Lucene search
K

36 matches found

OwnCloud
OwnCloud
added 2014/07/03 6:22 p.m.44 views

LDAP injection - ownCloud

Due to not properly sanitizing the LDAP queries an attacker is able to: Gain information about existing LDAP users Modify the login query, e.g. with a wildcard Affected Software ownCloud Server 6.0.2 CVE-2014-2047 ownCloud Server 5.0.15 CVE-2014-2049 Action Taken All LDAP queries have been review...

6.8CVSS6AI score0.0129EPSS
Exploits0Affected Software1
OwnCloud
OwnCloud
added 2014/07/03 2:0 a.m.45 views

Server: LDAP injection

Due to not properly sanitizing the LDAP queries an attacker is able to: Gain information about existing LDAP users Modify the login query, e.g. with a wildcard For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

6.8CVSS6AI score0.0129EPSS
Exploits0Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

HiveMail 1.2.2/1.3 folders.update.php folderid Variable Arbitrary PHP Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

Widget Property 1.1.19 Property.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15701/info Widget Press Widget Property is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'property.php' script before using it i...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.28 views

Azerbaijan Development Group AzDGDatingPlatinum 1.1 .0 view.php id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13082/info AzDGDatingPlatinum is reported prone to multiple vulnerabilities. The following specific issues were identified: - Multiple SQL-injection vulnerabilities. These issues could permit remote attackers to pass...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

LocazoList Classifieds 1.0 SearchDB.ASP Input Validation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15812/info LocazoList Classifieds is prone to an input validation vulnerability that allows cross-site scripting and SQL injection attacks. An attacker may leverage this issue to have arbitrary script code executed in the...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.20 views

CactuShop XSS and SQL injection flaws

The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in the script 'popuplargeimage.asp'. Successful exploitation of this issue may allow an...

7.5CVSS0.1AI score0.04031EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2005/07/12 12:0 a.m.5 views

PT-2005-3150 · Dragonfly · Dragonfly Commerce

Name of the Vulnerable Software and Affected Versions: Dragonfly Commerce versions affected versions not specified Description: The issue allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via several parameters, including the key parameter to "dc...

7.5CVSS8.5AI score0.01141EPSS
Exploits0References4
exploitpack
exploitpack
added 2004/02/09 12:0 a.m.19 views

PHP-Nuke 6.x7.x - Public Message SQL Injection

PHP-Nuke 6.x7.x - Public Message SQL Injection source: https://www.securityfocus.com/bid/9615/info It has been reported that the 'public message' feature of PHP-Nuke is vulnerable to an SQL injection vulnerability. The issue is due to improper sanitization of user-defined parameters supplied to t...

8.6AI score
Exploits0
securityvulns
securityvulns
added 2002/05/28 12:0 a.m.59 views

PHP classical bugs in phpBB allows remote code execution

Uninitialized PHP variables and ability to modify SQL query allow to execute code on server. Crossite scripting. Invalid NULL-byte handling leads to DoS...

2.6AI score
Exploits0References7Affected Software1
securityvulns
securityvulns
added 2002/04/04 12:0 a.m.36 views

Code injection in PHPGroupware

It's possible to inject PHP code and to modify SQL query...

2.1AI score
Exploits0References2Affected Software1
NVD
NVD
added 2001/12/25 5:0 a.m.25 views

CVE-2001-1226

AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database...

5CVSS7.2AI score0.0152EPSS
Exploits0References3
securityvulns
securityvulns
added 2001/12/25 12:0 a.m.28 views

Модификация SQL-запроса в adrotate (SQL modification)

Возможно модифицировать SQL-запрос в CGI-приложении...

1.6AI score
Exploits0References1
securityvulns
securityvulns
added 2001/10/09 12:0 a.m.29 views

phpBB 1.4.2, Remote user is able to modify SQL query.

Hi, there is a a potential security problem in the current version 1.4.2 and previous versions of phpBB http://www.phpbb.com. A remote user is able to modify a string passed as a SQL query to the MySQL database. The problem exists in the file bbmemberlist.php. A string called $sortby is supplied...

Exploits0
securityvulns
securityvulns
added 2001/09/28 12:0 a.m.47 views

Модификация SQL-запроса во многих модулях авторизации Apache, PAM и т.д.

Ввод пользователя не проверяется на наличие служебных символов SQL...

0.7AI score
Exploits0References3Affected Software9
securityvulns
securityvulns
added 2001/01/18 12:0 a.m.25 views

Дырка в postaci (SQL query modification)

недостаточная проверка ввода пользователя дает возможность модифицировать SQL-запрос...

1.1AI score
Exploits0References1
Rows per page
Query Builder