CVE-2005-3963

SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dcxd parameter in a cookie...

CVE-2005-3676

SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter...

Invision Power Board Calendar SQL Injection Vulnerability

The remote host is running Invision Power Board - a CGI suite designed to set up a bulletin board system on the remote web server. A vulnerability has been discovered in the sources/calendar.php file that allows unauthorized users to inject SQL commands. SPDX-FileCopyrightText: 2003 Noam Rathaus...

[Full-disclosure] Exploit Oracle DB27 - CPU Octobre

Exploit Oracle DB27 SQL exec sys.pbsde.init'AA',TRUE,'MARYANNDAVIDSONMARYANNDAVIDSONMARYA NNDAVIDSONMARYANNDAVIDSONMARYANNDAVIDSONMARYANNDAVIDSONMA RYANNDAVIDSONMARYANNDAVIDSONMARYANNDAVIDSONMARYANNDAVIDSO NMARYANNDAVIDSONMARYANNDAVIDSON',NULL; BEGIN...

Low: Red Hat Security Advisory: mysql security update

Updated mysql packages that fix a temporary file flaw and a number of bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisti...

CVE-2005-3063

CVE-2005-3063 affects MailGust (v1.9) and describes an SQL injection vulnerability on the password reminder page, exploitable via the email field to execute arbitrary SQL commands. This is evidenced by multiple sources in connected documents (NVD entry, OpenVAS/NASL plugin, and Nessus plugin) sta...

phpWebSite: Arbitrary command execution through XML-RPC and SQL injection

Background phpWebSite is a web site content management system. Description phpWebSite uses an XML-RPC library that improperly handles XML-RPC requests and responses with malformed nested tags. Furthermore, "matrixkiller" reported that phpWebSite is vulnerable to an SQL injection attack. Impact A...

CVE-2004-2340

Technical details about CVE-2004-2340 are not publicly available in the provided connected documents; the entry remains unverified in accessible sources. Monitor for updates.

PT-2005-3098 · Plague · Plague News System

Name of the Vulnerable Software and Affected Versions: Plague News System versions 0.6 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the cid parameter in the "index.php" endpoint. Recommendations: For Plague News System versions...

PHP Arena <= 1.1.3 pafiledb.php Remote Change Password Exploit

No description provided by source. !/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR: PHP Arena paFileDB 1.1.3 And 0lder Expl0it By: A l p h a P r o g r a m m e r Sirus-v Email: [email protected] + Discovered By: GulfTech + Advisory:...

PHP Arena 1.1.3 - 'pafiledb.php' Remote Change Password

!/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR: PHP Arena paFileDB 1.1.3 And 0lder Expl0it By: A l p h a P r o g r a m m e r Sirus-v Email: [email protected] + Discovered By: GulfTech + Advisory: https://www.securityfocus.com/bid/13967 Vulnerabl...

Mandrake Linux Security Advisory : postgresql (MDKSA-2005:093)

A number of vulnerabilities were found and corrected in the PostgreSQL DBMS : Two serious security errors have been found in PostgreSQL 7.3 and newer releases. These errors at least allow an unprivileged database user to crash the backend process, and may make it possible for an unprivileged user...

security flaw

The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the 1 dexinit, 2 snbeninit, 3 snbruinit, 4 spellinit, and 5 syninit functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service application crash and possibly have other...

CVE-2005-1750

SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 allows remote attackers to execute arbitrary SQL commands via the password parameter...

CVE-2005-1454

SQL injection vulnerability in the radiusxlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via 1 groupmembershipquery, 2 simulcountquery, or 3 simulverifyquery configuration entries...

CVE-2005-1636

mysqlinstalldb in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysqlinstalldb.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents...

CVE-2005-1636

CVE-2005-1636 affects MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4. The mysql_install_db script creates a temporary file (mysql_install_db.X) with a predictable name and insecure permissions, enabling a local user to modify the file and execute arbitrary SQL commands during installation. Remedia...

CVE-2004-1893

Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a...

CVE-2005-1429

SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter...

CVE-2005-1410

The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the 1 dexinit, 2 snbeninit, 3 snbruinit, 4 spellinit, and 5 syninit functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service application crash and possibly have other...