13185 matches found
CVE-2012-1029
SQL injection vulnerability in mobile/search/index.php in Tube Ace Adult PHP Tube Script 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information...
CVE-2012-1026
Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameters...
Sql injection
SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the catparentid parameter in an addcat action...
Sql injection
Multiple SQL injection vulnerabilities in baseqrymain.php in Basic Analysis and Security Engine BASE 1.4.5 allow remote attackers to execute arbitrary SQL commands via the 1 ipaddr01, 2 ipaddr02, or 3 ipaddr09 parameters...
Sql injection
SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATHINFO to index.php. NOTE: some of these details are obtained from third party information...
CVE-2012-1026
Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameters...
Total Defense Suite UNC Management Console ExportReport SQL Injection Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CA Total Defense Suite. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ExportReport stored procedure, accessed via the management.asmx console. Th...
CVE-2012-1029
CVE-2012-1029 refers to a SQL injection vulnerability in Tube Ace (Adult PHP Tube Script) 1.6, specifically in mobile/search/index.php via the q parameter. The root cause is an SQL injection that could allow remote attackers to execute arbitrary SQL commands. Affected component: the q parameter i...
CVE-2012-1017
Multiple SQL injection vulnerabilities in baseqrymain.php in Basic Analysis and Security Engine BASE 1.4.5 allow remote attackers to execute arbitrary SQL commands via the 1 ipaddr01, 2 ipaddr02, or 3 ipaddr09 parameters...
CVE-2012-0980
SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter...
Sql injection
SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone aka The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the pricefrom parameter...
Sql injection
SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php...
CVE-2012-0983
SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php...
CVE-2012-0980
In phux Download Manager, CVE-2012-0980 describes an SQL injection vulnerability in download.php via the file parameter. The OpenVAS entry (phux Download Manager 'file' Parameter SQL Injection Vulnerability) confirms a classic SQLi risk allowing remote input to affect the database. The vulnerabil...
CVE-2012-0982
SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone aka The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the pricefrom parameter...
CVE-2012-0980
SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter...
VulnCheck KEV: CVE-2012-1071
SQL injection vulnerability in the Kitchen recipe mvcooking extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012...
CVE-2011-5072
Multiple SQL injection vulnerabilities in Support Incident Tracker aka SiT! before 3.65 allow remote attackers to execute arbitrary SQL commands via the 1 start parameter to portal/kb.php; 2 contractid parameter to contractaddservice.php; 3 id parameter to editescalationpath.php; 4 unlock, 5 lock...
Sql injection
Multiple SQL injection vulnerabilities in Support Incident Tracker aka SiT! before 3.65 allow remote attackers to execute arbitrary SQL commands via the 1 start parameter to portal/kb.php; 2 contractid parameter to contractaddservice.php; 3 id parameter to editescalationpath.php; 4 unlock, 5 lock...
CVE-2011-3831
SQL injection vulnerability in incidentattachments.php in Support Incident Tracker aka SiT! 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name...