74 matches found
Generic HTTP SQLi (Web Application) - Active Check
This script attempts to use SQL injection SQLi techniques on CGI / web application scripts. SPDX-FileCopyrightText: 2002 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Psychoblogger SQL Injection
Psychoblogger is prone to an SQL injection vulnerability. SPDX-FileCopyrightText: 2003 Noam Rathaus Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
phpDEV5 - Remote Default Insecure Users
phpDEV5 - Remote Default Insecure Users ------------------------------------------------------------------------ PHPDev5 Remote Insecure Default Users & Passwords vuln. By : Ali7 e-mail : [email protected] date : 09-03-2k5 greetz : all my friends ; AlkaeN ; s4a.cc boyz ; Target : PHPDev 5 URL :...
Invision Power Board ibProArcade Module index.php cat Parameter SQL Injection
The installation of Invision Power Board on the remote host includes an optional module, named 'Arcade', that allows unauthorized users to inject SQL commands into the remote SQL database through the 'cat' parameter. An attacker may use this flaw to gain control of the remote database and possibl...
Invision Power Board sources/post.php qpid Parameter SQL Injection
The version of Invision Power Board on the remote host suffers from a flaw in 'sources/post.php' that allows injection of SQL commands into the remote SQL database. An attacker may use this flaw to gain control of the remote database and possibly to overwrite files on the remote host. %NASLMINLEV...
Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS)
The remote host is running the Comersus Shopping Cart Software. There is a flaw in this interface that allows an attacker to log in as any user by using a SQL injection flaw in the code of comersusbackofficelogin.php. An attacker may use this flaw to gain unauthorized access on this host, or to...
Invision Power Board ssi.php f Parameter SQL Injection
A vulnerability exists in the version of Invision Power Board on the remote host such that unauthorized users can inject SQL commands through the 'ssi.php' script. An attacker may use this flaw to gain the control of the remote database. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. From:...
Oracle Database 9i Multiple Functions Local Overflow
The remote Oracle Database, according to its version number, is vulnerable to a buffer overflow in the query SET TIMEZONE. An attacker with a database account may use this flaw to gain the control on the whole database, or even to obtain a shell on this host. %NASLMINLEVEL 70300 C Tenable Network...
phpWebSite < 0.9.x Multiple Vulnerabilities
There are multiple flaws in the remote version of phpWebSite that may allow an attacker to gain the control of the remote database, or to disable this site entirely. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...
paFileDB pafiledb.php Multiple Parameter SQL Injection
The remote installation of paFileDB is vulnerable to SQL injection attacks because of its failure to sanitize input to the 'id' and 'rating' parameters to the 'pafiledb.php' script. An attacker may use this flaw to control your database. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Date:...
Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)
NGSSoftware Insight Security Research Advisory Name: Microsoft SQL Server Webtasks privilege elevation Systems: Microsoft SQL Server 2000 and 7 Severity: High Risk Vendor URL: http://www.microsoft.com/ Author: David Litchfield [email protected] Advisory URL:...
Advisory CA-2001-16
-----BEGIN PGP SIGNED MESSAGE----- CERT Advisory CA-2001-16 Oracle 8i contains buffer overflow in TNS listener Original release date: July 03, 2001 Last revised: -- Source: CERT/CC A complete revision history is at the end of this file. Systems Affected Systems running Oracle 8i Overview A...
Oracle 8i contains buffer overflow in TNS Listener
Overview A vulnerability in Oracle 8i allows intruders to assume control of the database server and/or the operating system on which the database server is running, depending on the platform used. Description The COVERT labs at PGP Security have discovered a buffer overflow vulnerability in Oracl...
Borland/Inprise Interbase 4.0/5.0/6.0 - Backdoor Password
source: https://www.securityfocus.com/bid/2192/info Interbase is an open source relational database offered by Borland Inprise Corporation. Interbase contains a backdoor user account and password called "LOCKSMITH". When accessed this account will eliminate all implemented security allowing full...