infoware - SQL Injection

=============================================== infoware SQL Injection Vulnerability =============================================== .----..--.--.| |--..-----..----.| |.-----..-----. | || | || || -|| || || || | ||| ||||||| ||||| | || || infoware SQL Injection Vulnerability...

infoware SQL Injection Vulnerability

Exploit for php platform in category web applications ==================================== infoware SQL Injection Vulnerability ==================================== .----..--.--.| |--..-----..----.| |.-----..-----. | || | || || -|| || || || | ||| ||||||| ||||| | || || infoware SQL Injection...

INVOhost Multiple SQL injection vulnerabilities

INVOhost is prone to multiple SQL injection vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2010-1336

Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 newlanguage parameters to site.php, 3 search parameter to manuals.php, and 4 unspecified vectors to faq.php. NOTE: some of these details are obtained from third party...

CVE-2010-1336

Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the 1 id and 2 newlanguage parameters to site.php, 3 search parameter to manuals.php, and 4 unspecified vectors to faq.php. NOTE: some of these details are obtained from third party...

CVE-2009-4618

Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetextid parameter to 1 aboutus.php and 2 faq.php...

Sql injection

Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetextid parameter to 1 aboutus.php and 2 faq.php...

CVE-2009-4618

Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetextid parameter to 1 aboutus.php and 2 faq.php...

CVE-2009-4460

Multiple cross-site scripting XSS vulnerabilities in Auto-Surf Traffic Exchange Script 1.1 allow remote attackers to inject arbitrary web script or HTML via the rid parameter to 1 index.php, 2 faq.php, and 3 register.php...

CVE-2009-4460

Multiple cross-site scripting XSS vulnerabilities in Auto-Surf Traffic Exchange Script 1.1 allow remote attackers to inject arbitrary web script or HTML via the rid parameter to 1 index.php, 2 faq.php, and 3 register.php...

CyberCMS - faq.php SQL Injection

CyberCMS - faq.php SQL Injection source: https://www.securityfocus.com/bid/39698/info Cyber CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

CVE-2008-2460

CVE-2008-2460 is an SQL injection vulnerability affecting vBulletin 3.7.0 Gold . The flaw is in faq.php where the q parameter in a search action is vulnerable, enabling remote attackers to execute arbitrary SQL commands . NVD lists a CVSS v2 base score of 7.5 (HIGH) with network access, no authen...

CVE-2008-2460

SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows remote attackers to execute arbitrary SQL commands via the q parameter in a search action...

Vbulletin 3.7.0 Gold >> Sql injection on faq.php

By : Ali JasbiHackerz.ir security & hacking research team Vendor : vbulletin.org version : 3.7.0 Gold Vulnerability: Sql injection http://www.domain.com/vBulletin/faq.php?s=&do=search&q=Sql injection&match=any&titlesonly=1 test it: faq.php?s=&do=search&q='&match=any&titlesonly=1...

CVE-2007-6667

SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413...

CVE-2007-6667

The CVE-2007-6667 entry describes an SQL injection in MyPHP Forum 3.0 and earlier, exploitable via the id parameter in faq.php. The vulnerability allows remote execution of arbitrary SQL commands, with the attack surface limited to the FAQ handling path; the note indicates the member.php vector i...

Sql injection

Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the categoryid parameter to faq.php, and unspecified other vectors involving additional scripts...

CVE-2007-6633

Multiple cross-site scripting XSS vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via 1 the catname parameter to faq.php; and unspecified parameters to the 2 add categories, 3 edit categories, 4 delete categories, 5 add faq...

CVE-2007-6633

CVE-2007-6633 involves multiple cross-site scripting (XSS) vulnerabilities in FAQMasterFlexPlus (potentially versions 1.5 or 1.52). The issues allow remote attackers to inject arbitrary web script or HTML via the cat_name parameter to faq.php and via parameters to admin actions (add/edit/delete c...

NetBizCity FaqMasterFlexPlus 'faq.php' SQL注入漏洞

BUGTRAQ ID: 27052 CNCAN ID:CNCAN-2008010202 NetBizCity FaqMasterFlexPlus是一款基于PHP的WEB应用程序。 NetBizCity FaqMasterFlexPlus不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'faq.php'脚本对用户提交的WEB参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 NetBizCity FaqMasterFlexPlus --------- 目前没有解决方案提供...