Levent Veysi Portal 1.0 - Oku.asp SQL Injection

Levent Veysi Portal 1.0 - Oku.asp SQL Injection source: https://www.securityfocus.com/bid/24794/info Levent Veysi Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue by...

Code injection

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...

CVE-2007-3494

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...

PHPAccounts 0.5 - index.php Multiple SQL Injections

PHPAccounts 0.5 - index.php Multiple SQL Injections source: https://www.securityfocus.com/bid/24574/info PHP Accounts is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow ...

PT-2007-4557 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 8.1 and later Description: The issue allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries. This is possible when local trust authentication is enabled and the Database Link library dblink ...

JFFNms 0.8.3 - 'admin/adm/test.php' PHP Information Disclosure

source: https://www.securityfocus.com/bid/24414/info Just For Fun Network Management and Monitoring System JFFNMS is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure issues. An attacker can exploit these...

JFFNms 0.8.3 - 'auth.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/24414/info Just For Fun Network Management and Monitoring System JFFNMS is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure issues. An attacker can exploit these...

JFFNms 0.8.3 - 'auth.php?user' Cross-Site Scripting

source: https://www.securityfocus.com/bid/24414/info Just For Fun Network Management and Monitoring System JFFNMS is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure issues. An attacker can exploit these...

CA CleverPath Portal远程SQL注入漏洞

CleverPath Portal是一个安全、可扩展的企业信息门户，提供一个协作环境以及信息、应用和Web内容的整合视图。 CleverPath Portal在处理用户请求时存在输入验证漏洞，远程攻击者可能利用此漏洞非授权访问数据库。 CleverPath Portal没有正确验证轻型搜索中的ofinterest参数及高级搜索中的description参数，如果攻击者修改了搜索URL中的上述参数的话，就可能导致发送非预期的数据库查询，检索整个数据库内容，具体取决于用户权限。 Computer Associates eTrust Security Command Center r8...

mysql-server create database privilege escalation

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions...

Ability to inject and execute any code as root in SysCP

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The System Control Panel www.SysCP.org -= Security Advisory =- Advisory: Ability to inject and execute any code as root in SysCP Release Date: 2007/02/02 Last Modified: 2007/02/07 Author: Florian Lippert [email protected] Application: SysCP =...

CVE-2007-0555

PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service server crash and possibly access...

Code injection

PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service server crash and possibly access...

Memory corruption

The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 does not verify that a table is compatible with a "previously made query plan," which allows remote authenticated users to cause a denial of service server crash and possibly access database content via an "ALTE...

CVE-2007-0555

PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, 8.1 before 8.1.7, and 8.2 before 8.2.2 allows attackers to disable certain checks for the data types of SQL function arguments, which allows remote authenticated users to cause a denial of service server crash and possibly access...

Improper access control

Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD...

Information disclosure

M-Core stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to db/uyelik.mdb...

CVE-2007-0149

EMembersPro 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for users.mdb...

CVE-2006-6289

Woltlab Burning Board wBB Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbbuserid parameter to the top-level URI...

PhotoCart 3.9 (adminprint.php) Remote File Include Vulnerability

PhotoCart 3.9 adminprint.php Remote File Include Vulnerability Script site: http://www.picturespro.com/store/programs/129-photocart.html Dork : inurl :/PhotoCart/ Bug Found By : irvian GreetZ: jipank,kacung,trangkil,ibnusina,cah|gemblunkz,zoid Special greetz: patihack hitamputih nyubicrew bug fou...