More and More SQL injection on PHP-Nuke 6.5.

/----------------------------------------------------------------------------- | 7 A 6 9 - A d v C: 011 |-----------------------------------------------------------------------------| | | PHP-Nuke SQL injection | -----------------------------------------------------------------------------/ |...

Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)

/----------------------------------------------------------------------------- | 7 A 6 9 - A d v C: 010 |-----------------------------------------------------------------------------| | | PHP-Nuke SQL injection | -----------------------------------------------------------------------------/ |...

Web Wiz Forum 6.34 - Information Disclosure

Web Wiz Forum 6.34 - Information Disclosure source: https://www.securityfocus.com/bid/7380/info Web Wiz Forum has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Forum...

CVE-2002-1421

SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via 1 report.php, 2 selmsg.php, and 3 showposts.php...

CVE-2002-1499

Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via 1 the authornumber parameter in author.asp, 2 the discussblurbid parameter in discuss.asp, 3 the name parameter in holdcomment.asp, and 4 the email parameter in...

Adcycle build.cgi Remote Password Disclosure

The CGI 'build.cgi' is installed. This CGI has a well known security flaw that lets an attacker obtain the password of the remote AdCycle database or delete databases. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

phpESP (php Easy Survey Package)

Product : phpESP php Easy Survey Package Version : 1.11 WebSite : http://acm.jhu.edu Problem : Access in dbase Description: ------------ In admin directory exist file phpEST.ini if we look this file we can see database dbpassword, dblogin, dbhost, dbname and other private info. phpESP.ini...

CVE-2002-1421

SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via 1 report.php, 2 selmsg.php, and 3 showposts.php...

SimpleBBS users disclosure

The remote installation of SimpleChat allows an unauthenticated, remote attacker to retrieve its user database via a direct request to 'data/usr', which contains confidential information such as user passwords. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

web-erp 0.1.4 database access vulnerability

================================== Security REPORT web-erp 0.1.4 and earlier ================================== Product: web-erp 0.1.4 and earlier Vulnerabilities: full database access Vendor: Phil Daintree http://web-erp.sourceforge.net/ Vendor-Status: E-Mail to "[email protected]" date:...

PHP-Nuke 5.6/6.0 - Search Engine SQL Injection

source: https://www.securityfocus.com/bid/6887/info It has been reported that the search module distributed with PHPNuke is vulnerable to an SQL injection attack. PHPNuke, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result,...

PHPBB2 - 'Page_Header.php' SQL Injection

source: https://www.securityfocus.com/bid/6888/info A SQL injection vulnerability has been reported in phpBB2. phpBB2, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulat...

CVE-2003-0025

Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as checkprefs in db.pgsql, as demonstrated using mailbox.php3...

IMP 2.x SQL injection vulnerabilities

IMP is a popular webmail package written in PHP. It ships with some UNIX systems and is also used on Windows servers. The version 2 of the program contains some SQL injection flaws which allow any remote user to access the webmail system's database. Valid user authentication is not required in...

CVE-2002-0922

CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to 1 default%2edb or 2 default%2edb.style, or remote authenticated users to perform administrative actions via 3 a database parameter set to default%2edb...

CVE-2002-0999

Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations...

AdCycle does not adequately validate user input thereby allowing for SQL injection

Overview AdCycle does not adequately filter user input, allowing remote attackers to execute arbitrary MySQL queries. Description AdCycle is a shareware banner ad management system written in Perl and designed to work with a MySQL database. AdCycle does not adequately filter multiple unspecified...

DB4Web 3.4/3.6 - File Disclosure

source: https://www.securityfocus.com/bid/5723/info DB4Web is an application server that allows read and write access to relational databases and other information sources, via the web. The application is available for Windows, Linux, and various Unix platforms. A directory traversal bug exists i...

CVE-2002-1110

Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, when running without magicquotesgpc enabled, allows remote attackers to gain privileges or perform unauthorized database operations via modified form fields, e.g. to accountupdate.php...

CVE-2002-0999

Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations...