CVE-2004-1553

The CVE-2004-1553 entry concerns aspWebAlbum, where two input vectors allow SQL injection: (1) the username field on the login page and (2) the cat parameter to album.asp. The description notes that vector 1 affects aspWebAlbum 3.2 via txtUserName in a processlogin action to album.asp. Public ref...

CVE-2004-1608

SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation...

CVE-2004-1553

SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via 1 the username field on the login page or 2 the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName paramet...

CVE-2004-1383

Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the 1 order, 2 projectid, 3 promain, or 4 hoursid parameters to index.php or 5 ticketid to viewticketdetails.php...

ITA Forum Multiple Scripts SQL Injection

The remote host is running ITA Forum, a forum software written in PHP. There is a SQL injection issue in the remote version of this software which may allow an attacker to execute arbitrary SQL statements on the remote host and to potentially overwrite arbitrary files on the remote system, by...

CVE-2004-1401

SQL injection vulnerability in verify.asp in Asp-rider allows remote attackers to execute arbitrary SQL statements and bypass authentication via the username parameter...

CVE-2004-2056

SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter...

CVE-2004-1383

Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the 1 order, 2 projectid, 3 promain, or 4 hoursid parameters to index.php or 5 ticketid to viewticketdetails.php...

CVE-2004-1553

SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via 1 the username field on the login page or 2 the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName paramet...

UBB.threads dosearch.php SQL injection

There is a SQL injection issue in the remote version of UBB.threads that may allow an attacker to execute arbitrary SQL statements on the remote host and potentially overwrite arbitrary files there by sending a malformed value to the 'Name' argument of the file 'dosearch.php'. %NASLMINLEVEL 70300...

CVE-2004-1608

SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation...

CVE-2004-0732

SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter...

CVE-2002-1457

SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter...