13185 matches found
CVE-2011-5071
Multiple SQL injection vulnerabilities in Support Incident Tracker aka SiT! before 3.64 allow remote attackers to execute arbitrary SQL commands via the 1 exc parameter to reportmarketing.php, 2 selected parameter to tasks.php, 3 sites parameter to billableincidents.php, or 4 searchstring paramet...
Sql injection
SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter...
Sql injection
SQL injection vulnerability in incidentattachments.php in Support Incident Tracker aka SiT! 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name...
CVE-2012-0069
SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter...
Sql injection
SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information...
CVE-2012-0069
SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter...
CVE-2012-0912
SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-0905
SQL injection vulnerability in deV!L'z Clanportal DZCP Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php...
Sql injection
SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal DZCP 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php...
Sql injection
SQL injection vulnerability in deV!L'z Clanportal DZCP Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php...
CVE-2012-0906
SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal DZCP 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php...
CVE-2012-0905
SQL injection vulnerability in deV!L'z Clanportal DZCP Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php...
MySQL < 4.1.12 / 5.0.4 Insecure Permissions
The remote MySQL server is earlier than 4.1.12 / 5.0.4 and thus reportedly creates a temporary file with insecure permissions and a predictable name, which could allow a local user to run arbitrary SQL commands. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17805;...
CVE-2011-4921
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter...
Sql injection
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter...
Sql injection
SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information...
CVE-2011-4921
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter...
Sql injection
SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2011-5038
SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...