59 matches found
Sql injection
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via toolsfirmware.cgi date parameter, time parameter, and offset parameter...
Buffer overflow
Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via toolssystem.cgi date parameter, time parameter, and offset parameter...
CVE-2018-0641
Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via toolssystem.cgi date parameter, time parameter, and offset parameter...
CVE-2018-0639
Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via toolsfirmware.cgi date parameter, time parameter, and offset parameter...
SQL Injection
The SelectLimit function has a potential SQL injection vulnerability through the use of the nrows and offset parameters which are not forced to integers...
PHP Information Disclosure Vulnerability (CNVD-2016-02884)
PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. PHP has a security vulnerability that allows remote attackers to exploit a vulnerability to read the 'offset' parameter from arbitrary memory...
PHP Information Disclosure Vulnerability (CNVD-2016-02886)
PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. PHP has a security vulnerability that allows remote attackers to exploit a vulnerability to read the 'offset' parameter from arbitrary memory...
paFaq beta4 answer.php offset Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/12582/info paFaq is reportedly affected by an SQL injection vulnerability. This issue exists because the application fails to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation...
HP Data Protector Media Operations Memory Corruption
A heap memory corruption vulnerability has been reported in HP Data Protector Media Operations. The vulnerability is due to insufficient validation of the Offset parameter while handling certain packets. A remote attacker may trigger this vulnerability by sending specially crafted connection...
CVE-2008-6189
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to 1 new/index.php, 2 news/index.php, and 3 top/topusers.php, which is not properly handled in database-pgsql.php...
Sql injection
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to 1 new/index.php, 2 news/index.php, and 3 top/topusers.php, which is not properly handled in database-pgsql.php...
CVE-2008-6189
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to 1 new/index.php, 2 news/index.php, and 3 top/topusers.php, which is not properly handled in database-pgsql.php...
DEBIAN-CVE-2008-4094
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...
CVE-2008-4094
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 :limit and 2 :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer...
Sql injection
SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter...
CVE-2004-1955
SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter...
CVE-2004-1955
The CVE-2004-1955 entry describes a SQL injection in the phProfession 2.5 package, specifically via the offset parameter in modules.php. Affected software: phProfession 2.5; vulnerable component: modules.php. Root cause: improper handling of the offset input enables arbitrary SQL execution by rem...
CVE-2004-1955
SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter...
CVE-2004-1925
Multiple SQL injection vulnerabilities in Tiki CMS/Groupware TikiWiki 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sortmode parameter in 1 tiki-usermenu.php, 2 tiki-listfilegallery.php, 3 tiki-directoryranking.php, 4 tiki-browsecategories.php, 5 tiki-index.ph...