CVE-2025-31920 WordPress WP Guppy <= 4.3.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AmentoTech WP Guppy allows SQL Injection. This issue affects WP Guppy: from n/a through 4.3.3...

CVE-2022-22338 IBM Sterling B2B Integrator Standard Edition SQL injection

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510...

CVE-2022-1375

Delta Electronics DIAEnergie All versions prior to 1.8.02.004 has a blind SQL injection vulnerability exists in DIAEslogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands...

A Deep Dive into Database Attacks [Part IV]: Delivery and Execution of Malicious Executables through SQL Commands (MySQL)

In a previous post we covered different techniques for execution of SQL and OS commands through Microsoft SQL server that can be used for delivering and executing malicious payloads on the target system. In this post we’ll discuss the same topic for MySQL database. Creating an executable directly...

A Deep Dive into Database Attacks [Part II]: Delivery and Execution of Malicious Executables through SQL commands (SQL Server)

An organization’s database servers are frequently the prime target of attackers. We recently started a new research project we named StickyDB to learn more about database hacking, primarily to understand common database attacks, tools and techniques engaged by attackers. To conduct this research,...

A Deep Dive into Database Attacks [Part I]: SQL Obfuscation

Today, data breaches are a threat to every organization. According to a report from Risk Based Security covering the first half of 2017, over 6 billion records were exposed through 2,227 publicly-disclosed data breaches. The number of exposed records is already higher than the previous all-time...

PAFileDB 1.1.3/2.1.1/3.0/3.1 - Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/13967/info paFileDB is prone to multiple input validation vulnerabilities. The following issues are reported: Multiple SQL injection issues exist in paFileDB. The impact of these issues will vary depending on features...

PAFileDB 1.1.3/2.1.1/3.0/3.1 viewall.php start Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/12788/info Multiple SQL injection and cross-site scripting vulnerabilities exist in paFileDB. These issues are reported to exist in the 'viewall.php' and 'category.php' scripts. Exploitation of these issues may allow for...

phProfession 2.5 modules.php jcode Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were reported. Exploitation o...

phProfession 2.5 upload.php Direct Request Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were reported. Exploitation o...

Super Simple Blog Script entry Parameter SQL Injection

The remote Super Simple Blog Script install hosted on the remote web server is affected by a SQL injection vulnerability because its 'comments.php' script does not properly sanitize input to the 'entry' parameter before using it a database query. Regardless of PHP's 'magicquotesgpc' setting, an...

CMS Source - Multiple Input Validation Vulnerabilities

CMS Source - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/42437/info CMS Source is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, SQL-injection...

TaskFreak! loadByKey() SQL Injection

The version of TaskFreak installed on the remote host includes a version of the Tirzen Framework that fails to sanitize input to the 'loadByKey' function in the TznDbConnection class before using it in database queries. An unauthenticated, remote attacker can leverage this issue to launch a SQL...

Kevvie Fowler on SQL Injection Attacks and Securing Your Data

Dennis Fisher talks with Kevvie Fowler, director of security services at TELUS, about SQL injection attacks, the difficulty of identifying and recovering from database attacks and the value of locking down your data. Podcast audio courtesy of sykboy65 Download Subscribe to the Digital Underground...

Pligg evb/check_url.php url Parameter SQL Injection

The remote host is running Pligg, an open source content management system. The installed version of Pligg fails to sanitize user-supplied input to the 'url' parameter of the 'evb/checkurl.php' script before using it to construct database queries. Provided PHP's 'magicquotesgpc' setting is...

Cyberstrong eShop SQL Injection Vulnerabilities

The remote host is running Cyberstrong eShop, a shopping cart written in ASP. The remote version of this software contains several input validation flaws leading to SQL injection vulnerabilities. An attacker may exploit these flaws to affect database queries, possibly resulting in disclosure of...

Kayako Live Response 2.0 - &#039;index.php?Username&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/14425/info Kayako LiveResponse is prone to multiple cross-site scripting, SQL injection, and HTML injection vulnerabilties. These issues are all related to input validation errors. The cross-site scripting and HTML injection vulnerabilities may allow for...

DUpaypal Pro Multiple Scripts SQL Injection

The remote host is running DUpaypal Pro, an ASP-based storefront from DUware for Paypal. The installed version of DUpaypal Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database queries,...

UBB.threads < 6.5.2 Beta 2 XSS / SQL Injection

Binary data 3032.prm...

PAFileDB 1.1.3/2.1.1/3.0/3.1 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/13967/info paFileDB is prone to multiple input validation vulnerabilities. The following issues are reported: Multiple SQL injection issues exist in paFileDB. The impact of these issues will vary depending on features supported by the database...