42 matches found
[SECURITY] [DSA 2609-1] rails security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2609-1 [email protected] http://www.debian.org/security/ Florian Weimer January 16, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2609-1 (rails - SQL query manipulation)
An interpretation conflict can cause the Active Record component of Rails, a web framework for the Ruby programming language, to truncate queries in unexpected ways. This may allow attackers to elevate their privileges. OpenVAS Vulnerability Test $Id: deb2609.nasl 6611 2017-07-07 12:07:20Z cfisch...
Galette SQL Injection
Source: http://www.securityfocus.com/bid/53463/info Galette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, ...
SiT! Support Incident Tracker 3.64 XSS / CSRF / SQL Injection
Advisory Details: High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SiT! Support Incident Tracker, which can be exploited to perform SQL injection, cross-site scripting, cross-site request forgery attacks. 1 Input passed via the "start" GET parameter to...
LuxCal Web Calendar SQL Injection Vulnerability
LuxCal Web Calendar is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GateSoft Docusafe 'ECO.asp' SQL Injection Vulnerability
GateSoft Docusafe is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
QualDev eCommerce script - SQL Injection
==================================================== QualDev eCommerce script SQL injection vulnerability ==================================================== Exploit Title: QualDev eCommerce script SQL injection vulnerability Vendor: http://www.qualdev.com Date: 15.12.2010 Version: all version...
Joomla Component com_jquarks4s 1.0.0 Blind SQL Injection Vulnerability
Exploit for php platform in category web applications ====================================================================== Joomla Component comjquarks4s 1.0.0 Blind SQL Injection Vulnerability ====================================================================== JQuarks4s Joomla Component 1.0....
phpCheckZ 1.1.0 - Blind SQL Injection
phpCheckZ 1.1.0 - Blind SQL Injection phpCheckZ 1.1.0 Blind SQL Injection Vulnerability Name phpCheckZ Vendor http://www.phpcheckz.com Versions Affected 1.1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-10-19 X...
TaskFreak! < 0.6.4 Multiple Vulnerabilities
TaskFreak! is prone to multiple vulnerabilities. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
multicart-sql.txt
Indonesian Newhack Security Advisory ------------------------------------ MultiCart 1.0 Remote Blind SQL Injection Waktu : Sep 30 2007 02:00AM Software : MultiCart 1.0 Vendor : http://www.iscripts.com/multicart/ Ditemukan oleh : k1tk4t | http://newhack.org Lokasi : Indonesia ----...
MultiCart 1.0 Remote Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ================================================ MultiCart 1.0 Remote Blind SQL Injection Exploit ================================================ Indonesian Newhack Security Advisory ------------------------------------ MultiCart 1.0 Remo...
MultiCart 1.0 Remote Blind SQL Injection Exploit
No description provided by source. Indonesian Newhack Security Advisory ------------------------------------ MultiCart 1.0 Remote Blind SQL Injection Waktu : Sep 30 2007 02:00AM Software : MultiCart 1.0 Vendor : http://www.iscripts.com/multicart/ Ditemukan oleh : k1tk4t | http://newhack.org Lokas...
Plexum X5 SQL vuln.
Plexum X5 SQL vuln. Vuln. discovered by : r0t Date: 19 april 2006 vendorlink:http://www.plexum.com/network/ affected versions:X5 and previous orginal advisory:http://pridels.blogspot.com/2006/04/plexum-x5-sql-vuln.html Vuln. Description: Plexum contains a flaw that allows a remote sql injection...
CF_Nuke v4.6 Multiple vuln.
CFNuke v4.6 Multiple vuln. Vuln. dicovered by : r0t Date: 6 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/cfnuke-v46-multiple-vuln.html vendor:http://www.mycfnuke.com/ affected version:v4.6 and prior Product Description: CFNuke is a free easy-to-setup & easy-to-use open source...
Commodity Rentals 2.x "user_id" Sql inj.
Vuln. dicovered by : r0t Date: 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/commodity-rentals-2x-userid-sql-inj.html Vendor:http://www.commodityrentals.com/ affected version: 2.x and prior Product Description: CommodityRentals is the most comprehensive Online Rental Business...
Noahs Classifieds 1.21.3 - index.php SQL Injection
Noahs Classifieds 1.21.3 - index.php SQL Injection source: https://www.securityfocus.com/bid/14833/info Noah's Classifieds is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful exploitation could...
Outfront Spooky 2.x - Login SQL Query Manipulation Password
Outfront Spooky 2.x - Login SQL Query Manipulation Password source: https://www.securityfocus.com/bid/4661/info Spooky Login is a commerical web access control and account management software package. It is distributed and maintained by Outfront, and is designed for Microsoft IIS Webservers. Unde...
Outfront Spooky 2.x - Login SQL Query Manipulation Password
source: https://www.securityfocus.com/bid/4661/info Spooky Login is a commerical web access control and account management software package. It is distributed and maintained by Outfront, and is designed for Microsoft IIS Webservers. Under some circumstances, it may be possible for a remote user t...
Snitz Forums 2000 remote SQL query manipulation vulnerability
vulnerable ---------- Product : Snitz Forums 2000 Version : 3.3 3.3.01 3.3.02 3.3.03 last stable version Object : members.asp Class : Input validation error remote SQL query manipulation vulnerability Vendor-URL : http://forum.snitz.com/ Vendor-Status : informed, not patched Remote-Exploit : yes...