6207 matches found
CVE-2004-2399
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service CPU consumption via delayed responses to DNS queries...
CVE-2004-2349
Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow remote attackers to execute arbitrary SQL queries...
FreznoShopSQL.txt
FreznoShop Vulnerability Details Date: May 13, 2005 Mike Shema Versions of FreznoShop http://www.freznoshop.de/ below 1.4.1 are vulnerable to SQL injection due to the use of unvalidated parameters in database queries. Some unpatched versions of 1.4.1 are vulnerable as well. The value of the 'id'...
PortailPHP 2.4 - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/14474/info Portail PHP is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. The consequences of this attack may vary depending on the type of...
FreeBSD : PowerDNS -- LDAP backend fails to escape all queries (43a7b0a7-f9bc-11d9-b473-00061bc2ad93)
The LDAP backend in PowerDNS has issues with escaping queries which could cause connection errors. This would make it possible for a malicious user to temporarily blank domains. This is known to affect all releases prior to 2.9.18. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Debian DSA-771-1 : pdns - several vulnerabilities
Several problems have been discovered in pdns, a versatile nameserver that can lead to a denial of service. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2301 Norbert Sendetzky and Jan de Groot discovered that the LDAP backend did not properly...
PHP-Fusion <= 6.00.106 Multiple Vulnerabilities
According to its banner, the remote host is running a version of PHP-Fusion that suffers from multiple vulnerabilities : - SQL Injection Vulnerability The application fails to sanitize user-supplied input to the 'msgview' parameter of the 'messages.php' script before using it in database queries...
Hosting Controller <= 6.1 Hotfix 2.2 Multiple Vulnerabilities
According to its version number, the installation of Hosting Controller on the remote host improperly allows an authenticated user to add hosting plans to his account, to edit the details of his own or anyone else's hosting plans, to view the folders of all resellers and the web admin, to add...
PHP-Fusion < 6.00.107 Multiple Vulnerabilities
Binary data 3100.prm...
PHPNews 1.2.x - 'auth.php' SQL Injection
source: https://www.securityfocus.com/bid/14333/info PHPNews is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. This vulnerability could permit remote attackers to pass malicious...
CVE-2005-2301
PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service failure to answer ldap questions and possibly conduct an LDAP injection attack...
PowerDNS -- LDAP backend fails to escape all queries
The LDAP backend in PowerDNS has issues with escaping queries which could cause connection errors. This would make it possible for a malicious user to temporarily blank domains. This is known to affect all releases prior to 2.9.18...
CVE-2000-1233
SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter...
CVE-2005-2253
CVE-2005-2253 is a SQL injection in PhpAuction 2.5, where an attacker can modify SQL queries through the category parameter in adsearch.php. Root cause: unsanitized input used in database queries. Affected: PhpAuction 2.5. Impact: as described by CVE/NVD (base score 7.5, HIGH). Exploitation detai...
CVE-2005-2197
SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php...
CVE-2004-2185
Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via 1 the UnicodeConverter extension, 2 raw page views, 3 SpecialIpblocklist, 4 SpecialEmailuser, 5 SpecialMaintenance, and 6 ImagePage...
CVE-2004-2185
Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via 1 the UnicodeConverter extension, 2 raw page views, 3 SpecialIpblocklist, 4 SpecialEmailuser, 5 SpecialMaintenance, and 6 ImagePage...
osTicket < 1.3.1 Multiple Vulnerabilities
Binary data 3046.prm...
osTicket <= 1.3.1 Multiple Vulnerabilities
The version of osTicket installed on the remote host suffers from several vulnerabilities, including: - A Local File Include Vulnerability The application fails to sanitize user-supplied input to the 'inc' parameter in the 'view.php' script. An attacker may be able to exploit this flaw to run...
DUamazon Pro Multiple Scripts SQL Injection
The remote host is running DUamazon Pro, an ASP-based storefront from DUware for Amazon affiliates. The installed version of DUamazon Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database...