drupal: pre-auth sql injection

Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the...

TYPO3 Unspecified SQL Injection Vulnerability

TYPO3 is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescriptio...

DSA-2706-1 chromium-browser - several

Bulletin has no description...

CVE-2013-2860

Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process...

Design/Logic Flaw

Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process...

CVE-2013-2860

Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process...

CVE-2013-2860

Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving access to a database API by a worker process...

CVE-2013-2860

CVE-2013-2860 is a use-after-free vulnerability in Chromium (Google Chrome) prior to 27.0.1453.110, arising from code paths involving access to a database API by a worker process. The flaw can allow a remote attacker to trigger a denial of service or potentially other impact. Public references fr...

CVE-2013-2860

Removed by vendor...

Potential SQL injection vulnerability in TYPO3 Core

It has been discovered that the TYPO3 prepared statement database API allows SQL Injections. Component Type: TYPO3 Core Affected Versions: 4.5.0 - 4.5.5 Release Date: September 14, 2011 Vulnerable subcomponent: Database API Vulnerability Type: SQL Injection Severity: Medium Suggested CVSS v2.0:...

Nmap NSE net: couchdb-stats

Gets database statistics from a CouchDB database. For more info about the CouchDB HTTP API and the statistics, see http://wiki.apache.org/couchdb/RuntimeStatistics and http://wiki.apache.org/couchdb/HTTPdatabaseAPI. SYNTAX: http.pipeline: If set, it represents the number of HTTP requests that'll ...

Design/Logic Flaw

Semantically-Interconnected Online Communities SIOC 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors...

SA-2008-064 - Node Vote - SQL injection vulnerability

The Node Vote module allows authorized users to vote on certain types of nodes. If the administrator has enabled the "Allow user to vote again" setting for the Node Vote module, malicious user can inject SQL when changing a previously cast vote. This is because Node Vote does not properly use the...

Sql injection

SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API...

CVE-2008-2850

SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API...

Sql injection

SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API...

SA-2008-037 - TrailScout - XSS and SQL injection

The TrailScout module displays a number of last visited pages as breadcrumbs. The module displays certain values without appropriate filtering. Malicious users with the permission to create posts are able to exploit this issue and insert arbitrary HTML and script code into pages. Such a cross sit...

mantis-poc.txt

--------------------------------------------------------------------------- Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2005 Location: Basque Country...

Mantis < 1.0.0rc2 Multiple Vulnerabilities

According to its banner, the version of Mantis on the remote host fails to sanitize user-supplied input to the 'gdbtype' parameter of the 'core/databaseapi.php' script. Provided PHP's 'registerglobals' setting is enabled, an attacker may be able to exploit this to connect to arbitrary databases a...