36 matches found
LDAP injection - ownCloud
Due to not properly sanitizing the LDAP queries an attacker is able to: Gain information about existing LDAP users Modify the login query, e.g. with a wildcard Affected Software ownCloud Server 6.0.2 CVE-2014-2047 ownCloud Server 5.0.15 CVE-2014-2049 Action Taken All LDAP queries have been review...
Server: LDAP injection
Due to not properly sanitizing the LDAP queries an attacker is able to: Gain information about existing LDAP users Modify the login query, e.g. with a wildcard For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
HiveMail 1.2.2/1.3 folders.update.php folderid Variable Arbitrary PHP Command Execution
No description provided by source. source: http://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result ...
Widget Property 1.1.19 Property.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15701/info Widget Press Widget Property is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'property.php' script before using it i...
Azerbaijan Development Group AzDGDatingPlatinum 1.1 .0 view.php id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/13082/info AzDGDatingPlatinum is reported prone to multiple vulnerabilities. The following specific issues were identified: - Multiple SQL-injection vulnerabilities. These issues could permit remote attackers to pass...
LocazoList Classifieds 1.0 SearchDB.ASP Input Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15812/info LocazoList Classifieds is prone to an input validation vulnerability that allows cross-site scripting and SQL injection attacks. An attacker may leverage this issue to have arbitrary script code executed in the...
CactuShop XSS and SQL injection flaws
The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in the script 'popuplargeimage.asp'. Successful exploitation of this issue may allow an...
PT-2005-3150 · Dragonfly · Dragonfly Commerce
Name of the Vulnerable Software and Affected Versions: Dragonfly Commerce versions affected versions not specified Description: The issue allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via several parameters, including the key parameter to "dc...
PHP-Nuke 6.x7.x - Public Message SQL Injection
PHP-Nuke 6.x7.x - Public Message SQL Injection source: https://www.securityfocus.com/bid/9615/info It has been reported that the 'public message' feature of PHP-Nuke is vulnerable to an SQL injection vulnerability. The issue is due to improper sanitization of user-defined parameters supplied to t...
PHP classical bugs in phpBB allows remote code execution
Uninitialized PHP variables and ability to modify SQL query allow to execute code on server. Crossite scripting. Invalid NULL-byte handling leads to DoS...
Code injection in PHPGroupware
It's possible to inject PHP code and to modify SQL query...
CVE-2001-1226
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database...
Модификация SQL-запроса в adrotate (SQL modification)
Возможно модифицировать SQL-запрос в CGI-приложении...
phpBB 1.4.2, Remote user is able to modify SQL query.
Hi, there is a a potential security problem in the current version 1.4.2 and previous versions of phpBB http://www.phpbb.com. A remote user is able to modify a string passed as a SQL query to the MySQL database. The problem exists in the file bbmemberlist.php. A string called $sortby is supplied...
Модификация SQL-запроса во многих модулях авторизации Apache, PAM и т.д.
Ввод пользователя не проверяется на наличие служебных символов SQL...
Дырка в postaci (SQL query modification)
недостаточная проверка ввода пользователя дает возможность модифицировать SQL-запрос...