CVE-2014-3773

CVE-2014-3773 concerns TeamPass prior to version 2.1.20, with multiple SQL injection vulnerabilities exposed through various parameters in the web interface. The affected components include sources/main.queries.php (login-related actions: send_pw_by_email, generate_new_password) and data handling...

Sql injection

SQL injection vulnerability in the getactivesession function in the KTAPIUserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function...

CVE-2013-7369

SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure...

Sql injection

SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page...

CVE-2012-6039

SQL injection vulnerability in viewcomments.php in YABSoft Advanced Image Hosting AIH Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter...

Sql injection

SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter...

CVE-2012-5910

CVE-2012-5910 is a SQL injection in blogs/htsrv/viewfile.php of b2evolution 4.1.3. An authenticated remote user can inject SQL via the root parameter to execute arbitrary commands. Impact is partial confidentiality/integrity/availability as stated; attack vector is web-based with single-privilege...

CVE-2012-5327

Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 deleteusrgrp parameter in a deleteusergroups action, 2 usergroup paramete...

CVE-2012-3468

CVE-2012-3468 affects the Ushahidi Platform prior to 2.5. The vulnerability tier is high (CVSS v2 base score 7.5) and stems from multiple SQL injection weaknesses in specific code paths: (1) verify() in application/controllers/alerts.php, (2) save_all() in application/models/settings.php, and (3)...

CVE-2012-0980

SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter...

CVE-2011-1653

Multiple SQL injection vulnerabilities in the Unified Network Control UNC Server in CA Total Defense TD r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the 1 UnAssignFunctionalRoles, 2 UnassignAdminRoles, 3 DeleteFilter, 4 NonAssignedUserList, 5...

Sql injection

Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the 1 findfid, 2 id, 3 selectfcat, 4 selectfmon, or 5 selectftag parameter in an images action...

CVE-2010-1904

RSA Key Manager (RKM) C Client 1.5.x is vulnerable to SQL injection via the metadata in encrypted data, allowing an attacker to manipulate the KeyTable/config caching data and potentially modify or delete encryption keys. The vulnerability arises from improper validation of metadata during key lo...

Sql injection

SQL injection vulnerability in vedifaq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...

ManageEngine ServiceDesk Plus 7.6 - woID SQL Injection

Advisory Name: SQL injection in Manage Engine Service Desk Plus 7.6 Vulnerability Class: SQL injection Release Date: 03-18-2010 Affected Applications: Confirmed in version 7.6. Other versions may also be affected. Affected Platforms: Multiple Local / Remote: Remote Severity: High – CVSS: 9...

Joomla Component (Yelp) SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================== Joomla Component Yelp SQL Injection Vulnerability =================================================== ...BEGIN ADVISORY...

Joomla (Job Component) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================== Joomla Job Component SQL Injection Vulnerability ================================================== ...BEGIN ADVISORY...

Joomla! Component com_virtuemart - order_status_id SQL Injection

...BEGIN ADVISORY... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! TITLE: Joomla comvirtuemart SQL Injection Vulnerability LANGUAGE: PHP DORK: N/A RESEARCHER: B-HUNT3|2 CONTACT: bhunt3ratnospamgmaildotnospamcom TESTED ON: LocalHost PRE-REQUERIMENTS: Privileged us...

Joomla! Component JBDiary - Blind SQL Injection

...BEGIN ADVISORY... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! TITLE: Joomla JBDiary BLIND SQL Injection Vulnerabilities LANGUAGE: PHP DORK: N/A RESEARCHER: B-HUNT3|2 CONTACT: bhunt3ratnospamgmaildotnospamcom TYPE: COMMERCIAL PRICE: 5€ TESTED ON: Demo Site...

Sql injection

SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter...