Description VBZooM is bulletin...
CVE-2002-0571
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax...
Ruslan Communications BodyBuilder - Authentication Bypass
Ruslan Communications BodyBuilder - Authentication Bypass source: https://www.securityfocus.com/bid/5008/info Ruslan Communications Builder is a tool designed to assist a user in creating a website. It allows for remote administration through a web interface, and is implemented in Java. Reportedl...
PHP classical bugs in phpBB allows remote code execution
Uninitialized PHP variables and ability to modify SQL query allow to execute code on server. Crossite scripting. Invalid NULL-byte handling leads to DoS...
Outfront Spooky 2.x - Login SQL Query Manipulation Password
source: https://www.securityfocus.com/bid/4661/info Spooky Login is a commerical web access control and account management software package. It is distributed and maintained by Outfront, and is designed for Microsoft IIS Webservers. Under some circumstances, it may be possible for a remote user t...
Outfront Spooky 2.x - Login SQL Query Manipulation Password
Outfront Spooky 2.x - Login SQL Query Manipulation Password source: https://www.securityfocus.com/bid/4661/info Spooky Login is a commerical web access control and account management software package. It is distributed and maintained by Outfront, and is designed for Microsoft IIS Webservers. Unde...
Snitz Forums 2000 remote SQL query manipulation vulnerability
vulnerable ---------- Product : Snitz Forums 2000 Version : 3.3 3.3.01 3.3.02 3.3.03 last stable version Object : members.asp Class : Input validation error remote SQL query manipulation vulnerability Vendor-URL : http://forum.snitz.com/ Vendor-Status : informed, not patched Remote-Exploit : yes...
Code injection in PHPGroupware
It's possible to inject PHP code and to modify SQL query...
CVE-2001-1226
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database...
CVE-2001-1226
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database...