1492 matches found
Nelogic Nephp Publisher 4.5.2 - SQL Injection
Nelogic Nephp Publisher 4.5.2 - SQL Injection source: https://www.securityfocus.com/bid/15584/info Nelogic Nephp Publisher is prone to SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query...
Geeklog 1.4.x Full Path Disclosure vuln.
Geeklog 1.4.x Full Path Disclosure vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/geeklog-14x-full-path-disclosure-vuln.html Vendor:http://www.geeklog.net/ affected version:1.4.0 Beta 1 and prior Product Description: Geeklog is a Web Portal...
Zainu 2.x SQL inj. vuln.
Zainu 2.x SQL inj. vuln. Vuln. dicovered by : r0t Date: 28 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/zainu-2x-sql-inj-vuln.html Vendor:http://www.zainu.com affected version: 2.x and prior Product Description: Zainu lets you create and maintain professional music videos websit...
BerliOS SourceWell 1.1.3 - SQL Injection
source: https://www.securityfocus.com/bid/15586/info BerliOS SourceWell is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of t...
DRZES HMS 3.2 Multiple vuln.
DRZES HMS 3.2 - Hosting Management System -multiple SQL inj. vuln. and XSS vuln. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html Vendor:http://drzes.com/ affected version:3.2 and prior Product description: Increase...
CVE-2005-3799
phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path...
CVE-2005-3799
phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path...
CVE-2005-3799
phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path...
DeskLance Vuln.
DeskLance Vuln. Vuln. dicovered by : r0t Date: 24 nov. 2005 Orginal advsiory:http://pridels.blogspot.com/2005/11/desklance-vuln.html Vendor:http://www.desklance.com/ affected version: 2.3 and prior Vuln. description: Input passed to the "main" parameter in "index.php" isn't properly verified,...
Orca Forum 4.3 - 'forum.php' SQL Injection
source: https://www.securityfocus.com/bid/15565/info Orca Forum is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...
Commodity Rentals 2.x "user_id" Sql inj.
Vuln. dicovered by : r0t Date: 23 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/commodity-rentals-2x-userid-sql-inj.html Vendor:http://www.commodityrentals.com/ affected version: 2.x and prior Product Description: CommodityRentals is the most comprehensive Online Rental Business...
PHP Labs Survey Wizard - SQL Injection
PHP Labs Survey Wizard - SQL Injection source: https://www.securityfocus.com/bid/15551/info PHP Labs Survey Wizard is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
Wizz Forum - forumreply.php?TopicID SQL Injection
Wizz Forum - forumreply.php?TopicID SQL Injection source: https://www.securityfocus.com/bid/15410/info Wizz Forum is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query...
Wizz Forum - 'forumreply.php?TopicID' SQL Injection
source: https://www.securityfocus.com/bid/15410/info Wizz Forum is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise o...
[Full-disclosure] phpBB 2.0.18 SQL Query problem
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 phpBB 2.0.18 SQL Query problem cXIb8O3.19 Author: Maksymilian Arciemowicz cXIb8O3 Date: 11.11.2005 from securityreason.com TEAM - --- 0.Description --- phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin boar d packag...
Sql injection in ibProArcade
Sql injection in ibProArcade. This bug was discoverd in all of the versions of ibproarcade 2.x. It was tested and found perfectly working under vBulettin or Invision power board. Date:2005-11-5 The injection is here: module=report&user=userid Query: 'SELECT name FROM ibfmembers WHERE id=userid'...
JPortal Web Portal 2.2.12.3.1 - comment.php SQL Injection
JPortal Web Portal 2.2.12.3.1 - comment.php SQL Injection source: https://www.securityfocus.com/bid/15324/info JPortal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being used in an SQL query. Successful exploitati...
JPortal Web Portal 2.2.1/2.3.1 - 'news.php' SQL Injection
source: https://www.securityfocus.com/bid/15324/info JPortal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being used in an SQL query. Successful exploitation could result in a compromise of the application,...
SQLQHit Directory Structure Disclosure
The Sample SQL Query CGI is present. The sample allows anyone to structure a certain query that would retrieve the content of directories present on the local server. OpenVAS Vulnerability Test $Id: sqlqhitinformationdisclosure.nasl 5786 2017-03-30 10:08:58Z cfi $ Description: SQLQHit Directory...
CactuShop XSS and SQL injection flaws
The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in the script 'popuplargeimage.asp'. Successful exploitation of this issue may allow an...