Sql injection

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...

CVE-2006-7034

SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter...

CVE-2006-7034

CVE-2006-7034 corresponds to an SQL injection in the Super Link Exchange Script 1.0, specifically via the cat parameter in directory.php. The underlying flaw is unsanitized user input in the SQL query construction, enabling remote attackers to execute arbitrary SQL commands. The CVSS v2 base scor...

CVE-2006-2081

Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GETDOMAININDEXMETADATA function in the DBMSEXPORTEXTENSION package. NOTE: this issue was originally linked to DB05 CVE-2006-1870, but a reliable third party has claimed that it is not the same issue...

CVE-2002-2168

SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including functiondescribeitem1.inc.php...

Oracle 9iAS OWA UTIL access

Oracle 9iAS can provide access to the PL/SQL application OWAUTIL that provides web access to some stored procedures. These procuedures, without authentication, can allow users to access sensitive information such as source code of applications, user credentials to other database servers and run...

CVE-2004-2349

Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow remote attackers to execute arbitrary SQL queries...

CVE-2000-1233

SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter...

CVE-2004-2349

Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow remote attackers to execute arbitrary SQL queries...

CVE-2004-2322

SQL injection vulnerability in the 1 announce and 2 notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANNid parameter to the announce module...

CVE-2004-0338

SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter...

miniBB index.php user Parameter SQL Injection

The remote host is using the miniBB forum management system. According to its version number, this forum is vulnerable to a SQL injection attack. Input to the 'user' parameter of index.php not properly sanitized. A remote attacker could exploit this to execute arbitrary SQL queries against the...

CVE-2003-0751

SQL injection vulnerability in passdone.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter...

CVE-2003-0735

SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter...

CVE-2002-2168

SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including functiondescribeitem1.inc.php...

CVE-2002-0709

SQL injection vulnerabilities in the Web Reports Server for SurfControl SuperScout WebFilter allow remote attackers to execute arbitrary SQL queries via the RunReport option to SimpleBar.dll, and possibly other DLLs...

CVE-2002-0709

The CVE-2002-0709 issue affects SurfControl SuperScout WebFilter’s Web Reports Server. The problem arises from SQL injection in the report components (notably SimpleBar.dll/RunReport and related DLLs) where input is not properly validated, allowing remote attackers toExecute arbitrary SQL against...

CVE-2001-0319

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the orderrn option of the report capability...

NCM Content Management System - content.pl Input Validation

source: https://www.securityfocus.com/bid/2584/info The NCM Content Management System is a product distributed by NCM. The NCM Content Management System is designed to manage web material and other data, and provide an interface to databases from web resources. A problem with the Content Manageme...

CVE-2001-0201

The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program...