13185 matches found
CVE-2011-3197
SQL injection vulnerability in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domaininfo.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272...
CVE-2011-5276
SQL injection vulnerability in the drawAdminToolsPackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control DTC before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the databasename parameter...
CVE-2011-5272
SQL injection vulnerability in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vpsnote parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different...
Sql injection
SQL injection vulnerability in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vpsnote parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different...
Sql injection
SQL injection vulnerability in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domaininfo.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272...
Sql injection
SQL injection vulnerability in the drawAdminToolsPackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control DTC before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the databasename parameter...
CVE-2011-3197
SQL injection vulnerability in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domaininfo.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272...
CVE-2011-5276
SQL injection vulnerability in the drawAdminToolsPackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control DTC before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the databasename parameter...
CVE-2011-5276
CVE-2011-5276 is a SQL injection vulnerability in Domain Technologie Control (DTC) prior to 0.32.11. The flaw occurs in the drawAdminTools_PackageInstaller function, within shared/inc/forms/packager.php, where the database_name parameter can be exploited by remote authenticated users to execute a...
Sql injection
Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the 1 mcprojectgetattachments function in api/soap/mcprojectapi.php; the 2 newsgetlimitedrows function in core/newsapi.php; the 3...
Sql injection
Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 subject or 2 content parameter...
Sql injection
SQL injection vulnerability in the mcifileget function in api/soap/mcfileapi.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mcissueattachmentget SOAP request...
CVE-2014-1608
SQL injection vulnerability in the mcifileget function in api/soap/mcfileapi.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mcissueattachmentget SOAP request...
CVE-2013-4058
Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces...
CVE-2014-2323
SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname...
CVE-2014-2323
SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname...
Sql injection
SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname...
CVE-2014-2323
Lighttpd vulnerability CVE-2014-2323: SQL injection in mod_mysql_vhost.c allows remote command execution via the host name (related to request_check_hostname). Affected software: lighttpd prior to 1.4.35. Impact risk is described in public advisories as enabling arbitrary SQL execution. Remediati...
CVE-2014-2323
SQL injection vulnerability in modmysqlvhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to requestcheckhostname...
CVE-2014-2043
SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parameter...