13185 matches found
Sql injection
SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin aka afsignatures 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afsbarright parameter...
Sql injection
Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures aka afsignatures plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the 1 afstype, 2 afsbackground, 3 afsshowonline, 4 afsbarleft, 5 afsbarcenter, 6 afsfullline1, 7 afsfullline...
Sql injection
Multiple SQL injection vulnerabilities in the updatecounter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to 1 videos.php or 2 channels.php. NOTE: some of these details are obtained from third party information...
CVE-2012-6643
Multiple SQL injection vulnerabilities in the updatecounter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to 1 videos.php or 2 channels.php. NOTE: some of these details are obtained from third party information...
CVE-2013-0735
Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic 1 removepost, 2 sticky, or 3 closed action or 4 thread parameter in a postreply action to...
CVE-2014-2655
SQL injection vulnerability in the genshowstatus function in functions.inc.php in Postfix Admin aka postfixadmin before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias...
CVE-2014-2655
SQL injection vulnerability in the genshowstatus function in functions.inc.php in Postfix Admin aka postfixadmin before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias...
Sql injection
SQL injection vulnerability in the genshowstatus function in functions.inc.php in Postfix Admin aka postfixadmin before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias...
CVE-2014-2655
SQL injection vulnerability in the genshowstatus function in functions.inc.php in Postfix Admin aka postfixadmin before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias...
CVE-2013-3213
Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the 1 picklistname parameter in the getpicklists method to soap/customerportal.php, 2 where parameter in the getticketslist method to soap/customerportal.php, or 3...
CVE-2013-2945
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the showstatuses parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL command...
CVE-2013-3213
Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the 1 picklistname parameter in the getpicklists method to soap/customerportal.php, 2 where parameter in the getticketslist method to soap/customerportal.php, or 3...
CVE-2014-2655
SQL injection vulnerability in the genshowstatus function in functions.inc.php in Postfix Admin aka postfixadmin before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias...
Sql injection
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 newsid parameter to news/send.php, 2 threadid parameter to posts/edit.php, or 3 useremail parameter to users/password.php or 4 users/register.php. NOTE: these issues were SPLIT...
CVE-2013-5640
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...
Sql injection
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...
CVE-2013-5640
Summary: CVE-2013-5640 (and related CVE-2013-7349) affect the Gnew 2013.1 application, with multiple SQL injection vectors. The vulnerabilities allow remote attackers to inject SQL via parameters in polls/vote.php (answer_id, question_id), comments/add.php (story_id) and comments/edit.php, or pos...
Sql injection
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-1645
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator LUA 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2011-5276
SQL injection vulnerability in the drawAdminToolsPackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control DTC before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the databasename parameter...