Scientific Linux Security Update : postgresql on SL4.x, SL5.x i386/x86_64

A stack-based buffer overflow flaw was found in the way PostgreSQL processed certain tokens from a SQL query when the intarray module was enabled on a particular database. An authenticated database user running a specially crafted SQL query could use this flaw to cause a temporary denial of servi...

Serendipity 'functions_trackbacks.inc.php' SQLi Vulnerability - Active Check

Serendipity is prone to an SQL injection SQLi vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Android Dr. Web Anti-Virus信息泄露漏洞

Android Dr.Web Anti-virus是一款基于安卓平台的杀毒软件。 当处理com.drweb.activities.antispam.CursorActivit类中的SQL查询时存在错误，可被利用泄露呼叫历史和SMS消息。 0 Dr.Web Anti-virus for Android 7.x 厂商解决方案 Dr.Web Anti-virus for Android 7.00.2已经修复此漏洞，建议用户下载使用： http://news.drweb.com/show/?c=5&i=2573&lng=en...

VANA CMS - 'index.php' Script SQL Injection

source: https://www.securityfocus.com/bid/54066/info VANA CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, o...

Joomla! Component JCal Pro Calendar - SQL Injection

source: https://www.securityfocus.com/bid/54042/info The JCal Pro Calendar component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

Blind SQL Injection in Webmatic

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Webmatic, which can be exploited to perform Blind SQL Injection attacks. 1 Blind SQL Injection in Webmatic: CVE-2012-3350 1.1 Input passed via the "Referer:" field of the HTTP header to index.php is not properly sanitised...

phpMyAdmin 2.11.x / 3.3.x < 2.11.11.3 / 3.3.9.2 SQL Query Bookmarks Arbitrary SQL Query Execution (PMASA-2011-02)

According to its self-identified version number, the phpMyAdmin install hosted on the remote web server allows creation of bookmarked SQL queries which could be unintentionally executed by other users. Note that successful exploitation of this vulnerability requires that phpMyAdmin configuration...

Galette SQL Injection

Source: http://www.securityfocus.com/bid/53463/info Galette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, ...

Joomla Estate Agent Component 'id' Parameter SQL Injection Vulnerability

This host is running Joomla The Estate Agent component and is prone to SQL injection vulnerability. OpenVAS Vulnerability Test $Id: gbjoomlacomestateagentsqlinjvuln.nasl 6022 2017-04-25 12:51:04Z teissa $ Joomla Estate Agent Component 'id' Parameter SQL Injection Vulnerability Authors: Madhuri D...

EasyPHP - &#039;main.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/52781/info EasyPHP is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modif...

ClassifiedsGeek.com Vacation Packages - listing_search SQL Injection

ClassifiedsGeek.com Vacation Packages - listingsearch SQL Injection source: https://www.securityfocus.com/bid/52637/info Vacation Packages is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit...

JPM Article Script 6 - &#039;page2&#039; SQL Injection

source: https://www.securityfocus.com/bid/52528/info JPM Article Script 6 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or...

SiT! Support Incident Tracker 3.64 XSS / CSRF / SQL Injection

Advisory Details: High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SiT! Support Incident Tracker, which can be exploited to perform SQL injection, cross-site scripting, cross-site request forgery attacks. 1 Input passed via the "start" GET parameter to...

Joomla XBall Component SQLi Vulnerability

Joomla XBall component is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Tribiq CMS - &#039;index.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/51614/info Tribiq CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

Snitz Forums 2000 - &#039;TOPIC_ID&#039; SQL Injection

source: https://www.securityfocus.com/bid/51596/info Snitz Forums 2000 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit will allow an attacker to compromise the application, access or modi...

MMORPG Zone - &#039;view_news.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/51532/info MMORPG Zone is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

Open Source MySQL Injection: sqlsus

sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the databases structure, inject your own SQL queries even complex ones, download files from the web server, crawl the website for writable directories, upload and control a...

Mandriva Update for phpmyadmin MDVSA-2011:198 (phpmyadmin)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CVE-2011-4634

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted database name, related to the Database Synchronize panel; 2 a crafted database name, related to the Database rename panel; 3 a crafted S...