CVE-2006-3013

Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null %00 character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could...

CVE-2006-3013

Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null %00 character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could...

USN-288-2: PostgreSQL server/client vulnerabilities

USN-288-1 fixed two vulnerabilities in Ubuntu 5.04 and Ubuntu 5.10. This update fixes the same vulnerabilities for Ubuntu 6.06 LTS. For reference, these are the details of the original USN: CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded...

Sql injection

SQL injection vulnerability in comment.php in Pineapple Technologies Lore 1.5.6 and earlier allows remote attackers to execute arbitrary SQL commands via the articleid parameter...

CVE-2006-2861

SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter...

CVE-2006-2822

SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum aka CAForum 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

USN-288-1: PostgreSQL server/client vulnerabilities

CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data. If a client application processed untrusted input without respecting its encoding and applied standard string escaping techniques such as replacing a single quote '''''''...

Sql injection

SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module...

CVE-2006-2525

CVE-2006-2525 affects UseBB 1.0 RC1 and earlier. The vulnerability is a SQL injection in the member list search module that allows remote attackers to execute arbitrary SQL commands. The NVD metrics indicate a medium base score (6.4, CVSS v2) with network access, low attack complexity, and no use...

CVE-2006-2474

SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and earlier allows remote attackers to execute arbitrary SQL commands via the artnum parameter...

FreeBSD : postgresql -- character conversion and tsearch2 vulnerabilities (486aff57-9ecd-11da-b410-000e0c2e438a)

The postgresql development team reports : The more severe of the two errors is that the functions that support client-to-server character set conversion can be called from SQL commands by unprivileged users, but these functions are not designed to be safe against malicious choices of argument...

CVE-2006-2328

CVE-2006-2328 describes a SQL injection in AngelineCMS 0.6.5 and earlier. The issue is in the library file lib/adodb/server.php and allows an attacker to manipulate the query string to execute arbitrary SQL commands. Affected product/version explicitly stated as AngelineCMS 0.6.5 and earlier; roo...

postgresql -- encoding based SQL injection

The PostgreSQL development team reports: An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands in...

CVE-2006-2139

Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the 1 name parameter to a deltables.php, 2 select, 3 header, 4 url, 5 source, or 6 time parameters to b manualsubmit.php, 7 num parameter to c delete.php, or 8 tablename...

CVE-2006-2127

CVE-2006-2127 affects Blog Mod 0.2.x; a SQL injection in weblog_posting.php allows remote attackers to execute arbitrary SQL via the r parameter, with a base risk score of 6.4 (Medium). No explicit remediation or exploit details are provided in the connected documents.

Sql injection

SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 categori and 2 stranica parameters...

Sql injection

SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the...

CVE-2006-1804

SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sqlquery parameter...

Sql injection

SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sqlquery parameter...

Sql injection

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 blogid parameter in a index.php and b archive.php, the 2 m and 3 y parameters in archive.php, and the 4 sql parameter in c server.php...