CVE-2010-4271

CVE-2010-4271 affects ImpressCMS prior to 1.2.3 RC2. The issue is a SQL injection that could allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Remediation: upgrade to ImpressCMS 1.2.3 RC2 or later.

SQL Injection Vulnerability in Enano CMS

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Enano CMS which could be exploited to execute arbitrary SQL commands in applications database. 1 SQL injection vulnerability in Enano CMS: CVE-2010-4780 An input validation error exists in the way application handles users...

2PRO Tube SQL injection Vulnerability

Exploit for php platform in category web applications ===================================== 2PRO Tube SQL injection Vulnerability ===================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /...

CVE-2010-2635

SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages."...

Sql injection

SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages."...

Sql injection

SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System OWOS Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-4006

Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the 1 namecondition or 2 namesearch parameter...

Sql injection

SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033...

Sql injection

SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646...

CVE-2010-4006

Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the 1 namecondition or 2 namesearch parameter...

CVE-2010-4144

SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter...

Sql injection

SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter...

Sql injection

SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2010-4143

CVE-2010-4143 affects phpCheckZ 1.1.0 and is triggered in chart.php when magic_quotes_gpc is disabled. The vulnerability enables SQL injection via the id parameter, allowing remote attackers to execute arbitrary SQL commands. This is caused by improper input handling in the affected code path. Th...

CVE-2010-4143

SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter...

Collabtive 0.65 - SQL Injection

Collabtive 0.65 - SQL Injection ANATOLIA SECURITY ADVISORY --------------------------- ADVISORY INFO + Title: Collabtive SQL Injection Vulnerability + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-004.txt + Advisory ID: 2010-004 + Version: 0.65 + Date: 12/10/2010 + Impact: Imprope...

Symantec IM Manager Administrative Interface IMAdminScheduleReport.asp SQL Injection Vulnerability

This vulnerability allows remote attackers to inject arbitrary SQL into the packaged database on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Administrative interface installed with IM Manager...

Multiple Vulnerabilities in Energine

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Energine which could be exploited to perform cross-site request forgery and SQL injection attacks. 1 Cross-site request forgery CSRF in in Energine The vulnerability exists due to insufficient validation of the...

CVE-2010-3601

SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter...

Sql injection

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 password pw parameters to a admin.php or b user.php...