Sql injection

SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS...

Sql injection

SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter...

Sql injection

Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to 1 entry/signin or 2 entry/passwordrequest...

CVE-2013-3527

Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to 1 entry/signin or 2 entry/passwordrequest...

CVE-2013-3525

SQL injection vulnerability in Approvals/ in Request Tracker RT 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted...

Sql injection

Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via 1 nedi/html/System-Export.php, 2 nedi/html/Devices-List.php, or 3 the Noma component...

Sql injection

SQL injection vulnerability in Cisco Network Admission Control NAC Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095...

CVE-2013-1177

SQL injection vulnerability in Cisco Network Admission Control NAC Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095...

Sql injection

Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 edit.php or 2 import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by...

CVE-2013-1748

Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 edit.php or 2 import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by...

CVE-2013-1748

CVE-2013-1748 corresponds to multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 . The issues allow remote attackers to execute arbitrary SQL commands through unspecified parameters to edit.php and import.php ; the description notes that the view.php and edit.php vectors are already ...

Sql injection

SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product...

PostgreSQL Denial of Service Vulnerability (Apr 2013) - Windows

PostgreSQL is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Server: contacts: SQL Injection

ownCloud before 5.0.1 does not neutralize special elements that are passed to the SQL query in addressbookprovider.php which therefore allows an authenticated attacker to execute arbitrary SQL commands. For more information please consult the official advisory. This advisory is licensed CC BY-SA ...

Sql injection

Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters...

CVE-2013-2690

SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action...

Sql injection

SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action...

CVE-2013-2690

CVE-2013-2690 is a SQL injection vulnerability in the SynConnect 2.0 login flow of Synchroweb Technology. The flaw affects index.php where an attacker can manipulate the loginid parameter in a logoff action to execute arbitrary SQL commands. Reported in NVD with a base score of 7.5 (HIGH) and net...

Sql injection

Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via 1 the nHistoryId parameter to WebProd/pages/pgHistory.asp or 2 the OrderBy parameter to WebProd/pages/pgadmin.asp...

CVE-2013-0123

Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via 1 the nHistoryId parameter to WebProd/pages/pgHistory.asp or 2 the OrderBy parameter to WebProd/pages/pgadmin.asp...