CVE-2007-0250

CVE-2007-0250 affects Nwom topsites 3.0. The vulnerability is in index.php where a single quote in the o parameter can trigger a SQL error, potentially exposing sensitive information. Concrete impact is information disclosure (partial confidentiality). No remediation or patch details are provided...

CVE-2006-6924

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sortmode=-98 query string to 1 blogs/listblogs.php, 2 fisheye/index.php, 3 wiki/orphanpages.php, or 4 wiki/listpages.php, which forces a SQL error. NOTE: the fisheye/listgalleries.php vector is already cover...

CVE-2006-6924

CVE-2006-6924 affects Bitweaver 1.3.1 and earlier, where a remote attacker can trigger a SQL error and potentially expose sensitive information by sending sort_mode=-98 to one of: blogs/list_blogs.php, fisheye/index.php, wiki/orphan_pages.php, or wiki/list_pages.php. The issue is described as a v...

CVE-2006-6282

members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. NOTE: might only be an exposure if displayerrors is enabled, but due to lack of details, even this is not clear...

CVE-2006-6282

Vulnerability: Vikingboard 0.1b is affected by CVE-2006-6282 (and related CVE-2006-4709) due to a SQL injection in topic.php via the s parameter. The issue can allow remote attackers to trigger a forced SQL error or execute arbitrary SQL commands. Affected component/file: topic.php in Vikingboard...

CVE-2006-6282

members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. NOTE: might only be an exposure if displayerrors is enabled, but due to lack of details, even this is not clear...

vikiboard012.txt

vendor site:http://vikingboard.com/ product:Vikingboard 0.1.2 bug:local file include & multiples permanent xss risk:medium error sql : /members.php?s=-80 xss permanent : - in private message , an attacker can send a pm to an administrator with some javascript into the subject field an get his...

CVE-2006-4043

index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message...

CVE-2006-4043

CVE-2006-4043 affects myWebland myBloggie 2.1.4 and earlier. The issue allows remote attackers to obtain sensitive information by crafting a query that only specifies the viewdate mode, causing an SQL error message that reveals the table prefix. This is a data disclosure vulnerability in the appl...

CVE-2006-3884

Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the 1 offset and 2 limit parameters, 3 newdays parameter in a new action, and the 4 linkid parameter in a deadlink action. NOTE: this issue can also be used...

CVE-2006-3389

index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any...

WordPress 2.0.3 SQL Error and Full Path Disclosure

WordPress 2.0.3 SQL Error and Full Path Disclosure Discovered By zero Moroccan Security Team Software: WordPress 2.0.3 Site : www.wordpress.org SQL Error Example: http://localhost/wordpress/index.php?paged=-1 Result: WordPress database error: Erreur de syntaxe pr?s de '-20, 10' ? la ligne 1 SELEC...

CVE-2006-2617

1 AlstraSoft Web Host Directory 1.2, aka 2 HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL...

CVE-2006-2617

1 AlstraSoft Web Host Directory 1.2, aka 2 HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL...

ChatPat v1.0

ChatPat v1.0 Homepage: http://calendarscripts.info/download-3.html Description: An online chat room that lets users chat with each other. Effected files: fastchat.php fastshow.php The nickname input form doesn't sanatize user input before it adds it to the db. In turn this can cause SQL query...

[SA19654] Boardsolution "keyword" Cross-Site Scripting Vulnerability

TITLE: Boardsolution "keyword" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA19654 VERIFY ADVISORY: http://secunia.com/advisories/19654/ CRITICAL: Less critical IMPACT: Cross Site Scripting, Exposure of system information WHERE: From remote SOFTWARE: Boardsolution 1.x...

Mandrake Linux Security Advisory : freeradius (MDKSA-2006:066)

Off-by-one error in the sqlerror function in sqlunixodbc.c in FreeRADIUS might allow remote attackers to cause a denial of service crash and possibly execute arbitrary code by causing the external database query to fail. Updated packages have been patched to correct this issue. %NASLMINLEVEL 7030...

CVE-2005-4744

Off-by-one error in the sqlerror function in sqlunixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service crash and possibly execute arbitrary code by causing the external database query to fail. NOTE: this single...

Cross site scripting

Cross-site scripting XSS vulnerability in acp/lib/classdbmysql.php in Woltlab Burning Board wBB 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated...

CVE-2006-1324

Cross-site scripting XSS vulnerability in acp/lib/classdbmysql.php in Woltlab Burning Board wBB 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated...