PhpWebGallery 1.3.4/1.5.1 picture.php image_id Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15837/info PhpWebGallery is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attack...

MyBulletinBoard RC4 member.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14553/info MyBulletinBoard is prone to multiple SQL injection vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

MetaCart2 IntCatalogID Parameter Remote SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13382/info A remote SQL-injection vulnerability affects MetaCart2 because the application fails to properly sanitize user-supplied input before including it in SQL queries. An attacker may exploit this issue to manipulate...

PostNuke Phoenix 0.760 RC3 SID Parameter Remote SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13077/info A remote SQL Injection vulnerability affects PostNuke Phoenix. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in SQL queries. An attacker may...

GLSA-201406-26 : Django: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201406-26 Django: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute code with the privileges ...

Django: Multiple vulnerabilities

Background Django is a Python-based web framework. Description Multiple vulnerabilities have been discovered in Django. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute code with the privileges of the process, modify SQL queries, or disclose...

Hexorbase - Multiple Database Management and Audit Tool

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL...

ownCloud 'lib/bookmarks.php' SQL Injection Vulnerability

ownCloud is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if...

ownCloud Multiple XSS and SQL Injection Vulnerabilities

ownCloud is prone to multiple XSS and SQL injection vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

couponPHP CMS 1.0 - Multiple Stored XSS and SQL Injection Vulnerabilities

couponPHP is vulnerable to multiple Stored XSS and SQL Injection issues. Input passed via the parameters 'iDisplayLength' and 'iDisplayStart' in 'commentspaginate.php' and 'storespaginate.php' scripts are not properly sanitised before being returned to the user or used in SQL queries. This can be...

MariaDB多个拒绝服务漏洞

MariaDB基于事务的Maria存储引擎，替换了MySQL的MyISAM存储引擎，它使用了Percona的 XtraDB，InnoDB的变体，分支的开发者希望提供访问即将到来的MySQL 5.4 InnoDB性能。 1），当处理某些编写有子查询的SELECT语句时的空指针引用错误，可以被利用来导致系统崩溃。 成功利用此漏洞，需要在"materialization"和"semijoin"优化切换到打开时。 2） 处理有某些并发的SQL查询的KILL查询语句时的错误，可被利用来导致系统崩溃。 3）分析NAMECONST表达式时包含AND/OR表达式，可以被利用来导致系统崩溃。...

MariaDB Server 5.5.x < 5.5.36 Remote Multiple Denial of Service Vulnerabilities

Binary data 8132.prm...

phpMyRecipes Multiple Vulnerabilities

phpMyRecipes is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fat Free CRM Gem for Ruby allows remote attackers to inject or manipulate SQL queries

Fat Free CRM contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the app/controllers/homecontroller.rb script not properly sanitizing user-supplied input to the 'state' parameter or input passed via comments and emails. This may allow a remote attacker to inje...

MGASA-2013-0325 Updated roundcubemail package fixes security vulnerability

It was discovered that roundcube does not properly sanitize the session parameter in steps/utils/savepref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code...

Updated roundcubemail package fixes security vulnerability

It was discovered that roundcube does not properly sanitize the session parameter in steps/utils/savepref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code...

[BSA-085] Security Update for roundcube

Package : roundcube Vulnerability : design error Problem type : remote Debian-specific: no CVE ID : CVE-2013-6172 Debian Bug : 727668 It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the session parameter in...

Practico 13.9 Multiple Vulnerabilities

Summary Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely visual and fast fashion. Without programming knowledge. Description Practico suffers from multiple vulnerabilities including Cross-Site Scripting XSS, SQL Injection SQ...

ImpressPages CMS 3.6 - Multiple Cross-Site Scripting SQL Injection Vulnerabilities

ImpressPages CMS 3.6 - Multiple Cross-Site Scripting SQL Injection Vulnerabilities ImpressPages CMS v3.6 Multiple XSS/SQLi Vulnerabilities Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6 Summary: ImpressPages CMS is an open source web content managemen...

Debian DSA-2787-1 : roundcube - design error

It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the session parameter in steps/utils/savepref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing rand...