EasyPublish 3.0 - read Multiple SQL Injections Cross-Site Scripting

EasyPublish 3.0 - read Multiple SQL Injections Cross-Site Scripting source: https://www.securityfocus.com/bid/30307/info EasyPublish is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection and cross-site...

Oracle SQL injection lateral attacks

SQL injection into uncontrolled PL/SQL procedires is possible with e.g. modification of data format with ALTER SESSION...

Def_Blog 1.0.3 - 'comlook.php?article' SQL Injection

source: https://www.securityfocus.com/bid/30289/info DefBlog is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

Zoph 0.7.2.1 - SQL Injection

source: https://www.securityfocus.com/bid/30116/info Zoph is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify dat...

Zoph 0.7.2.1 - search.php?_off Cross-Site Scripting

Zoph 0.7.2.1 - search.php?off Cross-Site Scripting source: https://www.securityfocus.com/bid/30116/info Zoph is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credential...

Zoph 0.7.2.1 - SQL Injection

Zoph 0.7.2.1 - SQL Injection source: https://www.securityfocus.com/bid/30116/info Zoph is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the...

TrailScout Module For Drupal Session Cookie SQL Injection

The remote host is running TrailScout, a third-party module for Drupal that displays a breadcrumb-like trail showing pages a user recently visited on a site. The version of the TrailScout module installed on the remote host fails to sanitize user-supplied input to the session cookie before using ...

Joomla! Component EXP Shop 1.0 - SQL Injection

Joomla! Component EXP Shop 1.0 - SQL Injection source: https://www.securityfocus.com/bid/29869/info The EXP Shop component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue cou...

Joomla! Component EXP Shop 1.0 - SQL Injection

source: https://www.securityfocus.com/bid/29869/info The EXP Shop component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

PHPEasyData 1.5.4 - '/admin/login.php?Username' SQL Injection

source: https://www.securityfocus.com/bid/29659/info PHPEasyData is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the...

OtomiGenX 2.2 - 'userAccount' SQL Injection

source: https://www.securityfocus.com/bid/29470/info OtomiGenX is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...

Te Ecard - id Multiple SQL Injections

Te Ecard - id Multiple SQL Injections source: https://www.securityfocus.com/bid/29478/info Te Ecard is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to...

i-pos StoreFront 1.3 - index.asp SQL Injection

i-pos StoreFront 1.3 - index.asp SQL Injection source: https://www.securityfocus.com/bid/29471/info i-pos Storefront is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attack...

Joomla! / Mambo Component Joo!BB 0.5.9 - 'forum' SQL Injection

source: https://www.securityfocus.com/bid/29475/info The Joo!BB component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

TorrentTrader Classic 1.x - scrape.php SQL Injection

TorrentTrader Classic 1.x - scrape.php SQL Injection source: https://www.securityfocus.com/bid/29451/info TorrentTrader Classic is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allo...

Proje ASP Portal 2.0 - 'id' Multiple SQL Injections

source: https://www.securityfocus.com/bid/29427/info Proje ASP Portal is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application,...

dvbbs 8.2 - 'login.asp' Multiple SQL Injections

source: https://www.securityfocus.com/bid/29429/info The 'dvbbs' program is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application,...

Joomla! Mambo Component Artists - idgalery SQL Injection

Joomla! Mambo Component Artists - idgalery SQL Injection source: https://www.securityfocus.com/bid/29407/info The Artists component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query...

ClassSystem 2.02.3 - MessageReply.php?teacher_id SQL Injection

ClassSystem 2.02.3 - MessageReply.php?teacherid SQL Injection source: https://www.securityfocus.com/bid/29372/info ClassSystem is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. These issues include multiple SQL-injection...

Campus Bulletin Board 3.4 - '/post3/book.asp?review' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29375/info Campus Bulletin Board is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could...