1492 matches found
SQLite Browser 2.0b1 - Local Denial of Service
SQLite Browser 2.0b1 - Local Denial of Service Exploit Title: SQLite Browser 2.0b1 Local DoS Vulnerability Author: Nishant Das Patnaik Tested on: Windows XP SP2/SP3 x86, Vista x86, Windows 7 x64 Code : A specially crafted SQL file query can cause the the application to freeze and finally crash. T...
SQLite Browser 2.0b1 - Local Denial of Service
Exploit Title: SQLite Browser 2.0b1 Local DoS Vulnerability Author: Nishant Das Patnaik Tested on: Windows XP SP2/SP3 x86, Vista x86, Windows 7 x64 Code : A specially crafted SQL file query can cause the the application to freeze and finally crash. The bug is the SQL query processor engine, it...
Joomla! Component com_rsgallery2 2.0 - 'catid' SQL Injection
source: https://www.securityfocus.com/bid/38009/info The 'comrsgallery2' component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
HAWHAW - 'newsread.php' SQL Injection
source: https://www.securityfocus.com/bid/39978/info HAWHAW is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, ...
FreePBX 2.5.1 - SQL Injection
FreePBX 2.5.1 - SQL Injection Advisory Name: SQL injection in FreePBX 2.5.1 Internal Cybsec Advisory Id: 2010-0103 Vulnerability Class: SQL injection Release Date: 15/01/2010 Affected Applications: Confirmed in FreePBX 2.5.1. Other versions may also be affected. Affected Platforms: Any running...
PonVFTP - login.php SQL Injection
PonVFTP - login.php SQL Injection source: https://www.securityfocus.com/bid/40608/info PonVFTP is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
PonVFTP - 'login.php' SQL Injection
source: https://www.securityfocus.com/bid/40608/info PonVFTP is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data,...
Joomla! Component DM Orders - id SQL Injection
Joomla! Component DM Orders - id SQL Injection source: https://www.securityfocus.com/bid/37655/info The DM Orders component for Joomla! is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue...
Code injection
Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service instance crash by compiling a SQL query...
iGaming CMS v1.5 CSRF Vulnerability
Exploit for unknown platform in category web applications =================================== iGaming CMS v1.5 CSRF Vulnerability =================================== NeX of the HackTalk team has found a CSRF Vulnerability in iGaming CMS v 1.5 that allows an attacker to make new administrative...
CyberCMS - faq.php SQL Injection
CyberCMS - faq.php SQL Injection source: https://www.securityfocus.com/bid/39698/info Cyber CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
CyberCMS - 'faq.php' SQL Injection
source: https://www.securityfocus.com/bid/39698/info Cyber CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...
CubeCart 'productId' SQL Injection Vulnerability
CubeCart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying...
Oracle Database Server SQL Query Directory Traversal (CVE-2005-0701)
The Oracle UTLFILE package is a set of PL/SQL procedures that allow a database user to manipulate files on the server. Supported operations include: read, write, rename, and remove. The files that are available to users are restricted to directories that have been specified in the utlfiledir...
RunCMS 2ma post.php SQL injection
Exploit for unknown platform in category web applications ================================= RunCMS 2ma post.php SQL injection ================================= query$sql redirectheader"index.php", 2, MDCANTGETFORUM; exit; ... 'forum' variable is taken from $POST array and inserted in a sql query...
[ONSEC-09-010] Undersky CMS SQL injection
ONSEC-09-010 Undersky CMS SQL injection Цель: Undersky CMS http://www.undersky.ru Тип: SQL инъекция Угроза: Высокая Дата обнаружения: 03.07.2009 Дата оповещения разработчика: 03.07.2009 Дата выхода исправления: 05.07.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описани...
Vastal I-Tech Agent Zone - view_listing.php SQL Injection
Vastal I-Tech Agent Zone - viewlisting.php SQL Injection source: https://www.securityfocus.com/bid/36503/info Agent Zone is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...
Improper access control
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log...
CVE-2008-7118
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log...
CVE-2008-7118
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log...