1174 matches found
CVE-2005-2432
SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as 1 members or 2 admin...
CVE-2004-2266
SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter...
CVE-2004-2266
CVE-2004-2266 affects Ansel 2.1 and earlier. The issue is a SQL injection vulnerability that allows remote attackers to modify SQL statements via the image parameter. According to the provided data, the NVD CVSS v2.0 base score is 7.5 (HIGH) with network attack vector, low attack complexity, no a...
CVE-2005-2284
Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors...
CVE-2004-2240
Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via 1 the query string in read.php or 2 unknown vectors in file.php...
CVE-2004-2232
SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements...
CVE-2005-2206
Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the 1 idProduct parameter to tellAFriend.asp, 2 sortType parameter to viewSupportTickets.asp, or the id parameter to 3 updateCreditCards.asp or 4 deleteCreditCards.asp...
CVE-2005-2066
SQL injection vulnerability in commentpost.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter...
Invision Board < 2.0.5 Privilege Escalation / SQL Injection
Binary data 2942.prm...
CVE-2004-2056
SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter...
CVE-2004-2057
SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements...
CVE-2004-2057
CVE-2004-2057 affects ASPrunner, specifically version 2.4. The vulnerability is described as a SQL injection that would let remote attackers execute arbitrary SQL statements. The provided connected documents confirm the flaw exists in ASPrunner 2.4 and indicate multiple issues in older ASPrunner ...
Oracle 8.x/9.x/10.x Database - Multiple SQL Injections
source: https://www.securityfocus.com/bid/13144/info Oracle database is reported prone to multiple SQL injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. These issues can be exploited using malformed PL/SQL statements to pass unauthorized SQL...
CVE-2005-1048
CVE-2005-1048 relates to a SQL injection in PostNuke 0.760 RC3, where the sid parameter in modules.php can be exploited remotely to run arbitrary SQL statements. The affected software is PostNuke (version 0.760 RC3 as cited; vendor reportedly could not reproduce issues for 0.760 RC3 or 0.750). Th...
CVE-2004-1608
SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation...
CVE-2004-1553
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via 1 the username field on the login page or 2 the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName paramet...
CVE-2004-1553
The CVE-2004-1553 entry concerns aspWebAlbum, where two input vectors allow SQL injection: (1) the username field on the login page and (2) the cat parameter to album.asp. The description notes that vector 1 affects aspWebAlbum 3.2 via txtUserName in a processlogin action to album.asp. Public ref...
CVE-2004-1629
Multiple SQL injection vulnerabilities in Dwcarticles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements...
CVE-2004-1622
SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter...
CVE-2004-1383
Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the 1 order, 2 projectid, 3 promain, or 4 hoursid parameters to index.php or 5 ticketid to viewticketdetails.php...