1432 matches found
PostNuke PNPHPBB2 Module Index.PHP SQL注入漏洞
PNphpBB是一款基于PHP的WEB应用程序。 PNphpBB不正确过滤用户提交的输入,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 问题是'Index.PHP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息。 PNphpBB PNphpBB 1.2 g PNphpBB PNphpBB 1.2 f PNphpBB PNphpBB 1.2 目前没有解决方案提供: http://www.pnphpbb.com/modules.php?op=modload&name=ForumNews&file=index...
CPCommerce 1.1 - 'manufacturer.php' SQL Injection
source: https://www.securityfocus.com/bid/24223/info cpCommerce is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...
Thyme Calendar 1.3 Remote SQL Injection Vulnerability
No description provided by source. Thyme Calendar 1.3 SQL Vulnerability Exploit by Warlord codehook.110mb.com ------------------------------------------------------------------- OVERVIEW AND DEFINITION --------------------------...
Thyme Calendar 1.3 Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ===================================================== Thyme Calendar 1.3 Remote SQL Injection Vulnerability ===================================================== Thyme Calendar 1.3 SQL Vulnerability Exploit by Warlord...
Thyme Calendar 1.3 - SQL Injection
Thyme Calendar 1.3 SQL Vulnerability Exploit by Warlord codehook.110mb.com ------------------------------------------------------------------- OVERVIEW AND DEFINITION ------------------------------------------------------------------- A vulnerability in exists in Thyme Calendar 1.3 and possibly...
Thyme Calendar 1.3 - SQL Injection
Thyme Calendar 1.3 - SQL Injection Thyme Calendar 1.3 SQL Vulnerability Exploit by Warlord codehook.110mb.com ------------------------------------------------------------------- OVERVIEW AND DEFINITION ------------------------------------------------------------------- A vulnerability in exists i...
WF-Quote 1.0 Xoops Module - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/23845/info The WF-Quote module for the Xoops CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
pnflash-sql.txt
============================================================ PostNuke pnFlashGames Module v1.5 REmote SQL Injection ============================================================ Bulan: xoron xoron.biz + Love's the funeral of hearts The funeral of hearts And a plea for mercy When love is a gun...
E-Annu - home.php SQL Injection
E-Annu - home.php SQL Injection source: https://www.securityfocus.com/bid/23727/info E-Annu is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
Particle Blogger 1.2.1 - Archives.php SQL Injection
Particle Blogger 1.2.1 - Archives.php SQL Injection source: https://www.securityfocus.com/bid/24232/info Particle Blogger is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
PHPKit 1.6.1 - 'comment.php' SQL Injection
source: https://www.securityfocus.com/bid/21962/info PHPKIT is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modi...
Shopstorenow E-Commerce Shopping Cart - 'Orange.asp' SQL Injection
source: https://www.securityfocus.com/bid/21905/info Shopstorenow E-commerce Shopping Cart is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise...
PHPMyRing <= 4.2.0 (view_com.php) Remote SQL Injection Exploit
No description provided by source. Title: PHPMyRing's viewcom.php Remote SQL injection Exploit Vendor: phpmyring webiste : http://phpmyring.sourceforge.net/ Version : = 4.2.0 Severity: Critical Discovered by: Simo64 simo64atmorxorg Exploit writting by: Simo Ben youssef simoatmorxorg Discovered: 0...
UApplication Uguestbook 1.0 - index.asp SQL Injection
UApplication Uguestbook 1.0 - index.asp SQL Injection source: https://www.securityfocus.com/bid/21426/info Uapplication Uguestbook is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...
Enthrallweb eClassifieds - 'dirSub.asp?sid' SQL Injection
source: https://www.securityfocus.com/bid/21192/info eClassifieds is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access ...
etm_0612_sqlinj.pl.txt
!/usr/bin/perl -w use IO::Socket; use strict; Etomite CMS "id" SQL Injection Version: 0.6.1.2 Url: http://www.etomite.org Author : Alfredo Pesoli 'revenge' Description: The "id" parameter isn't properly sanitised before being returned in sql query and can be used to inject craft SQL queries, we c...
Dragon Internet Events Listing 2.0.01 - 'event_searchdetail.asp?ID' SQL Injection
source: https://www.securityfocus.com/bid/21098/info Dragon Event Listing is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...
Yener Haber Script 1.02.0 - SQL Injection
Yener Haber Script 1.02.0 - SQL Injection source: https://www.securityfocus.com/bid/20333/info Yener Haber Script is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful...
Yener Haber Script 1.0/2.0 - SQL Injection
source: https://www.securityfocus.com/bid/20333/info Yener Haber Script is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromis...
CVE-2006-4960
Cross-site scripting XSS vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query...