Модификация SQL-запроса в adrotate (SQL modification)

Возможно модифицировать SQL-запрос в CGI-приложении...

phpBB 1.4.2, Remote user is able to modify SQL query.

Hi, there is a a potential security problem in the current version 1.4.2 and previous versions of phpBB http://www.phpbb.com. A remote user is able to modify a string passed as a SQL query to the MySQL database. The problem exists in the file bbmemberlist.php. A string called $sortby is supplied...

Модификация SQL-запроса во многих модулях авторизации Apache, PAM и т.д.

Ввод пользователя не проверяется на наличие служебных символов SQL...

Microsoft Index Server 2.0 - File Information / Full Path Disclosure

source: https://www.securityfocus.com/bid/3339/info The sqlqhit.asp sample file is used for performing web-based SQL queries. Malicious users could send specifically crafted HTTP request to an Internet Information Services server running Index Server to reveal path information, file attributes, a...

phpBB 1.4 - SQL Query Manipulation

phpBB 1.4 - SQL Query Manipulation source: https://www.securityfocus.com/bid/3142/info phpBB is free, open-source, easy-to-use web forums software. An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service...

phpBB 1.4 - SQL Query Manipulation

source: https://www.securityfocus.com/bid/3142/info phpBB is free, open-source, easy-to-use web forums software. An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service. This problem is due to improper...

Дырка в AdCycle

Недостаточная проверка ввода опльзователя при составлении SQL-запроса...

CVE-2001-0425

AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information...

TWIG SQL query bugs

I can't find the person who really in charge on developing twig, so I mail about this bug to the person who announce new version of twig about two month ago. -------------------------------------------------------------------------- Subject: Unquoted SQL query = potential damage Software package:...

CVE-2001-0425

AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information...

CVE-2001-0425

CVE-2001-0425 affects AdLibrary.pm in AdCycle 0.78b. The vulnerability stems from a malformed Agent: header in HTTP requests, which is inserted into a login-verification SQL query, enabling remote attackers to gain privileges. Documents explicitly describe the component and the root cause (SQL in...

CVE-2001-0234

NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed userusername parameter...

CVE-2001-0201

The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program...

Дырка в postaci (SQL query modification)

недостаточная проверка ввода пользователя дает возможность модифицировать SQL-запрос...

IBM DB2 - Universal Database for Windows NT 6.17.1 SQL Denial of Service

IBM DB2 - Universal Database for Windows NT 6.17.1 SQL Denial of Service source: https://www.securityfocus.com/bid/2067/info IBM DB2 Universal Database is a distributed database application. It may be possible for a database user to crash the server through a bug in handling certain queries. If a...

PHP-Nuke 1.02.5 - Administrative Privileges

PHP-Nuke 1.02.5 - Administrative Privileges source: https://www.securityfocus.com/bid/1592/info PHP-Nuke is a website creation/maintainence tool written in PHP3. It is possible to elevate priviliges in this system from normal user to administrator due to a flaw in authentication code. The problem...

CVE-2000-0202

CVE-2000-0202 affects Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0. A malformed SELECT statement in an SQL query allows remote attackers to gain privileges. The connected OpenVAS entry corroborates multiple MSSQL vulnerabilities; however, exploitation details, affected versions b...