MusicBox 2.3 - 'cart.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/17149/info MusicBox is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful...

Oxynews - 'index.php' SQL Injection

source: https://www.securityfocus.com/bid/17132/info Oxynews is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

DSDownload 1.0 - Multiple SQL Injections

DSDownload 1.0 - Multiple SQL Injections source: https://www.securityfocus.com/bid/17116/info DSDownload is prone to multiple SQL-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in SQL queries. This will allow an attacker to inject arbitra...

DSDownload 1.0 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/17116/info DSDownload is prone to multiple SQL-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in SQL queries. This will allow an attacker to inject arbitrary SQL logic into the vulnerable paramete...

CVE-2006-1211

IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. NOTE: IBM has private...

CVE-2006-1211

IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 is vulnerable: it configures a MySQL database to allow connections from any source IP address using the ns account, enabling remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. The note indica...

DSCounter 1.2 - index.php SQL Injection

DSCounter 1.2 - index.php SQL Injection source: https://www.securityfocus.com/bid/17112/info DSCounter is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could...

CyBoards PHP Lite 1.211.25 - post.php SQL Injection

CyBoards PHP Lite 1.211.25 - post.php SQL Injection source: https://www.securityfocus.com/bid/17107/info CyBoards PHP Lite is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...

CyBoards PHP Lite 1.21/1.25 - 'post.php' SQL Injection

source: https://www.securityfocus.com/bid/17107/info CyBoards PHP Lite is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise...

[Full-disclosure] Remote access to NeuSecure/Netcool backend database via web interface credentials leakage

-= DDSi Security Report =- March 8th, 2006 --------------------------------------------------------------------------------------------------------- Another credentials leak was found in Netcool/NeuSecure Security Information Management platform which leads to remote backend database access with...

Symantec Ghost: Local access vulnerabilities in Database

SUMMARY Symantec engineers updated the db component to address three local access vulnerabilities discovered in the database installed with Symantec Ghost and the Central Management Console in Symantec Ghost Solutions Suite SGSS 1.0. Exploitation of any of these issues requires physical access to...

GLSA-200603-01 : WordPress: SQL injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200603-01 WordPress: SQL injection vulnerability Patrik Karlsson reported that WordPress 1.5.2 makes use of an insufficiently filtered User Agent string in SQL queries related to comments posting. This vulnerability was already...

WordPress: SQL injection vulnerability

Background WordPress is a PHP and MySQL based content management and publishing system. Description Patrik Karlsson reported that WordPress 1.5.2 makes use of an insufficiently filtered User Agent string in SQL queries related to comments posting. This vulnerability was already fixed in the...

VBZoom Forum 1.11 - 'show.php' MainID SQL Injection

source: https://www.securityfocus.com/bid/16955/info VBZooM Forum is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise t...

PluggedOut Nexus SQL injection

PluggedOut Nexus SQL injection Nexus is an open source script you can run on your web server to give you a community based website where people can register, search each others interests, and communicate with one another either through a private messaging system, or via chat requests and forums...

NZ eCommerce System - 'index.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/16931/info NZ Ecommerce is prone to multiple input-validation vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. A successful exploit could allow an attacker to compromise the application, access o...

DCI-Designs Dawaween 1.03 - 'Poems.php' SQL Injection

source: https://www.securityfocus.com/bid/16909/info Dawaween is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploits could allow a remote attacker to compromise the application, access or modify dat...

phpRPC Library Remote Code Execution

GulfTech Security Research February 26, 2006 Vendor : Robert Hoffman URL : http://sourceforge.net/projects/phprpc/ Version : phpRPC = 0.7 Risk : Remote Code Execution Description: phpRPC is meant to be an easy to use xmlrpc library. phpRPC is greatly simplified with the use of database/rpc-protoc...

MySQL 5.0.18 - Query Logging Bypass

source: https://www.securityfocus.com/bid/16850/info MySQL is prone to a query-logging-bypass vulnerability. This issue is due to a discrepancy between the handling of NULL bytes in the 'mysqlrealquery' function and in the query-logging functionality. This issue allows attackers to bypass the...

Fantastic News 2.1.1 - SQL Injection

source: https://www.securityfocus.com/bid/16842/info Fantastic News is prone to an SQL-injection vulnerability. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. Fantastic New...