255 matches found
PluggedOut Nexus SQL injection
PluggedOut Nexus SQL injection Nexus is an open source script you can run on your web server to give you a community based website where people can register, search each others interests, and communicate with one another either through a private messaging system, or via chat requests and forums...
[SA18720] AgileBill ADOdb server.php Insecure Test Script Security Issue
TITLE: AgileBill ADOdb server.php Insecure Test Script Security Issue SECUNIA ADVISORY ID: SA18720 VERIFY ADVISORY: http://secunia.com/advisories/18720/ CRITICAL: Moderately critical IMPACT: Security Bypass, System access WHERE: From remote SOFTWARE: AgileBill 1.x http://secunia.com/product/6224/...
[Full-disclosure] Secunia Research: ADOdb Insecure Test Scripts Security Issues
====================================================================== Secunia Research 09/01/2006 - ADOdb Insecure Test Scripts Security Issues - ====================================================================== Table of Contents Affected...
cacti -- ADOdb "server.php" Insecure Test Script Security Issue
Secunia reports: Cacti have a security issue, which can be exploited by malicious people to execute arbitrary SQL code and potentially compromise a vulnerable system. The problem is caused due to the presence of the insecure "server.php" test script...
PHP-Fusion 6.00.3 - rating SQL Injection
PHP-Fusion 6.00.3 - rating SQL Injection !/usr/bin/perl Exploit for PHP-Fusion 6.00.3 Released Coded by:[email protected] Greetz: http://www.curityreason.com use strict; use warnings; use LWP::UserAgent; use HTTP::Cookies; if!$ARGV3 printagent"Exploit for PHP-Fusion" . $ua-agent; $ua-cookiej...
Blog System v1.2 SQL inj. vuln.
Blog System v1.2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/blog-system-v12-sql-inj-vuln.html vendor:http://www.netartmedia.net/blogsystem/ affected version:v1.2 and prior Product Description: Blog System allows you to launch and...
Helpdesk Issue Manager v0.9 SQL inj.
Helpdesk Issue Manager v0.9 SQL inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/helpdesk-issue-manager-v09-sql-inj.html Vendor:http://helpdesk.centralmanclc.com/ affected vesion:v0.9 and prior Vuln. Description: Input passed to the "id"...
iSupport 1.x "include_file" SQL inj.
iSupport 1.x "includefile" SQL inj. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/isupport-1x-includefile-sql-inj.html Vendor:http://www.idevspot.com/ Product link:http://www.idevspot.com/index.php?page=pdetail7E1 affected vesion: tested on 1.06...
CVE-2005-3208
Multiple SQL injection vulnerabilities in 1 aeNovo, 2 aeNovoShop and 3 aeNovoWYSI allow remote attackers to execute arbitrary SQL code via a the password parameter in control.asp, and b the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages...
CVE-2004-1955
SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter...
CVE-2004-1846
CVE-2004-1846 affects News Manager Lite 2.5 with multiple SQL injection flaws allowing remote attackers to execute arbitrary SQL via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp. The sources provided reiterate this vulnerability...
CVE-2004-2066
SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the 1 linphauserid or 2 linphapassword cookies...
CVE-2004-1846
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the 1 ID parameter to more.asp, 2 ID parameter to categorynews.asp, or 3 filter parameter to newssort.asp...
phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities
The installed version of phpBB on the remote host includes a photo album module that has multiple vulnerabilities: - A SQL Injection Vulnerability An attacker can pass arbitrary SQL code through the 'mode' parameter of the 'albumsearch.php' script to manipulate database queries. - Various...
CVE-2005-0475
SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the 1 offset, 2 limit, 3 order, or 4 orderby parameter to question.php, 5 offset parameter to answer.php, 6 searchitem parameter to search.php, 7 catid, 8 cid, or 9 i...
CVE-2005-0615
Multiple SQL injection vulnerabilities in 1 index.php, 2 modules.php, or 3 admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter...
CVE-2004-1588
GoSmart Message Board (ASP) is affected by SQL injection in two input vectors: Forum.asp via QuestionNumber/Category and Login_Exec.asp via Username/Password. This enables remote execution of arbitrary SQL commands. Related OpenVAS entries also flag additional XSS and input-sanitization flaws, bu...
[SA14090] PHP-Fusion "forum_search.php" Information Disclosure
TITLE: PHP-Fusion "forumsearch.php" Information Disclosure SECUNIA ADVISORY ID: SA14090 VERIFY ADVISORY: http://secunia.com/advisories/14090/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: PHP-Fusion 4.x http://secunia.com/product/3803/ DESCRIPTION:...
CVE-2004-1588
SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the 1 QuestionNumber and Category parameters to Forum.asp or 2 Username and Password parameter to LoginExec.asp...
[Hat-Squad] SQL injection and XSS Vulnerabilities in HELM
Hat-Squad Advisory: SQL injection and XSS Vulnerabilities in HELM November 2, 2004 Product: HELM Web Hosting Control Panel Vendor URL: http://helm.webhostautomation.com Version: HELM 3.1.19 and lower Vulnerability: SQL injection and XSS Release Date: November 2, 2004 Vendor Status: Informed on 28...