Dragon Internet Events Listing 2.0.01 - event_searchdetail.asp?ID SQL Injection

Dragon Internet Events Listing 2.0.01 - eventsearchdetail.asp?ID SQL Injection source: https://www.securityfocus.com/bid/21098/info Dragon Event Listing is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an...

eNM-0.0.1.txt

easy notes manager eNM version 0.0.1, available at http://217.172.179.216/evandor/html/index.php?id=103 is affected by multiple sql injection vulnerability due to a missing check of the user supplied input. An attacker can bypass the authentication procedure and get a full dump of the database...

PHP Classifieds catid_search及catid变量远程SQL注入漏洞

PHP Classifieds是一款基于WEB的PHP编写的目录分类程序。 PHP Classifieds对用户提交给的参数缺少正确充分的过滤，远程攻击者可以利用此漏洞非授权操作数据库。 PHP Classifieds的index.php和search.php脚本对用户提交catidsearch或catid参数数据缺少充分过滤，远程攻击者可以通过在输入数据中插入特定的SQL命令来非授权获取对数据库的访问。 DeltaScripts PHP Classifieds = 7.1 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

XOOPS myAds Module - lid SQL Injection

XOOPS myAds Module - lid SQL Injection Xoops myAds module SQL-Injection Discovered: KeyCoder Visit : www.grisapka.org Contact: [email protected] Thanx: SecretlyX-BeLa --------------------------------------- Details : Xoops myAds module SQL-Injection Vulnerability Website : http://www.xoops.org/...

Symantec Sygate Management Server (login) SQL Injection Exploit

Exploit for cgi platform in category web applications =============================================================== Symantec Sygate Management Server login SQL Injection Exploit =============================================================== This file is part of the Metasploit Framework and may...

Symantec Sygate Management Server - LOGIN SQL Injection (Metasploit)

Symantec Sygate Management Server - LOGIN SQL Injection Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core...

Symantec Sygate Management Server - 'LOGIN' SQL Injection (Metasploit)

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...

[Full-disclosure] Remote access to NeuSecure/Netcool backend database via web interface credentials leakage

-= DDSi Security Report =- March 8th, 2006 --------------------------------------------------------------------------------------------------------- Another credentials leak was found in Netcool/NeuSecure Security Information Management platform which leads to remote backend database access with...

Ubuntu 4.10 / 5.04 / 5.10 : libgda2 vulnerability (USN-212-1)

Steve Kemp discovered two format string vulnerabilities in the logging handler of the Gnome database access library. Depending on the application that uses the library, this could have been exploited to execute arbitrary code with the permission of the user running the application. Note that...

PT-2005-5482 · Unknown · Land Down Under

Name of the Vulnerable Software and Affected Versions: Land Down Under LDU versions v801 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via parameters including 1 the m parameter in "auth.php", 2 the f parameter in "events.php", ...

CVE-2005-4371

Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb...

PHPWebThings 1.4 - download.php?File SQL Injection

PHPWebThings 1.4 - download.php?File SQL Injection source: https://www.securityfocus.com/bid/15399/info phpWebThings is prone to an SQL injection vulnerability. This is an input validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure an...

ActiveCampaign 1-2-All Broadcast Email 4.0 - Admin Control Panel Username SQL Injection

ActiveCampaign 1-2-All Broadcast Email 4.0 - Admin Control Panel Username SQL Injection source: https://www.securityfocus.com/bid/15400/info ActiveCampaign 1-2-All Broadcast Email is prone to an SQL-injection vulnerability. This is an input-validation issue related to data that will be used in SQ...

ActiveCampaign 1-2-All Broadcast Email 4.0 - Admin Control Panel 'Username' SQL Injection

source: https://www.securityfocus.com/bid/15400/info ActiveCampaign 1-2-All Broadcast Email is prone to an SQL-injection vulnerability. This is an input-validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query...

PHPWebThings 1.4 - 'download.php?File' SQL Injection

source: https://www.securityfocus.com/bid/15399/info phpWebThings is prone to an SQL injection vulnerability. This is an input validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query. It is likely that the issue cou...

CVE-2005-3209

Aenovo products 1 aeNovo, 2 aeNovoShop, and 3 aeNovoWYSI store password information in plaintext in the a control, b content, and c page tables, which allows attackers with database access to obtain those passwords and gain privileges...

CVE-2005-3209

Aenovo products 1 aeNovo, 2 aeNovoShop, and 3 aeNovoWYSI store password information in plaintext in the a control, b content, and c page tables, which allows attackers with database access to obtain those passwords and gain privileges...

Cyphor 0.19 - footer.php?t_login Cross-Site Scripting

Cyphor 0.19 - footer.php?tlogin Cross-Site Scripting source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to...

Cyphor 0.19 - newmsg.php?fid SQL Injection

Cyphor 0.19 - newmsg.php?fid SQL Injection source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data...

Cyphor 0.19 - 'newmsg.php?fid' SQL Injection

source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible...