Novell ZENworks Patch Management 6.0.52 - computersdefault.asp?Direction SQL Injection

Novell ZENworks Patch Management 6.0.52 - computersdefault.asp?Direction SQL Injection source: https://www.securityfocus.com/bid/15220/info ZENworks Patch Management is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize...

CVE-2005-3304

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via 1 the username parameter in the Your Account page, 2 the url parameter in the Downloads module, and 3 the description parameter in the WebLinks module...

CVE-2005-3304

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via 1 the username parameter in the Your Account page, 2 the url parameter in the Downloads module, and 3 the description parameter in the WebLinks module...

MyBloggie 2.1.3 - Search.PHP SQL Injection Vulnerability

MyBloggie 2.1.3 Search.PHP SQL Injection Vulnerability. Webapps exploit for php platform source: http://www.securityfocus.com/bid/15017/info myBloggie is prone to an SQL injection vulnerability. This is due to a lack of sanitization of user-supplied input before passing it on to SQL queries...

ATutor Password Reminder SQL Injection

The remote host is running ATutor, an open source, web-based, Learning Content Management System LCMS designed with accessibility and adaptability in mind. The remote version of this software contains an input validation flaw in the 'passwordreminder.php' script. This vulnerability occurs only wh...

Stylemotion WEB//NEWS 1.4 - 'startup.php' Cookie SQL Injection

source: https://www.securityfocus.com/bid/14776/info WEB//NEWS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of...

phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities

The remote host is running phpAdsNew / phpPgAds, an open source banner ad server. The version of phpAdsNews / phpPgAds installed on the remote host suffers from several flaws : - Remote PHP Code Injection Vulnerability The XML-RPC library bundled with the application allows an attacker to inject...

CVE-2004-2349

Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow remote attackers to execute arbitrary SQL queries...

Hosting Controller <= 6.1 Hotfix 2.2 Multiple Vulnerabilities

According to its version number, the installation of Hosting Controller on the remote host improperly allows an authenticated user to add hosting plans to his account, to edit the details of his own or anyone else's hosting plans, to view the folders of all resellers and the web admin, to add...

CVE-2000-1233

SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter...

CVE-2005-2253

CVE-2005-2253 is a SQL injection in PhpAuction 2.5, where an attacker can modify SQL queries through the category parameter in adsearch.php. Root cause: unsanitized input used in database queries. Affected: PhpAuction 2.5. Impact: as described by CVE/NVD (base score 7.5, HIGH). Exploitation detai...

CVE-2005-2197

SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php...

CVE-2004-2185

Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via 1 the UnicodeConverter extension, 2 raw page views, 3 SpecialIpblocklist, 4 SpecialEmailuser, 5 SpecialMaintenance, and 6 ImagePage...

CVE-2004-2185

Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via 1 the UnicodeConverter extension, 2 raw page views, 3 SpecialIpblocklist, 4 SpecialEmailuser, 5 SpecialMaintenance, and 6 ImagePage...

osTicket < 1.3.1 Multiple Vulnerabilities

Binary data 3046.prm...

osTicket <= 1.3.1 Multiple Vulnerabilities

The version of osTicket installed on the remote host suffers from several vulnerabilities, including: - A Local File Include Vulnerability The application fails to sanitize user-supplied input to the 'inc' parameter in the 'view.php' script. An attacker may be able to exploit this flaw to run...

UBBCentral UBB.Threads 5.5.16.x - calendar.php Multiple SQL Injections

UBBCentral UBB.Threads 5.5.16.x - calendar.php Multiple SQL Injections source: https://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A...

UBBCentral UBB.Threads 5.5.16.x - viewmessage.php?message SQL Injection

UBBCentral UBB.Threads 5.5.16.x - viewmessage.php?message SQL Injection source: https://www.securityfocus.com/bid/14052/info UBB.Threads is prone to multiple SQL injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A...

CVE-2001-1482

CVE-2001-1482 describes an SQL injection in phpBB 1.4.2, triggered via the $sortby parameter in bb_memberlist.php. The vulnerable component is the member list generation logic, where input is not sufficiently sanitized, allowing remote attackers to execute arbitrary SQL queries. The provided docu...

DUportal Pro 3.4 - &#039;inc_vote.asp&#039; Multiple SQL Injections

source: https://www.securityfocus.com/bid/13285/info DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application,...