318 matches found
CVE-2005-3799
The CVE-2005-3799 entry concerns phpBB version 2.0.18, where a large SQL query can cause an error message that reveals SQL syntax or the full installation path, enabling information disclosure to remote attackers. Documents consistently describe this as an information-leak through error text gene...
eQuickSQLXSS.txt
------------------------------------------------------ Nightmare TeAmZ Advisory 016 ------------------------------------------------------ Date - 11/2005 e-Quick Cart Sql & Xss AFFECTED PRODUCTS ================= e-Quick Cart http://www.cdmweb.com Xss Poof: ========...
forumSQL.txt
Class: Input Validation Error CVE: CVE-MAP-NOMATCH Remote: Yes Discovered BY ABDUCTER & Expliot BY DEVIL-00 [email protected] OR [email protected] Vulnerable:powered by oaboard 1.0 ////////////////////////////////// info:- FOR INFORMATION VISIT http://oaboard.myserver.at/oaboard/forum.ph...
invision203-SQL.txt
Credit: By aLMaSTeR HaCKeR [email protected] Vulnerable: Invision Gallery 2.0.3 EXPLIOT: http://www.site.com/index.php?automodule=gallery&cmd=sc&cat=26&sortkey=date&orderkey=DESC&prunekey=30&st=|aLMaSTeR The Error: mySQL query error: SELECT i., m.membersdisplayname AS name, m.id AS mid, r.id a...
Nuked klan 1.7: SQL vulnerability
mail/msn: [email protected] FORUM http://127.0.0.1/nk/index.php?file=Forum&page=viewtopic&forumid='SQL&threadid='SQL LINK http://127.0.0.1/nk/index.php?file=Links&op=description&linkid='SQL ARTICLES http://127.0.0.1/nk/index.php?file=Sections&op=article&artid='SQL TELECHARGEMENT...
PortailPHP.txt
Class: Input Validation Error CVE: CVE-MAP-NOMATCH Remote: Yes Local: yes Credit: ABDUCTER --- [email protected] OR [email protected] Vulnerable: PortailPHP 2.4 and all version info :- PortailPHP POWERFUL FORUM AND formal site http://www.portailphp.com/ there is sql in index.php...
phpBB Notes Mod SQL Injection Vulnerability
GulfTech Security Research April 27th, 2005 Vendor : Oxpus URL : http://www.oxpus.de/ Version : All Versions Risk : SQL Injection Vulnerability Description: oxpus.de author many popular modules and hacks for the amazingly popular phpBB software. One of these modules allows users to keep their own...
[SECURITY] [DSA 523-1] New www-sql packages fix buffer overflow
-------------------------------------------------------------------------- Debian Security Advisory DSA 523-1 [email protected] http://www.debian.org/security/ Matt Zimmerman June 19th, 2004 http://www.debian.org/security/faq -...
Mini SQL 1.0/1.3 - Remote Format String
// source: https://www.securityfocus.com/bid/8295/info Mini SQL mSQL has been reported prone to a remotely exploitable format string vulnerability, when handling user-supplied data. Reportedly a remote attacker may send malicious format specifiers to trigger the issue. This vulnerability could...
MS00-035: MS SQL7.0 Service Pack may leave passwords on system (263968)
The installation process of the remote MS SQL server left a file named 'sqlsp.log' on the remote host. This file contains the password assigned to the 'sa' account of the remote database. An attacker may use this flaw to gain administrative access to the database server. C Tenable Network Securit...
Voxel Dot Net CBms 0.x - Multiple Code Injection Vulnerabilities
Voxel Dot Net CBms 0.x - Multiple Code Injection Vulnerabilities source: https://www.securityfocus.com/bid/4957/info It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute...
CVE-2001-1025
CVE-2001-1025 concerns PHP-Nuke 5.x. The vulnerability allows remote attackers to perform arbitrary SQL operations by modifying the prefix variable in scripts that do not define it (for example, by including mainfile.php), such as article.php. The mechanism is an injection flaw arising from unsaf...
[ Hackerslab bug_paper ] Informix-SQL application vulnerability
============================================================================== Hackerslab bugpaper Informix-SQL application vulnerability ============================================================================== File : Informix-SQL application SYSTEM : Systems running Informix INFO : There i...
AdCycle SQL Command Insertion Vulnerability - qDefense Advisory Number QDAV-2001-7-2
AdCycle SQL Command Insertion Vulnerability qDefense Advisory Number QDAV-2001-7-2 Product: AdCycle Vendor: AdCyle http://adcycle.com Severity: Remote; Attacker may gain AdCycle administrator status Versions Affected: Versions up to and including 1.15 Vendor Status: Vendor contacted; has released...
Tumbleweed Worldsecure (MMS) BLANK 'sa' account password vulnerability
I've recently discovered the following vulnerability: Product: Tumbleweed Messaging Management System MMS Formerly Worldtalk Worldsecure http://www.tumbleweed.com/solutions/products/mmsproducts Version: 4.3 - 4.5 all builds Description: Product uses Microsoft's MSDE Database engine which is a...
Hughes Technologies Mini SQL (mSQL) 2.0.11 - w3-msql Remote Buffer Overflow
Hughes Technologies Mini SQL mSQL 2.0.11 - w3-msql Remote Buffer Overflow // source: https://www.securityfocus.com/bid/898/info w3-msql is a cgi-program shipped with Mini-SQL which acts as a web interface for msql. There are a number of buffer overflow vulnerabilities in it with one proven to be...
Oracle Webserver PL/SQL Stored Procedure GET Request DoS
It was possible to make the remote web server crash by supplying a too long argument to the cgi /ews-bin/fnord. An attacker may use this flaw to prevent your customers to access your website. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc...
HIS.ESSO.SSOSQL
Presence of affected bin...