dblink allows proxying of database connections via 127.0.0.1

PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...

CVE-2007-6462

SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-5514

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to 1 Database Vault component DB24 and 2 SQL Execution component DB26...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to 1 Database Vault component DB24 and 2 SQL Execution component DB26...

CVE-2007-5514

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and attack vectors related to 1 Database Vault component DB24 and 2 SQL Execution component DB26...

CVE-2007-5514

CVE-2007-5514 pertains to Oracle Database 10.2.0.3 and involves multiple vulnerabilities affecting the Database Vault component (DB24) and the SQL Execution component (DB26). The initial description states unknown impact and attack vectors for these components. A connected Nessus CPU plugin (Octo...

DEBIAN-CVE-2007-3905

SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the order parameter to 1 photos.php and 2 editphotos.php...

CVE-2007-1882

qcbin/servlet/tdservlet/TDAPIGeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method...

HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit

No description provided by source. !/usr/bin/perl HP Mercury Quality Center runQuery exploit. Run whatever SQL you want on there db - without SQL injection. Problem is client can do "RunQuery" command os we write program to do this. Client can lots other things it should not also! The backend...

HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit

Exploit for multiple platform in category remote exploits ==================================================================== HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit ==================================================================== !/usr/bin/perl HP Mercury Qualit...

HP Mercury Quality Center 9.0 build 9.1.0.4352 - SQL Execution

!/usr/bin/perl HP Mercury Quality Center runQuery exploit. Run whatever SQL you want on there db - without SQL injection. Problem is client can do "RunQuery" command os we write program to do this. Client can lots other things it should not also! The backend database can be MSSQLServer or Oracle ...

PT-2006-5971 · 4Images · 4Images

Name of the Vulnerable Software and Affected Versions: 4images versions 1.7.x Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the search user parameter in the "search.php" file. Recommendations: For 4images versions 1.7.x, avoid using the search user...

CVE-2006-5204

Cross-site scripting XSS vulnerability in actionadmin/member.php in Invision Power Board IPB 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery CSRF...

CVE-2006-5204

Cross-site scripting XSS vulnerability in actionadmin/member.php in Invision Power Board IPB 2.1.7 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a reference to a script in the avatar setting, which can be leveraged for a cross-site request forgery CSRF...

CVE-2006-5204

The CVE-2006-5204 issue affects Invision Power Board (IPB) 2.1.7 and earlier, where a cross-site scripting (XSS) flaw in action_admin/member.php can be triggered via the avatar setting. This enables remote authenticated users to inject arbitrary script/HTML, and the description also notes a poten...

PT-2006-5919 · Pkr · Internet Taskjitsu

Name of the Vulnerable Software and Affected Versions: PKR Internet Taskjitsu versions prior to 2.0.6 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the key parameter when the limit query parameter is set to customerid. Recommendations: For...

PT-2005-4664 · Randshop · Randshop

Name of the Vulnerable Software and Affected Versions: Randshop affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the kategorieid and katid parameters in the themes/kategorie/index.php file. Recommendations: At t...

Oracle HTML DB 1.5/1.6 - 'wwv_flow.accept?p_t02' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. An attacker can leverage...

PT-2005-2552 · Asp · Asp Virtual News Manager

Name of the Vulnerable Software and Affected Versions: ASP Virtual News Manager affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the password parameter in the admin login.asp file. This can be exploited by sending malicious input...

CVE-2005-0646

SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysqlprefix parameter...