HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit

No description provided by source. !/usr/bin/perl HP Mercury Quality Center runQuery exploit. Run whatever SQL you want on there db - without SQL injection. Problem is client can do "RunQuery" command os we write program to do this. Client can lots other things it should not also! The backend...

HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit

Exploit for multiple platform in category remote exploits ==================================================================== HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit ==================================================================== !/usr/bin/perl HP Mercury Qualit...

HP Mercury Quality Center 9.0 build 9.1.0.4352 - SQL Execution

!/usr/bin/perl HP Mercury Quality Center runQuery exploit. Run whatever SQL you want on there db - without SQL injection. Problem is client can do "RunQuery" command os we write program to do this. Client can lots other things it should not also! The backend database can be MSSQLServer or Oracle ...

PT-2006-5971 · 4Images · 4Images

Name of the Vulnerable Software and Affected Versions: 4images versions 1.7.x Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the search user parameter in the "search.php" file. Recommendations: For 4images versions 1.7.x, avoid using the search user...

CVE-2006-5204

Cross-site scripting XSS vulnerability in actionadmin/member.php in Invision Power Board IPB 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery CSRF...

CVE-2006-5204

The CVE-2006-5204 issue affects Invision Power Board (IPB) 2.1.7 and earlier, where a cross-site scripting (XSS) flaw in action_admin/member.php can be triggered via the avatar setting. This enables remote authenticated users to inject arbitrary script/HTML, and the description also notes a poten...

CVE-2006-5204

Cross-site scripting XSS vulnerability in actionadmin/member.php in Invision Power Board IPB 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery CSRF...

PT-2006-5919 · Pkr · Internet Taskjitsu

Name of the Vulnerable Software and Affected Versions: PKR Internet Taskjitsu versions prior to 2.0.6 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the key parameter when the limit query parameter is set to customerid. Recommendations: For...

PT-2005-4664 · Randshop · Randshop

Name of the Vulnerable Software and Affected Versions: Randshop affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the kategorieid and katid parameters in the themes/kategorie/index.php file. Recommendations: At t...

Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept?p_t02' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. An attacker can leverage...

PT-2005-2552 · Asp · Asp Virtual News Manager

Name of the Vulnerable Software and Affected Versions: ASP Virtual News Manager affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the password parameter in the admin login.asp file. This can be exploited by sending malicious input...

CVE-2005-0646

SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysqlprefix parameter...

CVE-2004-2062

SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the 1 threadid, 2 parentid, or 3 mode parameters...

CVE-2004-1515

SQL injection vulnerability in 1 ttlast.php and 2 last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php...

CVE-2004-1835

Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the 1 img, 2 cat, 3 sortkey, 4 orderkey, 5 user, or 6 album parameters...

CVE-2004-1955

SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter...

CVE-2004-1622

SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter...

TorrentTrader download.php id Parameter SQL Injection

The remote host is running TorrentTrader, a web-based BitTorrent tracker. The remote version of this software is vulnerable to a SQL injection attack that may allow an attacker to inject arbitrary SQL statements in the remote database. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

PT-2004-2553 · Unknown · Password Protect

Name of the Vulnerable Software and Affected Versions: Password Protect affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL statements and bypass authentication. This can be achieved through various parameters and files, including 1 admin or Pas...

CVE-2004-0707

SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL...