CVE-2002-0187

Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."...

CVE-2002-0571

Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax...

CVE-2002-2032

sqllayer.php in PHP-Nuke 5.4 and earlier does not restrict access to debugging features, which allows remote attackers to gain SQL query information by setting the sqldebug parameter to 1 index.php and 2 modules.php...

Ingenium Learning Management System 5.1/6.1 - Reversible Password Hash

source: https://www.securityfocus.com/bid/5970/info Ingenium Learning Management System uses a weak algorithm to hash user and administrative credentials. Passwords may be trivially obtained by reversing the password hash. An attacker must be able to gain unauthorized access to the password hashe...

Reset any user's password in VBZoom forums

Name: VBZoom Version Affected: tested on v1.01 maybe other version vulnerable also Severity: Critical Category: Password reset Vendor URL: http://www.vbzoom.com Author: hishhish [email protected] Date: discloused on 28th August 2002 Published at 8th oct 2002 Description VBZooM is bulletin...

CVE-2002-0571

Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax...

Ruslan Communications BodyBuilder - Authentication Bypass

Ruslan Communications BodyBuilder - Authentication Bypass source: https://www.securityfocus.com/bid/5008/info Ruslan Communications Builder is a tool designed to assist a user in creating a website. It allows for remote administration through a web interface, and is implemented in Java. Reportedl...

PHP classical bugs in phpBB allows remote code execution

Uninitialized PHP variables and ability to modify SQL query allow to execute code on server. Crossite scripting. Invalid NULL-byte handling leads to DoS...

Outfront Spooky 2.x - Login SQL Query Manipulation Password

source: https://www.securityfocus.com/bid/4661/info Spooky Login is a commerical web access control and account management software package. It is distributed and maintained by Outfront, and is designed for Microsoft IIS Webservers. Under some circumstances, it may be possible for a remote user t...

Outfront Spooky 2.x - Login SQL Query Manipulation Password

Outfront Spooky 2.x - Login SQL Query Manipulation Password source: https://www.securityfocus.com/bid/4661/info Spooky Login is a commerical web access control and account management software package. It is distributed and maintained by Outfront, and is designed for Microsoft IIS Webservers. Unde...

Snitz Forums 2000 remote SQL query manipulation vulnerability

vulnerable ---------- Product : Snitz Forums 2000 Version : 3.3 3.3.01 3.3.02 3.3.03 last stable version Object : members.asp Class : Input validation error remote SQL query manipulation vulnerability Vendor-URL : http://forum.snitz.com/ Vendor-Status : informed, not patched Remote-Exploit : yes...

Code injection in PHPGroupware

It's possible to inject PHP code and to modify SQL query...

CVE-2001-1226

AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database...

CVE-2001-1226

AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database...

Модификация SQL-запроса в adrotate (SQL modification)

Возможно модифицировать SQL-запрос в CGI-приложении...

phpBB 1.4.2, Remote user is able to modify SQL query.

Hi, there is a a potential security problem in the current version 1.4.2 and previous versions of phpBB http://www.phpbb.com. A remote user is able to modify a string passed as a SQL query to the MySQL database. The problem exists in the file bbmemberlist.php. A string called $sortby is supplied...

Модификация SQL-запроса во многих модулях авторизации Apache, PAM и т.д.

Ввод пользователя не проверяется на наличие служебных символов SQL...

Microsoft Index Server 2.0 - File Information / Full Path Disclosure

source: https://www.securityfocus.com/bid/3339/info The sqlqhit.asp sample file is used for performing web-based SQL queries. Malicious users could send specifically crafted HTTP request to an Internet Information Services server running Index Server to reveal path information, file attributes, a...

phpBB 1.4 - SQL Query Manipulation

phpBB 1.4 - SQL Query Manipulation source: https://www.securityfocus.com/bid/3142/info phpBB is free, open-source, easy-to-use web forums software. An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service...

phpBB 1.4 - SQL Query Manipulation

source: https://www.securityfocus.com/bid/3142/info phpBB is free, open-source, easy-to-use web forums software. An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service. This problem is due to improper...