1303 matches found
Sql injection
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...
CVE-2007-3278
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...
Fusetalk SQL injection submission.
Greetings, I have found sql injection in FuseTalk 2.0 during a legitmate audit. Resending because I got MIME errors to [email protected]. I have exchanged emails with [email protected] who needed more information when I originally sent an email to [email protected] Operating...
wordpress -- XMLRPC SQL Injection
Secunia reports: Slappter has discovered a vulnerability in WordPress, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the "wp.suggestCategories" method in xmlrpc.php is not properly sanitised before being used in SQL queries. This can be exploited to...
CVE-2006-7034
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter...
CVE-2006-7034
CVE-2006-7034 corresponds to an SQL injection in the Super Link Exchange Script 1.0, specifically via the cat parameter in directory.php. The underlying flaw is unsanitized user input in the SQL query construction, enabling remote attackers to execute arbitrary SQL commands. The CVSS v2 base scor...
Ezboxx multiple vulnerabilities.
Ezboxx multiple vulnerabilities. Vulnerable version: Ezboxx Portal System Beta v 0.7.6 and below. The Ezboxx Portal System Beta v 0.7.6 and below versions are vulnerable to Cross-site scripting, Path disclosure and SQL Injection attacks. Cross-site scripting: ---------------------- Description:...
DMXReady Secure Login Manager 1.0 - '/applications/SecureLoginManager/inc_secureloginmanager.asp?sent' SQL Injection
source: https://www.securityfocus.com/bid/21788/info DMXReady Secure Login Manager is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise t...
DMXReady Secure Login Manager 1.0 - 'members.asp?sent' SQL Injection
source: https://www.securityfocus.com/bid/21788/info DMXReady Secure Login Manager is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise t...
UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ========================================================== UStore 1.0 detail.asp Remote SQL Injection Vulnerability ========================================================== Title : UStore 1.0 detail.asp Remote SQL Injection Vulnerability...
[KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities
KAPDA New advisory Vulnerable product : PacPoll = 4.0 Vendor: http://www.pacosdrivers.com/asp/poll/poll.asp Vulnerability: Admin Logon bypass , SQLInjection Date : -------------------- Found : 2006/10/10 Vendor Contacted : N/A Release Date : 2006/10/25 Vulnerabilities: -------------------- Admin...
PHP Event Calendar 4.2 - SQL Injection
source: https://www.securityfocus.com/bid/18593/info PHP Event Calendar is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise...
vCard PRO - search.php?event_id SQL Injection
vCard PRO - search.php?eventid SQL Injection source: https://www.securityfocus.com/bid/18699/info VCard PRO is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successfu...
vCard PRO - create.php?card_id SQL Injection
vCard PRO - create.php?cardid SQL Injection source: https://www.securityfocus.com/bid/18699/info VCard PRO is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful...
update Protection against osCommerce SQL Injection Vulnerability
A vulnerability has been identified in osCommerce, an online shopping cart application. The vulnerability can be exploited by attackers to manipulate SQL queries...
Cross site scripting
Cross-site scripting XSS vulnerability in the domysqlquery function in core.php for Open Searchable Image Catalogue OSIC before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message...
CVE-2006-2750
Cross-site scripting XSS vulnerability in the domysqlquery function in core.php for Open Searchable Image Catalogue OSIC before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message...
CVE-2006-2750
Cross-site scripting XSS vulnerability in the domysqlquery function in core.php for Open Searchable Image Catalogue OSIC before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message...
EvoTopsite 2.0 - 'index.php' Multiple SQL Injections
source: https://www.securityfocus.com/bid/17893/info evoTopsite is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploits could allow an attacker to compromi...
Creative Software UK Community Portal 1.1 - ArticleView.php?article_id SQL Injection
Creative Software UK Community Portal 1.1 - ArticleView.php?articleid SQL Injection source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize...