CVE-2006-0406

search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters...

CVE-2006-0406

CVE-2006-0406 affects MyBB 1.0.2: the search.php component can leak schema details by returning a SQL error message that reveals the database table prefix, due to certain search parameters. This is a remote-information-disclosure risk without explicit exploitation details in the provided document...

PT-2005-5409 · Freeradius +1 · Freeradius +1

Name of the Vulnerable Software and Affected Versions: FreeRADIUS versions 1.0.2.5-5 through 1.0.4 Description: The issue is related to an off-by-one error in the sql error function, which might allow remote attackers to cause a denial of service or possibly execute arbitrary code by causing the...

CVE-2005-3076

CVE-2005-3076 affects Simplog 0.9.1. The vulnerability allows remote attackers to execute arbitrary SQL commands or trigger SQL error messages by supplying invalid parameters to archive.php (pid, blogid, cid, m) or to blogadmin.php (blogid). Descriptions in NVD and CVE listings confirm these SQL ...

CVE-2005-3017

PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting XSS...

CVE-2005-3017

The CVE-2005-3017 entry concerns a PHP file inclusion vulnerability in Content2Web 1.0.1. A remote attacker can influence the show parameter in index.php to include arbitrary files, with resulting errors that can disclose paths, trigger SQL errors, and enable cross-site scripting (XSS). This vuln...

CVE-2005-3017

PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting XSS...

pluggedBlog.txt

Plugged-Blog XSS and SQL-Injection flaw & Remove Admin vendor url: http://www.pluggedout.com advisory: http://falcondeoro.blogspot.com/2005/07/plugged-blog-xss-and-sql-injection.html vendor notify: yes exploit available: yes Plugged-Blog is a CMS WebBlog-Portal content management systen, theinsta...

CVE-2005-2399

PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via missing parameters to 1 browse.php, 2 export.php, 3 conditions.php, or 4 spss.php...

[SECURITYREASON.COM][phpBB 2.0.13 SQL error in session cXIb8O3.8]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.13 SQL error in session cXIb8O3.8 Author: Maksymilian Arciemowicz cXIb8O3 Date: 10.3.2005 from securityreason.com TEAM - --- 0.Description --- phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin board packag...

XSS in & path disclosure phpBB forums

Affected versions: Dunno All? Code: http://www.phpbb.com/phpBB/search.php?searchid=3D1'scriptalert/guiler= minator20overload,20vampirun20mugroson/;/script Overview The error is like: ---------------- Could not obtain search results DEBUG MODE SQL Error : 1064 You have an error in your SQL syntax...

ColdFusion SQL Error Pages XSS

---------- NOTE ABOUT COLDFUSION XSS ATTACKS Vendor: Macromedia Versions: MX 6.0 tested , older ? PROBLEM: When you access to an error page of sql you can insert xss code to be shown in the error uotput of the sql backend. example: http://target/article.cfm?id=1'scriptalertdocument.cookie;/script...

Macromedia ColdFusion MX 6.0 - SQL Error Message Cross-Site Scripting

Macromedia ColdFusion MX 6.0 - SQL Error Message Cross-Site Scripting source: https://www.securityfocus.com/bid/8840/info It has been reported that Macromedia ColdFusion MX may be prone to a cross-site scripting vulnerability due to improper handling of error messages generated by the underlying...

Exploitable NCM.at - Content Management System

--------------------------------------------------------------------------- Possible Security Problem in NCM - Content Management System Package name: NCM Content Management System Severity: Possible direct access to database of content Date: 2001-04-10 Affected versions: ?, no information from t...