SQL Servers Unauthorized Commands SQL Injection

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

SQL Servers SQL Injection Evasion Techniques

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities

Overview ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web ParameterIt has been reported that the 'Properties.do?name=' module is vulnerable to an ‘unauthorized function call’ caused by server failing to...

CVE-2012-2358

CVE-2012-2358 affects Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3. A remote authenticated user can bypass an activity’s read-only state and modify the database by leveraging the student role to edit existing database activity entries. The provided documents do not specif...

NetArt Media Car Portal SQLi Vulnerability

NetArt Media Car Portal is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CGI Generic XML Injection

By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was able to get a very different response, which suggests that it may have been able to modify the behavior of the application and directly access a SOAP back-end. An attacker may be able to...

PT-2009-5434 · Symantec · Symantec Altiris Deployment Solution

Name of the Vulnerable Software and Affected Versions: Symantec Altiris Deployment Solution versions 6.9.x before 6.9 SP3 Build 430 Description: The issue is related to improper access restriction to the listening port for the DBManager service. This allows remote attackers to bypass authenticati...

Simple Machines Forum SQL Injection Vulnerability

The host is installed with Simple Machines Forum and is prone to SQL Injection Vulnerability. OpenVAS Vulnerability Test $Id: secpodsimplemachinesforumsqlinjvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ Simple Machines Forum SQL Injection Vulnerability Authors: Nikita MR Copyright: Copyright c 200...

CVE-2008-6532

Multiple cross-site request forgery CSRF vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modif...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modif...

CVE-2008-6532

Multiple cross-site request forgery CSRF vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modif...

phpBB Mod FileBase 2.0 - 'id' SQL Injection

--==+================================================================================+==-- --==+ phpBB MOD FileBase SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: N/A DORK:...

ImageAlbum 2.0.0b2 - id SQL Injection

ImageAlbum 2.0.0b2 - id SQL Injection ImageAlbum Remote SQL Injection Vulnerabilities ------------------------------------------------------------------------- Product: ImageAlbum Version: Latest 2.0.0b2, others not tested Vendor: http://imagealbum.sourceforge.net/ Date: 01/10/08 - Introduction...

ImageAlbum 2.0.0b2 - 'id' SQL Injection

ImageAlbum Remote SQL Injection Vulnerabilities ------------------------------------------------------------------------- Product: ImageAlbum Version: Latest 2.0.0b2, others not tested Vendor: http://imagealbum.sourceforge.net/ Date: 01/10/08 - Introduction ImageAlbum is a web application written...

Double free

Double free vulnerability in the GSS-API library lib/gssapi/krb5/k5unseal.c, as used by the Kerberos administration daemon kadmind in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSECGSS RPC library, allows remote authenticated users to execute arbitrary code...

CVE-2007-1216

CVE-2007-1216 is a double-free vulnerability in the MIT Kerberos 5 GSS-API library (libgssapi/krb5/k5unseal.c) used by kadmind, exploitable when the RPCSEC_GSS authentication method is involved. It affects MIT krb5 prior to version 1.6.1, enabling remote authenticated users to execute arbitrary c...

Website Baker Admin Login SQL Injection

The remote host is running Website Baker, a PHP-based content management system. The installed version of Website Baker fails to validate user input to the username parameter of the 'admin/login/index.php' script before using it to generate database queries. An unauthenticated attacker can levera...

MyBulletinBoard (MyBB) 1.0 - 'usercp.php' SQL Injection

source: https://www.securityfocus.com/bid/15204/info MyBulletinBoard is prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could...

aspReadySQL.txt

The free, open source project called "aspReady FAQ" is open for SQL-injection. This results is admin access with the ability change/delete the entire database. An example on SQL-inject that works could be: 1'or'1'='1 After doing a google search, I've found out that some companies are actually usi...

CVE-2004-2324

DotNetNuke (formerly IBuySpy Workshop) 1.0.6–1.0.10d is affected by an SQL injection vulnerability in LinkClick.aspx, exploitable via the (1) table and (2) field parameters to modify the backend database. The vulnerability allows remote attackers to alter database contents. Documents do not provi...