HiveMail 1.2.21.3 - index.php $_SERVER[PHP_SELF] Cross-Site Scripting

HiveMail 1.2.21.3 - index.php $SERVERPHPSELF Cross-Site Scripting source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP...

HiveMail 1.2.2/1.3 - 'folders.update.php?folderid' Arbitrary PHP Command Execution

source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result of an input-validation error that...

HiveMail 1.2.2/1.3 - 'addressbook.update.php?contactgroupid' Arbitrary PHP Command Execution

source: https://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result of an input-validation error that...

OnePlug CMS - '/services/details.asp?Service_ID' SQL Injection

source: https://www.securityfocus.com/bid/16155/info OnePlug CMS is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could allow an attacker to...

ODFaq SQL inj. vuln.

ODFaq SQL inj. vuln. Vuln. discovered by : r0t Date: 18 dec. 2005 vendor:http://www.oodie.com/project/odfaq/ affected version: 2.1.0 and prior Product Description: PHP application that allows you to manage frequently asked questions. You can create/edit/delete entries using user-friendly web base...

PHPWebGallery 1.3.41.5.1 - picture.php SQL Injection

PHPWebGallery 1.3.41.5.1 - picture.php SQL Injection source: https://www.securityfocus.com/bid/15837/info PhpWebGallery is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit...

PHPWebGallery 1.3.4/1.5.1 - 'picture.php' SQL Injection

source: https://www.securityfocus.com/bid/15837/info PhpWebGallery is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application,...

CVE-2005-4149

Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages...

CVE-2005-4149

CVE-2005-4149 affects Lyris ListManager 8.8–8.9b, where remote attackers can trigger errors in TML scripts to leak sensitive data in diagnostic messages (installation path, SQL queries, product code). Impact is information disclosure via error messages exposed by normal requests to nonexistent pa...

Lore SQL inj. vuln.

Lore SQL inj. vuln. Vuln. dicovered by : r0t Date: 1 dec. 2005 Orginal advisory:http://pridels.blogspot.com/2005/12/lore-sql-inj-vuln.html Vendor:http://www.pineappletechnologies.com/products/lore/ affected version: Tested on 1.5.4 Product Description: Lore is a professional knowledge base...

CVE-2005-3829

index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service CPU consumption via an invalid category parameter, which causes a large number of SQL queries to be processed...

CVE-2005-3829

index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service CPU consumption via an invalid category parameter, which causes a large number of SQL queries to be processed...

APBoard - thread.php SQL Injection

APBoard - thread.php SQL Injection source: https://www.securityfocus.com/bid/15513/info APBoard is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before it is used in SQL queries. Successful exploitation could result in a compromise of...

APBoard - 'thread.php' SQL Injection

source: https://www.securityfocus.com/bid/15513/info APBoard is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before it is used in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or...

CVE-2002-2168

SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including functiondescribeitem1.inc.php...

WowBB <= 1.61 multiple flaws

According to its version, the remote installation of WowBB is 1.61 or older. Such versions are vulnerable to cross-site scripting and SQL injection attacks. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

SMB Registry : SQL7 Patches

The remote SQL server seems to be vulnerable to the SQL abuse vulnerability described in technet article Q256052. This problem allows an attacker who has to ability to execute SQL queries on this host to gain elevated privileges. OpenVAS Vulnerability Test $Id: smbmssql7.nasl 6056 2017-05-02...

Oracle 9iAS OWA UTIL access

Oracle 9iAS can provide access to the PL/SQL application OWAUTIL that provides web access to some stored procedures. These procuedures, without authentication, can allow users to access sensitive information such as source code of applications, user credentials to other database servers and run...

PHP-Nuke sql_debug Information Disclosure

In PHP-Nuke, the sqllayer.php script contains a debugging feature that may be used by attackers to disclose sensitive information about all SQL queries. Access to the debugging feature is not restricted to administrators. SPDX-FileCopyrightText: 2002 Alert4Web.com Some text descriptions might be...

Novell ZENworks Patch Management 6.0.52 - computersdefault.asp?Direction SQL Injection

Novell ZENworks Patch Management 6.0.52 - computersdefault.asp?Direction SQL Injection source: https://www.securityfocus.com/bid/15220/info ZENworks Patch Management is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize...