CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1417 matches found

exploitpack•added 2012/08/30 12:0 a.m.•13 views

XM Forum - search.asp SQL Injection

XM Forum - search.asp SQL Injection source: https://www.securityfocus.com/bid/55299/info XM Forum is prone to an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

0.7AI score

Exploits0

seebug.org•added 2012/08/13 12:0 a.m.•18 views

Tipask!2.0、1.4sql注入

简要描述：之前也有人爆wps的sql注入，其实wps用的是这个系统详细说明：在control/question.php 的onajaxsearch函数中 function onajaxsearch $title = urldecode$this- get2; $questionlist = $ENV 'question'-searchtitle$title, 2, 1, 0, 5; include template'ajaxsearch' ; 由get2传入的参数经过了urldecode再进入到question模块中的searchtitle函数里。 //根据标题搜索问题...

7.1AI score

Exploits0

Packet Storm•added 2012/08/12 12:0 a.m.•25 views

NeoInvoice Blind SQL Injection

NeoInvoice is a multi-tenant open source invoicing system, that currently contains an unauthenticated blind SQL injection condition in signupcheck.php. The input for the value field isn't being properly sanitized, and is used in string concatenation to create the SQL query. See here for the...

7.5CVSS0.3AI score0.00466EPSS

Exploits2

exploitpack•added 2012/08/06 12:0 a.m.•10 views

YT-Videos Script - id SQL Injection

YT-Videos Script - id SQL Injection source: https://www.securityfocus.com/bid/54859/info YT-Videos Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromi...

Exploits0

Exploit DB•added 2012/08/05 12:0 a.m.•75 views

Mibew Messenger 1.6.4 - 'threadid' SQL Injection

source: https://www.securityfocus.com/bid/54857/info Mibew Messenger is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify...

7AI score

Exploits0

Tenable Nessus•added 2012/08/01 12:0 a.m.•25 views

Scientific Linux Security Update : postgresql on SL4.x, SL5.x i386/x86_64

A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from a SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of servi...

6.5CVSS6.5AI score0.04047EPSS

Exploits0References3

OpenVAS•added 2012/07/25 12:0 a.m.•20 views

Serendipity 'functions_trackbacks.inc.php' SQLi Vulnerability - Active Check

Serendipity is prone to an SQL injection SQLi vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7.5CVSS5.8AI score0.00717EPSS

Exploits3References4

seebug.org•added 2012/07/20 12:0 a.m.•12 views

Android Dr. Web Anti-Virus信息泄露漏洞

Android Dr.Web Anti-virus是一款基于安卓平台的杀毒软件。当处理com.drweb.activities.antispam.CursorActivit类中的SQL查询时存在错误，可被利用泄露呼叫历史和SMS消息。 0 Dr.Web Anti-virus for Android 7.x 厂商解决方案 Dr.Web Anti-virus for Android 7.00.2已经修复此漏洞，建议用户下载使用： http://news.drweb.com/show/?c=5&i=2573&lng=en...

7.1AI score

Exploits0

Exploit DB•added 2012/06/18 12:0 a.m.•20 views

VANA CMS - 'index.php' Script SQL Injection

source: https://www.securityfocus.com/bid/54066/info VANA CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, o...

7AI score

Exploits0

Exploit DB•added 2012/06/15 12:0 a.m.•25 views

Joomla! Component JCal Pro Calendar - SQL Injection

source: https://www.securityfocus.com/bid/54042/info The JCal Pro Calendar component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

7AI score

Exploits0

htbridge•added 2012/06/13 12:0 a.m.•35 views

Blind SQL Injection in Webmatic

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Webmatic, which can be exploited to perform Blind SQL Injection attacks. 1 Blind SQL Injection in Webmatic: CVE-2012-3350 1.1 Input passed via the "Referer:" field of the HTTP header to index.php is not properly sanitised...

7.5CVSS7.9AI score0.02222EPSS

Exploits6Affected Software1

Tenable Nessus•added 2012/05/23 12:0 a.m.•70 views

phpMyAdmin 2.11.x / 3.3.x < 2.11.11.3 / 3.3.9.2 SQL Query Bookmarks Arbitrary SQL Query Execution (PMASA-2011-02)

According to its self-identified version number, the phpMyAdmin install hosted on the remote web server allows creation of bookmarked SQL queries which could be unintentionally executed by other users. Note that successful exploitation of this vulnerability requires that phpMyAdmin configuration...

6.5CVSS5.4AI score0.02698EPSS

Exploits0References2

Packet Storm•added 2012/05/14 12:0 a.m.•21 views

Galette SQL Injection

Source: http://www.securityfocus.com/bid/53463/info Galette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, ...

7.5CVSS0.1AI score0.00169EPSS

Exploits2

OpenVAS•added 2012/04/12 12:0 a.m.•24 views

Joomla Estate Agent Component 'id' Parameter SQL Injection Vulnerability

This host is running Joomla The Estate Agent component and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlacomestateagentsqlinjvuln.nasl 6022 2017-04-25 12:51:04Z teissa $ Joomla Estate Agent Component 'id' Parameter SQL Injection Vulnerability Authors: Madhuri D...

7.5CVSS0.2AI score0.00262EPSS

Exploits1References5

Exploit DB•added 2012/03/29 12:0 a.m.•25 views

EasyPHP - 'main.php' SQL Injection

source: https://www.securityfocus.com/bid/52781/info EasyPHP is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modif...

7.4AI score

Exploits0

exploitpack•added 2012/03/19 12:0 a.m.•14 views

ClassifiedsGeek.com Vacation Packages - listing_search SQL Injection

ClassifiedsGeek.com Vacation Packages - listingsearch SQL Injection source: https://www.securityfocus.com/bid/52637/info Vacation Packages is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit...

0.5AI score

Exploits0

Exploit DB•added 2012/03/16 12:0 a.m.•19 views

JPM Article Script 6 - 'page2' SQL Injection

source: https://www.securityfocus.com/bid/52528/info JPM Article Script 6 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or...

7.4AI score

Exploits0

Packet Storm•added 2012/02/02 12:0 a.m.•33 views

SiT! Support Incident Tracker 3.64 XSS / CSRF / SQL Injection

Advisory Details: High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SiT! Support Incident Tracker, which can be exploited to perform SQL injection, cross-site scripting, cross-site request forgery attacks. 1 Input passed via the "start" GET parameter to...

0.2AI score

Exploits0

OpenVAS•added 2012/01/23 12:0 a.m.•7 views

Joomla XBall Component SQLi Vulnerability

Joomla XBall component is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

5.6AI score

Exploits0References1

Exploit DB•added 2012/01/21 12:0 a.m.•24 views

Tribiq CMS - 'index.php' SQL Injection

source: https://www.securityfocus.com/bid/51614/info Tribiq CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by