55 matches found
Helpdesk Issue Manager v0.9 SQL inj.
Helpdesk Issue Manager v0.9 SQL inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/helpdesk-issue-manager-v09-sql-inj.html Vendor:http://helpdesk.centralmanclc.com/ affected vesion:v0.9 and prior Vuln. Description: Input passed to the "id"...
CVE-2005-3208
Multiple SQL injection vulnerabilities in 1 aeNovo, 2 aeNovoShop and 3 aeNovoWYSI allow remote attackers to execute arbitrary SQL code via a the password parameter in control.asp, and b the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages...
CVE-2004-1955
SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter...
CVE-2004-1846
CVE-2004-1846 affects News Manager Lite 2.5 with multiple SQL injection flaws allowing remote attackers to execute arbitrary SQL via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp. The sources provided reiterate this vulnerability...
CVE-2004-2066
SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the 1 linphauserid or 2 linphapassword cookies...
CVE-2004-1846
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the 1 ID parameter to more.asp, 2 ID parameter to categorynews.asp, or 3 filter parameter to newssort.asp...
phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities
The installed version of phpBB on the remote host includes a photo album module that has multiple vulnerabilities: - A SQL Injection Vulnerability An attacker can pass arbitrary SQL code through the 'mode' parameter of the 'albumsearch.php' script to manipulate database queries. - Various...
CVE-2004-1588
GoSmart Message Board (ASP) is affected by SQL injection in two input vectors: Forum.asp via QuestionNumber/Category and Login_Exec.asp via Username/Password. This enables remote execution of arbitrary SQL commands. Related OpenVAS entries also flag additional XSS and input-sanitization flaws, bu...
CVE-2004-1588
SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the 1 QuestionNumber and Category parameters to Forum.asp or 2 Username and Password parameter to LoginExec.asp...
[Hat-Squad] SQL injection and XSS Vulnerabilities in HELM
Hat-Squad Advisory: SQL injection and XSS Vulnerabilities in HELM November 2, 2004 Product: HELM Web Hosting Control Panel Vendor URL: http://helm.webhostautomation.com Version: HELM 3.1.19 and lower Vulnerability: SQL injection and XSS Release Date: November 2, 2004 Vendor Status: Informed on 28...
Simple Machines Forum %lt; 1.1.4 / 1.0.12 SQL Injection
Binary data 4574.prm...
CVE-2004-2066
SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the 1 linphauserid or 2 linphapassword cookies...
CVE-2004-2042
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via 1 content parameter to content.php, 2 contentid parameter to content.php, or 3 list parameter to news.php...
CVE-2004-0272
CVE-2004-0272 describes an SQL injection vulnerability in MaxWebPortal that allows remote attackers to inject arbitrary SQL via the SendTo parameter in Personal Messages, potentially exposing sensitive information. The NVD reports a CVSS v2 base score of 7.5 (HIGH) with network access, low attack...
CVE-2001-1369
The CVE-2001-1369 issue affects pam-pgsql prior to 0.5.2. It allows remote attackers to bypass authentication or modify user records by injecting SQL into the user or password fields, thereby executing arbitrary SQL. Root cause is SQL injection in authentication-related input. The provided docume...