1418 matches found
Joomla! and Mambo Artists Component - 'idgalery' Parameter SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29407/info The Artists component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...
UGroup 2.6.2 forum.php FORUM_ID Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15591/info UGroup is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...
PHPJournaler 1.0 Readold Variable SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16111/info PHPjournaler is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...
Abarcar Realty Portal 5.1.5 Content.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18218/info Abarcar Realty Portal is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit...
Joomla! and Mambo 'com_guide' Component - 'category' Parameter - SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28271/info The 'guide' component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...
Joomla Component JQuarks4s 1.0.0 - Blind SQL Injection Vulnerability
No description provided by source. JQuarks4s Joomla Component 1.0.0 Blind SQL Injection Vulnerability Name JQuarks4s Vendor http://www.iptechinside.com/labs/projects/listfiles/jquarks-for-surveys Versions Affected 1.0.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net...
PHP-Nuke Submit_News Component - SQL Injection
PHP-Nuke SubmitNews Component - SQL Injection source: https://www.securityfocus.com/bid/67656/info PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the...
XOOPS Glossaire Module - modulesglossaireglossaire-aff.php SQL Injection
XOOPS Glossaire Module - modulesglossaireglossaire-aff.php SQL Injection source: https://www.securityfocus.com/bid/67460/info Glossaire module for XOOPS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An...
XOOPS Glossaire Module - '/modules/glossaire/glossaire-aff.php' SQL Injection
source: https://www.securityfocus.com/bid/67460/info Glossaire module for XOOPS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can leverage this issue to compromise the application, access or...
CIS Manager - email SQL Injection
CIS Manager - email SQL Injection source: https://www.securityfocus.com/bid/67442/info CIS Manager is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to compromise the...
Moderate: Red Hat Security Advisory: Django security update
Updated Django packages that fix three security issues are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
Jigowatt PHP Event Calendar - day_view.php SQL Injection
Jigowatt PHP Event Calendar - dayview.php SQL Injection source: https://www.securityfocus.com/bid/66923/info Jigowatt PHP Event Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit ma...
eazyCMS - index.php SQL Injection
eazyCMS - index.php SQL Injection source: https://www.securityfocus.com/bid/66769/info eazyCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the...
eazyCMS - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/66769/info eazyCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or...
Puntopy - novedad.php SQL Injection
Puntopy - novedad.php SQL Injection source: https://www.securityfocus.com/bid/67241/info Puntopy is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the...
Puntopy - 'novedad.php' SQL Injection
source: https://www.securityfocus.com/bid/67241/info Puntopy is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or...
phpmywind最新版本注入漏洞第二弹
简要描述: 继续之前的代码审计,发现其他地方还有类似的问题存在,都是没有对变量进行适当的过滤就直接拼接到sql语句里面执行,导致任意sql指令的执行。 详细说明: 漏洞位于member.php 689行处: $r = $dosql-GetOne"SELECT checkinfo FROM @goodsorder WHERE username='$cuname' AND id=$id"; id参数未做任何过滤直接放到sql语句里面执行。 利用分析:...
CSP MySQL User Manager 2.3 SQLi Vulnerability
CSP MySQL User Manager is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
How do I get my data out of Nexpose? Answer: SQL Query Export
Do any of these these questions sound familiar? "Printable reports are really valuable and I use them on a daily basis. However, is there a section that I can add to show a summary by asset group or site?" "I really like the XML format, but its a little hard to process and I have to write code to...
CMS Afroditi - id SQL Injection
CMS Afroditi - id SQL Injection source: https://www.securityfocus.com/bid/64572/info CMS Afroditi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise th...