13187 matches found
Sql injection
Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotelid parameter to 1 hotel.php, 2 details.php, 3 roomtypes.php, 4 photos.php, 5 map.php, 6 weather.php, 7 reviews.php, and 8 book.p...
Sql injection
SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL commands via the linkid parameter in a showreview action...
Sql injection
SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to forummission.php...
Sql injection
SQL injection vulnerability in the updateOnePage function in components/combfsurveypro/controller.php in BF Survey Pro Free combfsurveyprofree 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an...
Sql injection
SQL injection vulnerability in the TemplatePlaza.com TPDugg comtpdugg component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php...
CVE-2009-4619
SQL injection vulnerability in the Lucy Games comlucygames component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information...
CVE-2009-4625
The CVE-2009-4625 entry concerns BF Survey Pro Free (com_bfsurvey_profree) for Joomla! where the updateOnePage action (table parameter) is vulnerable to SQL injection. Affected versions include 1.2.4 and other versions prior to 1.2.6. The vulnerability arises from improper validation of the table...
CVE-2009-4620
SQL injection vulnerability in the Joomloc comjoomloc component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php...
CVE-2009-4618
Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetextid parameter to 1 aboutus.php and 2 faq.php...
CVE-2009-4624
CVE-2009-4624 affects Nicecoder iDesk via a SQL injection in download.php that is exploitable through the cat_id parameter. The vulnerability is in the application layer where user-supplied cat_id can cause arbitrary SQL execution, with impact described as arbitrary SQL commands being run by an a...
SQL injection in FreePBX 2.5.1
Exploit for unknown platform in category web applications ============================== SQL injection in FreePBX 2.5.1 ============================== Advisory Name: SQL injection in FreePBX 2.5.1 Internal Cybsec Advisory Id: 2010-0103 Vulnerability Class: SQL injection Release Date: 15/01/2010...
CVE-2010-0341
SQL injection vulnerability in the BB Simple Jobs bbsimplejobs extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-0343
SQL injection vulnerability in the Clan Users List pbclanlist extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the MJS Event Pro mjseventpro extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the Googlemaps for ttnews jfeasymaps extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the Vote rank for news voteforttnews extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the init function in MK-AnydropdownMenu mkanydropdownmenu extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the User Links vm19userlinks extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the Helpdesk mghelp extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-0329
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."...