313 matches found
CVE-2000-1232
The CVE-2000-1232 entry concerns Phorum 3.0.7, where upgrade.php3 could allow remote attackers to modify certain Phorum database tables via an unknown method. The connected documents confirm the affected product/version and the basic impact (unauthorized modification of database tables), but they...
CJ Ultra Plus 1.0.3/1.0.4 - 'OUT.php' SQL Injection
source: https://www.securityfocus.com/bid/13533/info CJ Ultra Plus is prone to an SQL injection vulnerability. This issue affects the 'out.php' script and could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks...
CubeCart 2.0.x - tellafriend.php?product Full Path Disclosure
CubeCart 2.0.x - tellafriend.php?product Full Path Disclosure source: https://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in...
CVE-2002-1242
SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php...
CVE-2002-1505
SQL injection vulnerability in board.php for WoltLab Burning Board wBB 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter...
CVE-2002-1505
CVE-2002-1505 documents a SQL injection in the WoltLab Burning Board (wBB) 2.0 RC 1 and earlier. The vulnerability is in the board.php handler, exploitable via the boardid parameter, allowing remote attackers to modify the database and potentially gain privileges. This is supported by multiple so...
INL ulog-php port.php proto Parameter SQL Injection
The remote host is running ulog-php, a firewall log analysis interface written in PHP. There is a SQL injection vulnerability in the remote interface, in the 'port.php' script that may allow an attacker to insert arbitrary SQL statements into the remote database. An attacker may exploit this flaw...
CVE-2002-1242
SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php...
CVE-2001-1224
getinput in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack...
CVE-2001-1224
The CVE-2001-1224 entry concerns Les VanBrunt AdRotate Pro 2.0. The vulnerability is in get_input within adrotate.pm, allowing remote attackers to modify the database and potentially execute arbitrary commands via a SQL injection attack. This constitutes a client/server impact on data integrity a...
Vulnerabilities in Informix Webdriver
Webdriver is the web interface of Informix database,I found it is vulnerable.In the common condition,webdriver is submitted with a parameter,but if you type http://victim/cgi-bin/webdriver directly, It will return a webpage which you can modify or delete database on it. Otherwise, webdriver will...
CVE-2000-0627
BlackBoard CourseInfo 4.0 is affected by an authentication flaw that allows local users to modify CourseInfo database information and gain privileges by directly calling supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl. The provided documents do not include remediati...
Blackboard Courseinfo v4.0 User Authentication
Apparently Courseinfo or at least the implementation I was playing with has no user authentication, meaning that anyone can force feed their own form values and Perl with merrily modify the database. So for instance running: all form input is in caps for readability...