90 matches found
CVE-2006-1501
SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action...
[SA19446] OneOrZero "id" SQL Injection Vulnerability
TITLE: OneOrZero "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA19446 VERIFY ADVISORY: http://secunia.com/advisories/19446/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: OneOrZero Helpdesk 1.x http://secunia.com/product/1568/ DESCRIPTION: Preddy...
OneOrZero 1.6.3 Helpdesk - index.php SQL Injection
OneOrZero 1.6.3 Helpdesk - index.php SQL Injection source: https://www.securityfocus.com/bid/17298/info OneOrZero Helpdesk is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...
OneOrZero 1.6.3 Helpdesk - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/17298/info OneOrZero Helpdesk is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromis...
OneOrZero Helpdesk tupdate.php sg Parameter SQL Injection
The remote host is running OneOrZero, an online helpdesk. There are multiple flaws in this software that could allow an attacker to insert arbitrary SQL commands in the remote database, or even to gain administrative privileges on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Re...
OneOrZero Security Problems (PHP)
Informations : °°°°°°°°°°°°°° Website : http://www.oneorzero.com Version : 1.4 rc4 Problems : - SQL Injection - Admin Access PHP Code/Location : °°°°°°°°°°°°°°°°°°° supporter/tupdate.php : -------------------------------------------------------------------------- if$groupid == 'change' $sql =...
OneOrZero Helpdesk 1.4 - install.php Administrative Access
OneOrZero Helpdesk 1.4 - install.php Administrative Access source: https://www.securityfocus.com/bid/7611/info OneOrZero Helpdesk has been reported prone to an issue that may result in an attacker obtaining unauthorized administrative access. The issue presents itself due to a programming error i...
OneOrZero Helpdesk 1.4 - TUpdate.php SQL Injection
OneOrZero Helpdesk 1.4 - TUpdate.php SQL Injection source: https://www.securityfocus.com/bid/7609/info An SQL injection issue has been reported to affect OneOrZero Helpdesk. The error presents itself in a OneOrZero Helpdesk script that fails to sufficiently sanitize user-supplied input before...
OneOrZero Helpdesk 1.4 - 'install.php' Administrative Access
source: https://www.securityfocus.com/bid/7611/info OneOrZero Helpdesk has been reported prone to an issue that may result in an attacker obtaining unauthorized administrative access. The issue presents itself due to a programming error in a Helpdesk script. Reportedly a script does not...
OneOrZero Helpdesk 1.4 - 'TUpdate.php' SQL Injection
source: https://www.securityfocus.com/bid/7609/info An SQL injection issue has been reported to affect OneOrZero Helpdesk. The error presents itself in a OneOrZero Helpdesk script that fails to sufficiently sanitize user-supplied input before including it in SQL queries. Successful exploitation...