Lucene search
K

1392 matches found

Tenable Nessus
Tenable Nessus
added 2007/04/06 12:0 a.m.23 views

XOOPS Jobs Module index.php cid Parameter SQL Injection

The remote host is running the Jobs module, a third-party module for XOOPS. The version of this module installed on the remote host fails to properly sanitize user-supplied input to the 'cid' parameter of the 'modules/jobs/index.php' script before using it to build a database query. Regardless of...

7.5CVSS5.6AI score0.02879EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2007/03/01 12:0 a.m.24 views

OrangeHRM < 2.1 alpha 5 login.php txtUserName Parameter SQL Injection

Binary data 3928.prm...

9.3CVSS7.3AI score0.01272EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2006/09/19 12:0 a.m.22 views

MyReview Admin.php email Parameter SQL Injection

The remote host is running MyReview, an open source paper submission and review web application. The version of MyReview installed on the remote host fails to properly sanitize input to the 'email' parameter before using it in the 'GetMember' function in a database query. Regardless of PHP's...

7.5CVSS5.6AI score0.01086EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2006/08/17 12:0 a.m.28 views

Owl Intranet Engine < 0.91 Multiple Vulnerabilities

Binary data 3729.prm...

7.5CVSS7.3AI score0.01308EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2006/08/17 12:0 a.m.27 views

Owl Intranet Engine <= 0.91 Multiple Vulnerabilities

The remote host is running Owl Intranet Engine, a web-based document management system written in PHP. The version of Owl Intranet Engine on the remote host fails to sanitize input to the session id cookie before using it in a database query. Provided PHP's 'magicquotesgpc' setting is disabled, a...

7.5CVSS5.4AI score0.01308EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2006/07/25 12:0 a.m.24 views

Loudblog index.php id Parameter SQL Injection

The remote host is running Loudblog, a PHP application for publishing podcasts and similar media files. The version of Loudblog installed on the remote host fails to sanitize input to the 'id' parameter of the 'index.php' script before using it in a database query. This may allow an unauthenticat...

7.5CVSS5.6AI score0.02083EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2006/07/17 12:0 a.m.73 views

MyBB HTTP Header 'CLIENT-IP' Field SQLi

The version of MyBB installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'CLIENT-IP' request header before using it in a database query when initiating a session in the inc/classsession.php script. A remote attacker c...

7.5CVSS5.8AI score0.02436EPSS
Exploits1References4
Cvelist
Cvelist
added 2006/03/28 11:0 a.m.29 views

CVE-2005-4744

Off-by-one error in the sqlerror function in sqlunixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service crash and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single...

7.4AI score0.04381EPSS
Exploits0References15
UbuntuCve
UbuntuCve
added 2005/12/31 5:0 a.m.19 views

CVE-2005-4744

Off-by-one error in the sqlerror function in sqlunixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service crash and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single...

6.4CVSS6AI score0.04381EPSS
Exploits0References1
exploitpack
exploitpack
added 2005/12/12 12:0 a.m.8 views

LocazoList Classifieds 1.0 - SearchDB.asp Input Validation

LocazoList Classifieds 1.0 - SearchDB.asp Input Validation source: https://www.securityfocus.com/bid/15812/info LocazoList Classifieds is prone to an input validation vulnerability that allows cross-site scripting and SQL injection attacks. An attacker may leverage this issue to have arbitrary...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/12/05 12:0 a.m.6 views

Relative Real Estate Systems 1.2 - SQL Injection

Relative Real Estate Systems 1.2 - SQL Injection source: https://www.securityfocus.com/bid/15714/info Relative Real Estate Systems is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script befor...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2005/11/05 12:0 a.m.31 views

Widget Property 1.1.19 - &#039;Property.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/15701/info Widget Press Widget Property is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'property.php' script before using it in an SQL query. This vulnerability...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2005/07/12 12:0 a.m.5 views

PT-2005-3150 · Dragonfly · Dragonfly Commerce

Name of the Vulnerable Software and Affected Versions: Dragonfly Commerce versions affected versions not specified Description: The issue allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via several parameters, including the key parameter to "dc...

7.5CVSS8.5AI score0.01141EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/04/29 12:0 a.m.25 views

phpCOIN <= 1.2.2 Multiple SQL Injection Vulnerabilities

The remote host is running phpCOIN version 1.2.2 or older. These versions suffer from several SQL injection vulnerabilities due to their failure to properly sanitize input to the 'search' parameter of the 'index.php' script, the 'phpcoinsessid' parameter of the 'login.php' script and the 'id',...

7.5CVSS5.9AI score0.02732EPSS
Exploits1References3
securityvulns
securityvulns
added 2005/03/07 12:0 a.m.95 views

wfsections 1.07 advisory

Program: wfsections Verion: 1.07 Bug Type: SQL Injection Bug Discription: ================================= In file class/wfsfiles.php, we can see this function: //START function getAllbyArticle$articleid $db =& Database::getInstance; $table = $db-prefix"wfsfiles"; $ret = array; $sql = "SELECT FR...

7.8AI score
Exploits0
exploitpack
exploitpack
added 2004/12/22 12:0 a.m.13 views

2BGal 2.5.1 - SQL Injection

2BGal 2.5.1 - SQL Injection source: https://www.securityfocus.com/bid/12083/info A remote SQL injection vulnerability reportedly affects 2Bgal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacker may leverag...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2004/11/20 12:0 a.m.10 views

IPBProArcade 2.5 - SQL Injection

IPBProArcade 2.5 - SQL Injection source: https://www.securityfocus.com/bid/11719/info A remote SQL injection vulnerability reportedly affects ipbProArcade. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacker...

Exploits0
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.10 views

Simple Machines Forum %lt; 1.1.4 / 1.0.12 SQL Injection

Binary data 4574.prm...

7.3AI score
Exploits0References1
exploitpack
exploitpack
added 2004/07/29 12:0 a.m.14 views

Jaws 0.20.30.4 - ControlPanel.php SQL Injection

Jaws 0.20.30.4 - ControlPanel.php SQL Injection source: https://www.securityfocus.com/bid/10826/info JAWS is reportedly affected by a remote SQL injection vulnerability. This issue occurs in the controlpanel.php script due to a failure of the application to properly sanitize user-supplied URI...

0.2AI score
Exploits0
NVD
NVD
added 2004/06/01 4:0 a.m.19 views

CVE-2004-0197

Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query...

7.5CVSS7.7AI score0.26263EPSS
Exploits0References6
Rows per page
Query Builder