8980 matches found
JGS-Portal 3.0.1/3.0.2 - 'jgs_portal_viewsgraf.php?tag' SQL Injection
source: https://www.securityfocus.com/bid/13650/info JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of the SQL injection issues could...
CVE-2005-1495
CVE-2005-1495 affects Oracle Database 9i/10g where Fine Grained Auditing (FGA) is disabled after the SYS user executes a SELECT on an FGA object, making detection harder and enabling potential evasion of auditing. The available documents describe the vulnerability and its impact but do not provid...
Advanced Guestbook index.php entry Parameter SQL Injection
The remote host is running Advanced Guestbook - a guestbook written in PHP. The remote version of this software contains an input validation flaw leading to a SQL injection vulnerability. An attacker may exploit this flaw to execute arbitrary commands against the remote database. %NASLMINLEVEL...
Advanced Guestbook 2.3.12.4 - index.php?Entry SQL Injection
Advanced Guestbook 2.3.12.4 - index.php?Entry SQL Injection source: https://www.securityfocus.com/bid/13548/info Advanced Guestbook is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allo...
MidiCart PHP - Item_Show.php?Code_No SQL Injection
MidiCart PHP - ItemShow.php?CodeNo SQL Injection source: https://www.securityfocus.com/bid/13515/info MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
MidiCart PHP - 'Search_List.php?SearchString' SQL Injection
source: https://www.securityfocus.com/bid/13512/info MidiCart PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...
LDAP authentication falls back to database check when password is incorrect
If a user is present in LDAP, but the entered password is incorrect, JIRA ought to immediately fail to authenticate them. Instead in 3.2-beta it delegates to the database, and checks the password there...
LDAP authentication falls back to database check when password is incorrect
If a user is present in LDAP, but the entered password is incorrect, JIRA ought to immediately fail to authenticate them. Instead in 3.2-beta it delegates to the database, and checks the password there...
LDAP authentication falls back to database check when password is incorrect
If a user is present in LDAP, but the entered password is incorrect, JIRA ought to immediately fail to authenticate them. Instead in 3.2-beta it delegates to the database, and checks the password there...
CVE-2005-1427
Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb...
CVE-2005-1427
Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb...
CVE-2005-0820
Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name...
Maxwebportal 1.3 - 'dl_toprated.asp' SQL Injection
source: https://www.securityfocus.com/bid/13466/info MaxWebPortal is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in...
Keyvan1 ImageGallery - Database Disclosure
Keyvan1 ImageGallery - Database Disclosure source: https://www.securityfocus.com/bid/13630/info Keyvan1 ImageGallery is prone to an access validation vulnerability that could allow the underlying database to be downloaded. http://www.example.com/path/image.mdb...
MetaCart2 - IntCatalogID SQL Injection
MetaCart2 - IntCatalogID SQL Injection source: https://www.securityfocus.com/bid/13382/info A remote SQL-injection vulnerability affects MetaCart2 because the application fails to properly sanitize user-supplied input before including it in SQL queries. An attacker may exploit this issue to...
MetaCart2 - 'StrSubCatalogID' SQL Injection
source: https://www.securityfocus.com/bid/13383/info A remote SQL injection vulnerability affects MetaCart2. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may exploit this issue to manipulate SQL querie...
eGroupWare: XSS and SQL injection vulnerabilities
Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description Multiple SQL injection and cross-site scripting vulnerabilities have been found in several eGroupWare modules. Impact An attacker could possibly use the SQL injectio...
StorePortal 2.63 - 'default.asp' Multiple SQL Injections
source: https://www.securityfocus.com/bid/13358/info StorePortal is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise o...
GLSA-200504-24 : eGroupWare: XSS and SQL injection vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200504-24 eGroupWare: XSS and SQL injection vulnerabilities Multiple SQL injection and cross-site scripting vulnerabilities have been found in several eGroupWare modules. Impact : An attacker could possibly use the SQL injection...
CartWIZ 1.10 - ProductCatalogSubCats.asp SQL Injection
CartWIZ 1.10 - ProductCatalogSubCats.asp SQL Injection source: https://www.securityfocus.com/bid/13331/info CartWIZ is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to utilizing the data in an SQL query...