Zen Cart 1.3.8 - SQL Execution

!/usr/bin/python ------- Zen Cart 1.3.8 Remote SQL Execution http://www.zen-cart.com/ Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone! A new version 1.3.8a is avaible on http://www.zen-cart.com/ BlackH : Notes: must have admin/sqlpatch.php enabled clean the databas...

Zen Cart 1.3.8 Remote SQL Execution Exploit

Exploit for unknown platform in category web applications =========================================== Zen Cart 1.3.8 Remote SQL Execution Exploit =========================================== !/usr/bin/python ------- Zen Cart 1.3.8 Remote SQL Execution http://www.zen-cart.com/ Zen Cart Ecommerce -...

Zen Cart 1.3.8 - SQL Execution

Zen Cart 1.3.8 - SQL Execution !/usr/bin/python ------- Zen Cart 1.3.8 Remote SQL Execution http://www.zen-cart.com/ Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone! A new version 1.3.8a is avaible on http://www.zen-cart.com/ BlackH : Notes: must have...

SFS EZ Career (content.php topic) SQL Injection Vulnerability

No description provided by source. Kira has decide be back after halloween Discovered by : Mountassif Moad Type Gap : Sql execution Script : SFS EZ Career Remote sql execution Home Script : http://www.scripts-for-sites.info/item.php?item=92 Greetz : Allah , All my freind Exploit :...

CVE-2008-4623

SQL injection vulnerability in the DS-Syndicate comds-syndicate component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feedid parameter to index2.php...

CVE-2008-2817

SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action...

CVE-2008-2774

SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter, a different vector than CVE-2007-4736...

OBlog Sql Injection Vulnerability

漏洞文件tags.asp 变量tagid未经过滤传值，带入sql执行，导致注入产生。 3.13-20060429 access & mssql 4.02-20070112 access & mssql 4.50 Final Build0619 access & mssql 4.60 Final Build0921 access & mssql 4.60 Final Build1107 access & mssql 修补方法:检查用户提交的tagid，只允许是数字。 例如： 将iTagId = TrimRequest.Querystring”tagid”改成iTagId =...

PT-2008-3304 · Blogator · Blogator-Script

Name of the Vulnerable Software and Affected Versions: Blogator-script version 0.95 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the id art parameter in the blogadata/include/sond result.php file. Recommendations: For Blogator-script versi...

[SECURITY] Fedora 8 Update: phpMyAdmin-2.11.5-1.fc8

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats a nd ...

CVE-2008-0565

CVE-2008-0565 concerns a SQL injection in DeltaScripts PHP Links 1.3 and earlier, exploitable via the id parameter in vote.php. The vulnerability is documented with affected software and root cause: unsafely constructed SQL in vote.php allows remote SQL command execution. The available connected ...

dblink allows proxying of database connections via 127.0.0.1

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...

dblink allows proxying of database connections via 127.0.0.1

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...

CVE-2007-6462

SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-5514

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to 1 Database Vault component DB24 and 2 SQL Execution component DB26...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to 1 Database Vault component DB24 and 2 SQL Execution component DB26...

CVE-2007-5514

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to 1 Database Vault component DB24 and 2 SQL Execution component DB26...

CVE-2007-5514

CVE-2007-5514 pertains to Oracle Database 10.2.0.3 and involves multiple vulnerabilities affecting the Database Vault component (DB24) and the SQL Execution component (DB26). The initial description states unknown impact and attack vectors for these components. A connected Nessus CPU plugin (Octo...

DEBIAN-CVE-2007-3905

SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the order parameter to 1 photos.php and 2 editphotos.php...

CVE-2007-1882

qcbin/servlet/tdservlet/TDAPIGeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method...