59 matches found
Microsoft Windows ADO Array-Type Parameter Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2016-7565
install/index.php in Exponent CMS 2.3.9 allows remote attackers to execute arbitrary commands via shell metacharacters in the sc array parameter...
Sql injection
Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics parameter in an unfavorite action to index.php...
CVE-2014-9102
Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics parameter in an unfavorite action to index.php...
kernel: block: passing disk names as format strings
Format string vulnerability in the registerdisk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/mdmod/parameters/newarray in order to create a crafted /dev/md device nam...
CVE-2008-6970
SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum array parameter...
Sql injection
SQL injection vulnerability in zmhtmlviewevent.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter...
CVE-2008-3880
SQL injection vulnerability in zmhtmlviewevent.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter...
Sql injection
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action...
Sql injection
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an expgetFeedContent action...
CVE-2008-3374
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an expgetFeedContent action...
CVE-2007-6550
form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web browser but does not exit, which allows remote attackers to conduct eval injection attacks and execute arbitrary PHP code via the options array parameter...
CVE-2007-4861
SAXON 5.4, with displayerrors enabled, allows remote attackers to obtain sensitive information via 1 a direct request for news.php, 2 an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in 3 admin/, 4 rss/, and 5 the ro...
CVE-2007-5710
Cross-site scripting XSS vulnerability in wp-admin/edit-post-rows.php in WordPress 2.3 allows remote attackers to inject arbitrary web script or HTML via the postscolumns array parameter...
CVE-2007-0606
w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the 1 bn array parameter to index.php, which expects a string, and 2 certain parameters to deleteforum.php, which displays the path name in the resulting error message...
Design/Logic Flaw
w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the 1 bn array parameter to index.php, which expects a string, and 2 certain parameters to deleteforum.php, which displays the path name in the resulting error message...
CVE-2007-1135
Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the 1 strid parameter to index.php and the 2 id0 or other id array index parameter to filecheck.php...
Sql injection
Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 $u2uselect array parameter to u2u.inc.php and 2 $val variable fidpw0 cookie value in today.php...
CVE-2005-4555
Cross-site scripting XSS vulnerability in add.php in DEV web management system 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 ENTERARTICLETITLE, 2 SPECIFYZONE, 3 ENTERARTICLEHEADER, and 4 ENTERARTICLEBODY indices in the language array parameter...