1417 matches found
Snitz Forums 2000 - 'TOPIC_ID' SQL Injection
source: https://www.securityfocus.com/bid/51596/info Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to compromise the application, access or modi...
MMORPG Zone - 'view_news.php' SQL Injection
source: https://www.securityfocus.com/bid/51532/info MMORPG Zone is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...
Open Source MySQL Injection: sqlsus
sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the databases structure, inject your own SQL queries even complex ones, download files from the web server, crawl the website for writable directories, upload and control a...
Mandriva Update for phpmyadmin MDVSA-2011:198 (phpmyadmin)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
CVE-2011-4634
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...
CVE-2011-4634
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...
CVE-2011-4634
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...
phpMyAdmin -- Multiple XSS
The phpMyAdmin development team reports: Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the vie...
Multiple Vulnerabilities in OrangeHRM
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OrangeHRM, which can be exploited to perform Cross-Site Scripting XSS and SQL Injection attacks. 1 Cross-Site Scripting XSS vulnerabilities in OrangeHRM 1.1 Input passed via the "uniqcode" GET parameter to...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact A remote authenticated attacker could send a specially crafted SQL...
GLSA-201110-22 : PostgreSQL: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201110-22 PostgreSQL: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact : A remote authenticated attacker could send a...
NexusPHP 1.5 - SQL Injection
NexusPHP 1.5 - SQL Injection Exploit Title: Nexusphp.v1.5 SQL injection Vulnerability Google Dork: intitle:nexusphp Date: 2011-10-08 Author: flyh4t Software Link: http://sourceforge.net/projects/nexusphp/ Version: nexusphp.v1.5 Tested on: linux+apache CVE : CVE-2011-4026 Nexusphp is BitTorrent...
How to change URL in Enterprise Manager notification email
Purpose This article documents how to change the URL listed in the Veeam Backup Enterprise Manager notification email. Example of Backup Enterprise Manager Notification Solution Back Up Database Before Making Changes Before making changes to the VeeamBackupReporting database, create a backup of t...
Traq 2.2 Cross Site Scripting / SQL Injection
Vulnerability ID: HTB23046 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesintraq.html Product: Traq Vendor: Jack Polgar http://traqproject.org/ Vulnerable Version: 2.2 and probably prior Tested Version: 2.2 Vendor Notification: 07 September 2011 Vulnerability Type: XSS, SQL...
Mambo Component N-Gallery - SQL Injection
Mambo Component N-Gallery - SQL Injection source: https://www.securityfocus.com/bid/49418/info The Mambo CMS N-Gallery component is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could all...
Web Professional - default.php SQL Injection
Web Professional - default.php SQL Injection source: https://www.securityfocus.com/bid/49399/info Web Professional is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker...
WordPress Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability
No description provided by source. Exploit Title: WordPress Profiles plugin = 2.0 RC1 SQL Injection Vulnerability Date: 2011-08-28 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/profiles.2.0.RC1.zip Version: 2.0 RC1 tested Note:...
VicBlog - 'tag' SQL Injection
source: https://www.securityfocus.com/bid/49304/info VicBlog is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modif...
Code Widgets Multiple Question - Multiple Choice Online Questionnaire SQL Injections
source: https://www.securityfocus.com/bid/49210/info Code Widgets Multiple Question - Multiple Choice Online Questionaire is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
Code Widgets DataBound Collapsible Menu - main.asp SQL Injection
Code Widgets DataBound Collapsible Menu - main.asp SQL Injection source: https://www.securityfocus.com/bid/49209/info Code Widgets DataBound Collapsible Menu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query...