43 matches found
L-Forum Vulnerability - SQL Injection
I have discovered an SQL injection flaw in L-Forum which has a recent record upload spoofing/XSS by Ulf of security bugs. The problem this time is search.php. It doesn't properly escape the SQL data passed in by the user in the search member. I have provided a SourceForge patch for this...
PHP-Nuke 4.x/5.x - SQL_Debug Information Disclosure
source: https://www.securityfocus.com/bid/3906/info PHPNuke is a website creation/maintenance tool. It is can be back-ended by a number of database products such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. The sqllayer.php script contains a debugging feature that may be used by attackers ...
McMurtrey/Whitaker & Associates Cart32 3.0/3.1/3.5 - Full Path Disclosure
source : https://www.securityfocus.com/bid/1932/info Cart32 is a shopping cart application for e-commerce enabled sites. Cart32 contains a vulnerability which reveals server information. Requesting a specially crafted URL, by way of the CGI application, will reveal the physical path to the web ro...