CVE-2012-4261

SQL injection vulnerability in modules/patient/mycare2xpatinfo.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter...

CVE-2012-4258

CVE-2012-4258 involves multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2). The affected components are the 1_mobile/listings.php (parameter: link_idd) and 1_mobile/agentprofile.php (parameter: userid). The underlying issue is unsafeguarded input leading to arbitrary SQL...

CVE-2012-3468

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to 1 the verify function in application/controllers/alerts.php, 2 the saveall function in application/models/settings.php, or 3 the media type to...

Sql injection

Multiple SQL injection vulnerabilities in the edit functions in 1 application/controllers/admin/reports.php and 2 application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id...

Sql injection

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to 1 the verify function in application/controllers/alerts.php, 2 the saveall function in application/models/settings.php, or 3 the media type to...

CVE-2012-3470

Multiple SQL injection vulnerabilities in application/libraries/api/MYCountriesApiObject.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to getcountries functions...

CVE-2012-3468

CVE-2012-3468 affects the Ushahidi Platform prior to 2.5. The vulnerability tier is high (CVSS v2 base score 7.5) and stems from multiple SQL injection weaknesses in specific code paths: (1) verify() in application/controllers/alerts.php, (2) save_all() in application/models/settings.php, and (3)...

CVE-2012-3469

CVE-2012-3469 affects the Ushahidi Platform prior to 2.5. It describes multiple SQL injection vulnerabilities exploitable via (1) messages admin functionality (application/controllers/admin/messages.php), (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/m...

CVE-2012-4070

SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php...

Sql injection

Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the 1 username parameter to the send page, 2 email parameter to the forget page, 3 password parameter to the forumarchive page, 4 section parameter to the management page, 5...

CVE-2012-3953

SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page...

Sql injection

SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page...

CVE-2012-4034

Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the 1 username parameter to the send page, 2 email parameter to the forget page, 3 password parameter to the forumarchive page, 4 section parameter to the management page, 5...

CVE-2012-4034

PBBoard 2.1.4 (and likely earlier) is affected by multiple SQL injection vulnerabilities disclosed for CVE-2012-4034. The flaws arise from unsanitised input in various POST/GET parameters processed by index.php (including username, email, password, section, section_id, member_id, and subjectid) t...

Openconstructor CMS 3.12.0 - id Multiple SQL Injections

Openconstructor CMS 3.12.0 - id Multiple SQL Injections Title: Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list...

CVE-2012-4178

SQL injection vulnerability in spywall/includes/deptUploadsdata.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter...

Sql injection

SQL injection vulnerability in spywall/includes/deptUploadsdata.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter...

CVE-2012-4178

SQL injection vulnerability in spywall/includes/deptUploadsdata.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter...

Openconstructor CMS 3.12.0 SQL Injection

Title: Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list http://esectorsolutions.com/about/whats-new/esector-news/detailed/?id=234 Description: Openconstructor...

CVE-2012-3951

CVE-2012-3951 concerns the MySQL component in Plixer Scrutinizer (also Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier, which ships with a default password for two accounts ( Scrutinizer and ScrutRemote). This default credentialing flaw enables remote attackers to log into MySQL over a TCP se...