HiveMail 1.2.2/1.3 folders.update.php folderid Variable Arbitrary PHP Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/16591/info HiveMail is prone to multiple vulnerabilities. These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection. The PHP code-execution issues are the result ...

PHP classical bugs in phpBB allows remote code execution

Uninitialized PHP variables and ability to modify SQL query allow to execute code on server. Crossite scripting. Invalid NULL-byte handling leads to DoS...

Code injection in PHPGroupware

It's possible to inject PHP code and to modify SQL query...

CVE-2001-1226

AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database...

Модификация SQL-запроса в adrotate (SQL modification)

Возможно модифицировать SQL-запрос в CGI-приложении...

phpBB 1.4.2, Remote user is able to modify SQL query.

Hi, there is a a potential security problem in the current version 1.4.2 and previous versions of phpBB http://www.phpbb.com. A remote user is able to modify a string passed as a SQL query to the MySQL database. The problem exists in the file bbmemberlist.php. A string called $sortby is supplied...

Модификация SQL-запроса во многих модулях авторизации Apache, PAM и т.д.

Ввод пользователя не проверяется на наличие служебных символов SQL...

Дырка в postaci (SQL query modification)

недостаточная проверка ввода пользователя дает возможность модифицировать SQL-запрос...