13185 matches found
Sql injection
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder QuickWeb allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to apps/news-events/newdetail.asp, or the 2 UserID or 3 Password to login.asp...
Sql injection
SQL injection vulnerability in action.php in Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action...
CVE-2013-7193
Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 pa parameter to auction/asp/list.asp, or the 2 UserID or 3 Password to auction/casp/admin.asp...
CVE-2013-2627
SQL injection vulnerability in action.php in Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action...
CVE-2013-7192
CVE-2013-7192 affects the Dynamic Biz Website Builder (QuickWeb). The vulnerability is a SQL injection in the web app where input may be unsafely interpolated into SQL: the (1) id parameter to apps/news-events/newdetail.asp, and the (2) UserID or (3) Password to login.asp. This allows remote atta...
CVE-2013-2627
CVE-2013-2627 describes a SQL injection in Leed (Light Feed) through action.php?action=removeFolder&id=... where user input is not properly escaped. The CSNC advisory confirms multiple vulnerabilities in Leed, including this SQL injection, and notes the vendor-provided fix was to upgrade to the l...
CVE-2013-7187
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to 1 checktransferstatus.php, 2 checktransferstatusbck.php, or 3 additionalsettings.php; or 4 invno parameter to payinvoiceothers.php...
CVE-2013-7189
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to 1 checktransferstatus.php, 2 checktransferstatusbck.php, or 3 additionalsettings.php; or 4 invno parameter to payinvoiceothers.php...
CVE-2013-7094
SQL injection vulnerability in the RSDDCVERCOUNTTABCOLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the RSDDCVERCOUNTTABCOLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-6839
SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/id...
CVE-2013-6985
SQL injection vulnerability in mworklog/logsearchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter...
Sql injection
Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 fbuserid or 2 twuserid parameter to signup...
CVE-2013-6341
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php...
Sql injection
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php...
CVE-2013-6341
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php...
Chamilo LMS 1.9.6 SQL Injection Vulnerability
Chamilo LMS version 1.9.6 suffers from a remote SQL injection vulnerability. Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013 Vendor Patch: Novembe...
CVE-2013-6875
SQL injection vulnerability in functions/prependadm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php...