WordPress Plugin Ads Box - count SQL Injection

WordPress Plugin Ads Box - count SQL Injection source: https://www.securityfocus.com/bid/56681/info The Ads Box plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit thi...

WordPress Plugin Plg Novana - id SQL Injection

WordPress Plugin Plg Novana - id SQL Injection source: https://www.securityfocus.com/bid/56661/info The Plg Novana plugin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to...

WordPress Plugin Webplayer - id SQL Injection

WordPress Plugin Webplayer - id SQL Injection source: https://www.securityfocus.com/bid/56660/info The Webplayer plugin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to...

WordPress Theme Dailyedition-mouss - id SQL Injection

WordPress Theme Dailyedition-mouss - id SQL Injection source: https://www.securityfocus.com/bid/56568/info The Dailyedition-mouss theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attack...

WordPress Theme Dailyedition-mouss - 'id' SQL Injection

source: https://www.securityfocus.com/bid/56568/info The Dailyedition-mouss theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the applicatio...

WordPress Plugin Tagged Albums - 'id' SQL Injection

source: https://www.securityfocus.com/bid/56569/info The Tagged Albums plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the application,...

WordPress Plugin Eco-annu - eid SQL Injection

WordPress Plugin Eco-annu - eid SQL Injection source: https://www.securityfocus.com/bid/56479/info The Eco-annu plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit th...

WordPress Plugin PHP Event Calendar - 'cid' SQL Injection

source: https://www.securityfocus.com/bid/56478/info The PHP Event Calendar plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the...

WordPress Plugin FLV Player - id SQL Injection

WordPress Plugin FLV Player - id SQL Injection source: https://www.securityfocus.com/bid/56418/info The FLV Player plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit...

WordPress Plugin FLV Player - 'id' SQL Injection

source: https://www.securityfocus.com/bid/56418/info The FLV Player plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the application, acce...

WordPress Plugin foxypress 0.4.2.5 - Multiple Vulnerabilities

WordPress Plugin foxypress 0.4.2.5 - Multiple Vulnerabilities waraxe-2012-SA095 - Multiple Vulnerabilities in Wordpress FoxyPress Plugin =============================================================================== Author: Janek Vind "waraxe" Date: 30. October 2012 Location: Estonia, Tartu Web:...

VicBlog - Multiple SQL Injections

VicBlog - Multiple SQL Injections source: https://www.securityfocus.com/bid/56307/info VicBlog is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to...

Multiple vulnerabilities in OpenX

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in OpenX, which can be exploited to perform Cross-Site Scripting XSS and SQL Injection attacks. 1 Cross-Site Scripting XSS in OpenX: CVE-2012-4989 Input passed via the "parent" GET parameter to /www/admin/plugin-index.php ...

CVE-2010-4822

core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when the site is running in "live mode," allows remote attackers to obtain the SQL queries for a page via the showqueries and ajax parameters...

Scientific Linux Security Update : postgresql and postgresql84 on SL5.x, SL6.x i386/x86_64 (20120913)

It was found that the optional PostgreSQL xml2 contrib module allowed local files and remote URLs to be read and written to with the privileges of the database server when parsing Extensible Stylesheet Language Transformations XSLT. An unprivileged database user could use this flaw to read and...

XM Forum - search.asp SQL Injection

XM Forum - search.asp SQL Injection source: https://www.securityfocus.com/bid/55299/info XM Forum is prone to an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Tipask!2.0、1.4sql注入

简要描述： 之前也有人爆wps的sql注入，其实wps用的是这个系统 详细说明： 在control/question.php 的onajaxsearch函数中 function onajaxsearch $title = urldecode$this- get2; $questionlist = $ENV 'question'-searchtitle$title, 2, 1, 0, 5; include template'ajaxsearch' ; 由get2传入的参数经过了urldecode再进入到question模块中的searchtitle函数里。 //根据标题搜索问题...

NeoInvoice Blind SQL Injection

NeoInvoice is a multi-tenant open source invoicing system, that currently contains an unauthenticated blind SQL injection condition in signupcheck.php. The input for the value field isn't being properly sanitized, and is used in string concatenation to create the SQL query. See here for the...

YT-Videos Script - id SQL Injection

YT-Videos Script - id SQL Injection source: https://www.securityfocus.com/bid/54859/info YT-Videos Script is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromi...

Mibew Messenger 1.6.4 - 'threadid' SQL Injection

source: https://www.securityfocus.com/bid/54857/info Mibew Messenger is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify...