LinkAce 注入漏洞

LinkAce is a self-hosted repository developed by Kevin Woblick, designed to collect links to your favorite websites. Versions of LinkAce prior to 2.5.6 had an injection vulnerability. This vulnerability stemmed from the database configuration process allowing attackers to control databases by...

Generic HTTP SQLi (Web Application) - Active Check

This script attempts to use SQL injection SQLi techniques on CGI / web application scripts. SPDX-FileCopyrightText: 2002 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Invision Power Board ibProArcade Module index.php cat Parameter SQL Injection

The installation of Invision Power Board on the remote host includes an optional module, named 'Arcade', that allows unauthorized users to inject SQL commands into the remote SQL database through the 'cat' parameter. An attacker may use this flaw to gain control of the remote database and possibl...

Comersus Cart Multiple Input Validation Vulnerabilities (SQLi, XSS)

The remote host is running the Comersus Shopping Cart Software. There is a flaw in this interface that allows an attacker to log in as any user by using a SQL injection flaw in the code of comersusbackofficelogin.php. An attacker may use this flaw to gain unauthorized access on this host, or to...

phpWebSite < 0.9.x Multiple Vulnerabilities

There are multiple flaws in the remote version of phpWebSite that may allow an attacker to gain the control of the remote database, or to disable this site entirely. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...