13185 matches found
Sql injection
Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 page.php or 2 single.php...
CVE-2012-5900
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the 1 OBID parameter in a single action to admin/action/objects.php, 2 AREAID parameter in a single action to admin/action/areas.php, or 3 start parameter in a show action...
CVE-2012-5910
SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter...
CVE-2012-5910
CVE-2012-5910 is a SQL injection in blogs/htsrv/viewfile.php of b2evolution 4.1.3. An authenticated remote user can inject SQL via the root parameter to execute arbitrary commands. Impact is partial confidentiality/integrity/availability as stated; attack vector is web-based with single-privilege...
CVE-2012-5912
Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to 1 page.php or 2 single.php...
CVE-2012-4951
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the 1 TerminalId, 2 ModelName, or 3 ApplicationName parameter...
CVE-2012-4951
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the 1 TerminalId, 2 ModelName, or 3 ApplicationName parameter...
CVE-2012-4949
CVE-2012-4949 is an SQL injection vulnerability in ESRI ArcGIS 10.1 where the where parameter in a REST service query URI can be exploited by remote authenticated users to execute arbitrary SQL. The root cause is inadequate sanitization of SQL commands in the where clause, enabling a subset of SQ...
CVE-2012-4949
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service...
Multiple SQL Injection vulnerabilities in ClipBucket
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in ClipBucket, which can be exploited to perform SQL Injection attacks. 1 Multiple SQL Injections in ClipBucket: CVE-2012-5849 1.1 The vulnerability exists due to improper sanitation of input in multiple parameters within...
CVE-2011-5235
SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link...
CVE-2011-5234
SQL injection vulnerability in user.php in Social Network Community 2 allows remote attackers to execute arbitrary SQL commands via the userId parameter...
CVE-2011-5222
SQL injection vulnerability in rub2w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter...
CVE-2011-5215
SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2011-5218
SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php...
CVE-2011-5213
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 loginusername parameter to index.php, 2 parentid parameter to modules/Documents/versionlist.php, or 3 contactid parameter to modules/Documents/index.php...
Sql injection
SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information...
Sql injection
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 loginusername parameter to index.php, 2 parentid parameter to modules/Documents/versionlist.php, or 3 contactid parameter to modules/Documents/index.php...
Sql injection
SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link...