1492 matches found
CVE-2008-7118
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, allowing remote attackers to obtain SQL query logs via a direct request for logs/cron.log. No remediation details are provided in the supplied documents; public exploit references exist bu...
CS-Cart 2.0.5 - 'reward_points.post.php' SQL Injection
source: https://www.securityfocus.com/bid/35936/info CS-Cart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data,...
Stack overflow
Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the 1 POP3, 2 SMTP, or 3 web component that triggers a long SQL query...
CVE-2009-2356
Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the 1 POP3, 2 SMTP, or 3 web component that triggers a long SQL query...
CVE-2009-2356
Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the 1 POP3, 2 SMTP, or 3 web component that triggers a long SQL query...
phpBugTracker 'include.php' SQL Injection Vulnerability
According to its version number, the remote version of phpBugTracker is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modi...
Oracle Database password weakness
Added: 05/12/2009 Background Oracle Database is a relational database solution available for multiple platforms. Problem The Oracle Database service has accounts with default or easily guessed passwords, which could allow an attacker to make unauthorized SQL queries. Resolution Set a strong...
Pligg CMS 9.9.0 - 'editlink.php' Blind SQL Injection
!/usr/bin/perl Pligg v9.9 Blind SQL Injection vuln: editlink.php? SQL Injection: magicquotes off This exploit is possible because the $id variable in checkurl.php is taken from the url and then used in an SQL query without being sanitized. by Rohit Bansal [email protected] www.Schap.Org...
SQL injection
Added: 04/10/2009 Background Structured Query Language SQL is the most common language understood by modern relational databases. Problem A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to inject arbitrary SQL commands via a speciall...
Acute Control Panel 1.0.0 RFI / SQL Injection
Acute Control Panel 1.0.0 RFI/SQL Injection Auth Bypass + Discovered By SirGod + www.mortal-team.org + www.h4cky0u.org + Remote File Inclusion Vulnerable code in container.php ----------------------------------------------------------- -----------------------------------------------------------...
PHPizabi 0.8 - 'notepad_body' SQL Injection
source: https://www.securityfocus.com/bid/34223/info PHPizabi is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data...
Chipmunk Guestbook Index.PHP SQL Injection Vulnerability
Chipmunk Guestbook is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying...
vBulletin 'admincalendar.php' SQL Injection Vulnerability
vBulletin is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlyin...
Fedora Update for php-pear-Structures-DataGrid-DataSource-MDB2 FEDORA-2007-0847
Check for the Version of php-pear-Structures-DataGrid-DataSource-MDB2 OpenVAS Vulnerability Test Fedora Update for php-pear-Structures-DataGrid-DataSource-MDB2 FEDORA-2007-0847 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This progr...
Joomla! / Mambo Component gigCalendar 1.0 - 'banddetails.php' SQL Injection
source: https://www.securityfocus.com/bid/33859/info The gigCalendar component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...
Oracle Database OLAP component ODCITABLESTART buffer overflow
Added: 02/06/2009 CVE: CVE-2008-3974 BID: 33177 OSVDB: 51347 Background The Online Analytical Processing OLAP component of Oracle Database is a set of stored procedures used for multi-dimensional analytical queries. Problem A buffer overflow vulnerability in the ODCITABLESTART function allows...
Oracle Database OLAP component ODCITABLESTART buffer overflow
Added: 02/06/2009 CVE: CVE-2008-3974 BID: 33177 OSVDB: 51347 Background The Online Analytical Processing OLAP component of Oracle Database is a set of stored procedures used for multi-dimensional analytical queries. Problem A buffer overflow vulnerability in the ODCITABLESTART function allows...
YapBB <= 1.2 (forumID) Blind SQL Injection Exploit
No description provided by source. --+++======================================================+++-- --+++====== YapBB = 1.2 Blind SQL Injection Exploit ======+++-- --+++======================================================+++-- !/usr/bin/perl use strict; use warnings; use IO::Socket; sub usage d...
Lootan - login.asp SQL Injection
Lootan - login.asp SQL Injection source: https://www.securityfocus.com/bid/33439/info Lootan is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
LinksPro - OrderDirection SQL Injection
LinksPro - OrderDirection SQL Injection source: https://www.securityfocus.com/bid/33305/info LinksPro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromis...