[Full-disclosure] HP Mercury Quality Center Any SQL execution

Vendor: HP Product: Mercury Quality Center Version: 9.0 build 9.1.0.4352 Vendor Informed: No HP Mercury Quality Center is test management product for companys to do software testing and quality insurance. HP Mercury Quality Center has additional guest command on server which allows any user who...

Sql injection

SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter...

CVE-2007-0233

wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tbid parameter. NOTE: it could b...

CVE-2006-6160

SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2006-0146

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PHPOpenChat, 7 MAXdev MD-Pro, and 8 MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via...

AntiBoard antiboard.php Multiple Parameter SQL Injection

The remote host appears to be running the AntiBoard bulletin board system. There are multiple SQL injection vulnerabilities in the remote software that may allow an attacker to execute arbitrary SQL commands on the remote host, and possibly bypass the authentication mechanisms of AntiBoard. Note,...

CVE-2002-0581

WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script...

CVE-2002-0581

WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script...

Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution

/scripts/tools/ctss.idc is present. Input to the 'table' parameter is not properly sanitized. A remote attacker could exploit this to execute arbitrary SQL commands. If xpcmdshell is enabled, this could result in arbitrary command execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

CVE-2000-0161

Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands...