141 matches found
webERP 4.3.8 - '/reportwriter/ReportMaker.php?reportid' SQL Injection
source: https://www.securityfocus.com/bid/50713/info webERP is prone to information-disclosure, SQL-injection, and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may exploit the information-disclosure issue to gain access to sensiti...
Admin Bot - 'news.php' SQL Injection
source: https://www.securityfocus.com/bid/50562/info Admin Bot is prone to an SQL Injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...
Joomla! Component com_shop - id SQL Injection
Joomla! Component comshop - id SQL Injection source: https://www.securityfocus.com/bid/50043/info The 'comshop' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue coul...
Auto Web Toolbox - id SQL Injection
Auto Web Toolbox - id SQL Injection source: https://www.securityfocus.com/bid/48683/info Auto Web Toolbox is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker t...
Joomla! Component com_newssearch - SQL Injection
source: https://www.securityfocus.com/bid/48698/info The 'comnewssearch' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
Joomla! 1.6 - Multiple SQL Injections
Joomla! 1.6 - Multiple SQL Injections source: https://www.securityfocus.com/bid/46846/info Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to...
BoutikOne - 'list.php?path' SQL Injection
source: https://www.securityfocus.com/bid/46861/info Pixie is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access ...
PHPRS - 'model-kits.php' SQL Injection
source: https://www.securityfocus.com/bid/45467/info phpRS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modif...
BugTracker.NET 3.4.4 - SQL Injection Cross-Site Scripting
BugTracker.NET 3.4.4 - SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/45121/info BugTracker.NET is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these...
Simea CMS - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/44878/info Simea CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...
Online Work Order Suite - Login SQL Injection
Online Work Order Suite - Login SQL Injection source: https://www.securityfocus.com/bid/44608/info Online Work Order Suite is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
Symantec IM Manager whereClause Parameter SQL Injection (SYM10-010)
The version of Symantec IM Manager installed on the remote Windows host fails to sanitize input to the 'whereClause' parameter of the 'rdpageimlogic.aspx' script before using it in the 'LoggedInUsers.lgx' definition file to construct database queries. An unauthenticated attacker may be able to...
BlueCMS 1.6 - 'x-forwarded-for' Header SQL Injection
source: https://www.securityfocus.com/bid/42999/info BlueCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data,...
AbleSpace 1.0 - 'news.php' SQL Injection
source: https://www.securityfocus.com/bid/41139/info AbleSpace is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...
webConductor - 'default.asp' SQL Injection
source: https://www.securityfocus.com/bid/41042/info webConductor is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...
Tele Datas Contact Management Server 0.9 - Username SQL Injection
Tele Datas Contact Management Server 0.9 - Username SQL Injection source: https://www.securityfocus.com/bid/39799/info The Tele Data's Contact Management Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query...
Viennabux Beta! - 'cat' SQL Injection
source: https://www.securityfocus.com/bid/39602/info Viennabux Beta! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modi...
Joomla! Component com_weblinks - id SQL Injection
Joomla! Component comweblinks - id SQL Injection source: https://www.securityfocus.com/bid/39032/info The 'comweblinks' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this...
Web Cocoon simpleCMS - 'show.php' SQL Injection
source: https://www.securityfocus.com/bid/41526/info Web Cocoon simpleCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...
Log Rover pword Parameter SQL Injection
The remote host is running Log Rover, an ASP application for analyzing web server log files. The web interface included with the version of Log Rover installed on the remote host fails to sanitize user-supplied input to the 'pword' parameter of the 'login.asp' script before using it to construct...