17 matches found
EUVD-2020-5815
Malware in sbrugna...
vantage6-server node accepts non-whitelisted algorithms from malicious server
Impact A node does not check if an image is allowed to run if a parentid is set. A malicious party that breaches the server may modify it to set a fake parentid and send a task of a non-whitelisted algorithm. The node will then execute it because the parentid that is set prevents checks from bein...
SUSE CVE-2016-3172
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...
CVE-2020-13568
SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/editgroup.php, when the POST parameter action is “Submit”, the POST parameter parentid leads to a SQL...
CVE-2020-13568
SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/editgroup.php, when the POST parameter action is “Submit”, the POST parameter parentid leads to a SQL...
CVE-2017-1000032
Cross-Site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parentid parameter to tree.php and drpaction parameter to datasources.php...
ALPINE-CVE-2016-3172
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...
CVE-2016-3172
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...
CVE-2016-3172
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parentid parameter in an itemedit action...
CVE-2014-9464
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parentid variable...
Sql injection
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parentid variable...
CVE-2011-5213
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 loginusername parameter to index.php, 2 parentid parameter to modules/Documents/versionlist.php, or 3 contactid parameter to modules/Documents/index.php...
Sql injection
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 loginusername parameter to index.php, 2 parentid parameter to modules/Documents/versionlist.php, or 3 contactid parameter to modules/Documents/index.php...
Sql injection
SQL injection vulnerability in sugcat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parentid parameter, a different vector than CVE-2007-4069...
Sql injection
SQL injection vulnerability in list.php in University of Queensland Library Fez 1.3 and 2.0 RC1 allows remote attackers to execute arbitrary SQL commands via the parentid parameter in a subject action...
IndexScript 3.0 - parent_id SQL Injection
IndexScript 3.0 - parentid SQL Injection ------------------------------------------------------------------------------------------------------------- IndexScript v 3.0 sugcat.php?parentid - SQL injection Vulnerability http://www.indexscript.com/download.php IndexScript is a feature-rich and yet...
CVE-2004-2062
SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the 1 threadid, 2 parentid, or 3 mode parameters...