1304 matches found
phpBB Remote - 'mod.php' SQL Injection
source: https://www.securityfocus.com/bid/13209/info A remote SQL injection vulnerability affects the datenbank module for phpbb. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to...
PhotoPost Pro 5.1 - 'showmembers.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/12920/info Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions. The first set of issues ar...
phpDEV5 Remote Default Insecure Users Vuln
No description provided by source. ------------------------------------------------------------------------ PHPDev5 Remote Insecure Default Users & Passwords vuln. By : Ali7 e-mail : [email protected] date : 09-03-2k5 greetz : all my friends ; AlkaeN ; s4a.cc boyz ; Target : PHPDev 5 URL :...
phpDEV5 - Remote Default Insecure Users
phpDEV5 - Remote Default Insecure Users ------------------------------------------------------------------------ PHPDev5 Remote Insecure Default Users & Passwords vuln. By : Ali7 e-mail : [email protected] date : 09-03-2k5 greetz : all my friends ; AlkaeN ; s4a.cc boyz ; Target : PHPDev 5 URL :...
phpDEV5 Remote Default Insecure Users Vuln
Exploit for unknown platform in category web applications ========================================== phpDEV5 Remote Default Insecure Users Vuln ========================================== ------------------------------------------------------------------------ PHPDev5 Remote Insecure Default Users...
CVE-2004-2322
SQL injection vulnerability in the 1 announce and 2 notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANNid parameter to the announce module...
CVE-2004-2349
Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow remote attackers to execute arbitrary SQL queries...
phpnews.txt
SQL Injection vulnerability in PHPNews 11/25/2004 Description: A vulnerability has been reported in PHPNews, which can be exploited by malicious people to conduct SQL injection attacks Input passed to the "mid" parameter in "sendtofriendphp" is not properly sanitised before being used in a SQL...
CVE-2004-0338
SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter...
miniBB index.php user Parameter SQL Injection
The remote host is using the miniBB forum management system. According to its version number, this forum is vulnerable to a SQL injection attack. Input to the 'user' parameter of index.php not properly sanitized. A remote attacker could exploit this to execute arbitrary SQL queries against the...
PowerPortal 1.3 - SQL Injection
PowerPortal 1.3 - SQL Injection source: https://www.securityfocus.com/bid/11681/info PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. PowerPortal 1.3 is...
XMB Forum 1.8 - 'editprofile.php?user' Cross-Site Scripting
source: https://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. An attacker may exploit any one of...
CVE-2003-0751
SQL injection vulnerability in passdone.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter...
CVE-2003-0735
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter...
CVE-2002-2168
SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including functiondescribeitem1.inc.php...
CVE-2002-0709
SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs...
CVE-2002-0709
The CVE-2002-0709 issue affects SurfControl SuperScout WebFilter’s Web Reports Server. The problem arises from SQL injection in the report components (notably SimpleBar.dll/RunReport and related DLLs) where input is not properly validated, allowing remote attackers toExecute arbitrary SQL against...
wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Westpoint Security Advisory Title: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting Risk Rating: Medium Software: Microsoft SQLXML 3.0 / IIS 5.0 / SQLServer 2000 Platforms: Win2K Vendor URL: www.microsoft.com Author: Matt Moore [email protected] Date: 12 June 2002 Advisory ID:...
Microsoft Index Server 2.0 - File Information Full Path Disclosure
Microsoft Index Server 2.0 - File Information Full Path Disclosure source: https://www.securityfocus.com/bid/3339/info The sqlqhit.asp sample file is used for performing web-based SQL queries. Malicious users could send specifically crafted HTTP request to an Internet Information Services server...
CVE-2001-1090
nsspostgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request...