1417 matches found
Dynamic Biz Website Builder (QuickWeb) 1.0 - appsnews-eventsnewdetail.asp?id SQL Injection
Dynamic Biz Website Builder QuickWeb 1.0 - appsnews-eventsnewdetail.asp?id SQL Injection source: https://www.securityfocus.com/bid/64371/info EtoShop Dynamic Biz Website Builder QuickWeb is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied inp...
Debian: Security Advisory (DSA-2787-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ziteman CMS - Login Page SQL Injection
Ziteman CMS - Login Page SQL Injection source: https://www.securityfocus.com/bid/62949/info Ziteman CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting this issue could allow an attacker to...
WordPress Plugin WP-Realty - 'listing_id' SQL Injection
source: https://www.securityfocus.com/bid/63217/info WP-Realty plugin for WordPress is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...
OTRS ITSM Multiple Input Validation Vulnerability (OSA-2013-05)
Open Ticket Request System OTRS and OTRS:ITSM are prone to multiple input validation vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
WordPress Plugin mukioplayer4wp - cid SQL Injection
WordPress Plugin mukioplayer4wp - cid SQL Injection source: https://www.securityfocus.com/bid/62438/info mukioplayer4wp for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue coul...
WordPress Plugin mukioplayer4wp - 'cid' SQL Injection
source: https://www.securityfocus.com/bid/62438/info mukioplayer4wp for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...
CVE-2013-4995
Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...
CVE-2013-4995
Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...
CVE-2013-4995
Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...
Cross site scripting
Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...
CVE-2013-4995
Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...
MGASA-2013-0238 Updated phpmyadmin packages fix security vulnerabilities
Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...
XSS due to unescaped HTML Output when executing a SQL query.
PMASA-2013-8 Announcement-ID: PMASA-2013-8 Date: 2013-07-28 Updated: 2013-07-30 Summary XSS due to unescaped HTML Output when executing a SQL query. Description Using a crafted SQL query, it was possible to produce an XSS on the SQL query form. Severity We consider these vulnerabilities to be non...
RootPanel SQL Injection
============================================================ RootPanel All versions SQL injection/Account takeover. Discovery: AkaStep and CAMOUFL4G3 Vendor: http://www.rootpanel.ru/ ============================================================ What is RootPanel ? RootPanel is professional hosting...
WordPress Plugin WP Feed - nid SQL Injection
WordPress Plugin WP Feed - nid SQL Injection source: https://www.securityfocus.com/bid/60904/info WP Feed plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow...
Motion - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/60818/info Motion is prone to multiple security vulnerabilities including multiple buffer-overflow vulnerabilities, a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. An attacker may exploit these issues to execute...
ScriptCase - scelta_categoria.php SQL Injection
ScriptCase - sceltacategoria.php SQL Injection source: https://www.securityfocus.com/bid/60461/info ScriptCase is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
MyMarket 1.72 bypass admin login & product_details blind sqli
Exploit for php platform in category web applications Exploit Title: MyMarket 1.72 bypass admin login & productdetails blind sqli Google Dork: intext:"MyMarket version 1.71" Tested on: Linux Bug finder & Exploit Coder:NEt Bomber http://fb.me/net.bomba Beside other sqli exploits found on exploits...
MetInfo 5.1 /message/access.php SQL注入漏洞
MetInfo是国内一款比较流行的企业网站管理系统,其5.1版本/message/access.php文件中的第12行代码处外界传入的变量$id直接拼接到SQL查询语句中,导致了SQL注入漏洞的产生。 MetInfo 5.1...