498 matches found
OpenDocMan 1.2.5 - 'user.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/36777/info OpenDocMan is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based...
PHPLive! 3.2.2 - 'request.php' SQL Injection
source: https://www.securityfocus.com/bid/35718/info PHPLive! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data...
JVN#03114223 SQL injection vulnerability in SKIP from SKIP User Group
SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a SQL injection vulnerability. Impact Contents created by SKIP can be altered or information saved by SKIP can be obtained by a user that can login to SKIP. Solution Update the software Update to the...
z1exchange 1.0 (edit.php site) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================= z1exchange 1.0 edit.php site Remote SQL Injection Vulnerability =================================================================...
ClassSystem 2.02.3 - HomepageTop.php?teacher_id SQL Injection
ClassSystem 2.02.3 - HomepageTop.php?teacherid SQL Injection source: https://www.securityfocus.com/bid/29372/info ClassSystem is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include multiple SQL-injection...
Clever Copy 3.0 - 'postview.php' SQL Injection Vulnerability
Clever Copy 3.0 'postview.php' SQL Injection Vulnerability. CVE-2008-1608. Webapps exploit for php platform source: http://www.securityfocus.com/bid/28437/info Clever Copy is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an...
PT-2007-5375 · Pluck · Pluck
Name of the Vulnerable Software and Affected Versions: Pluck version 4.3 Description: The issue allows remote attackers to potentially read arbitrary local files via a .. dot dot in the file parameter in the data/inc/theme.php file when register globals is enabled. However, it's noted that the co...
security flaw
Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 5 and earlier, Java System Development Kit SDK and JRE 1.4.210 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...
CVE-2006-6736
Unspecified vulnerability in Sun Java Development Kit JDK and Java Runtime Environment JRE 5.0 Update 6 and earlier, Java System Development Kit SDK and JRE 1.4.212 and earlier 1.4.x versions, and SDK and JRE 1.3.118 and earlier allows attackers to use untrusted applets to "access data in other...
Inventory Manager - Multiple Input Validation Vulnerabilities
source: https://www.securityfocus.com/bid/21069/info Inventory Manager is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. Successful exploits of these vulnerabiliti...
more.groupware <= 0.74 (new_calendarid) Remote SQL Injection Exploit
No description provided by source. ? errorreportingEERROR; function exploitinit if !extensionloaded'phpcurl' && !extensionloaded'curl' if !dl'curl.so' && !dl'phpcurl.dll' die "oo error - cannot load curl extension!"; function exploitheader echo...
phpMyFAQ < 1.6.0 SQL Injection (deprecated)
Binary data 2675.prm...
MyDms 1.4 - SQL Injection / Directory Traversal
source: https://www.securityfocus.com/bid/10996/info MyDMS is reportedly susceptible to both a directory traversal vulnerability and an SQL injection vulnerability. The SQL injection vulnerability is present because a script improperly sanitizes user-supplied data located in a URI argument before...
CVE-2000-1145
Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or fsdb to read /dev/mem and raw disk devices to identify ManTrap processes or modify arbitrary data files...
CVE-1999-0351
FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client...
CVE-2018-4741
...
CVE-2025-2504
...
Security update 1970-01-01
...