1492 matches found
WordPress Plugin mukioplayer4wp - cid SQL Injection
WordPress Plugin mukioplayer4wp - cid SQL Injection source: https://www.securityfocus.com/bid/62438/info mukioplayer4wp for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue coul...
WordPress Plugin mukioplayer4wp - 'cid' SQL Injection
source: https://www.securityfocus.com/bid/62438/info mukioplayer4wp for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...
CVE-2013-4995
Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...
CVE-2013-4995
Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...
CVE-2013-4995
Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...
Cross site scripting
Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...
CVE-2013-4995
Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...
MGASA-2013-0238 Updated phpmyadmin packages fix security vulnerabilities
Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...
XSS due to unescaped HTML Output when executing a SQL query.
PMASA-2013-8 Announcement-ID: PMASA-2013-8 Date: 2013-07-28 Updated: 2013-07-30 Summary XSS due to unescaped HTML Output when executing a SQL query. Description Using a crafted SQL query, it was possible to produce an XSS on the SQL query form. Severity We consider these vulnerabilities to be non...
RootPanel SQL Injection
============================================================ RootPanel All versions SQL injection/Account takeover. Discovery: AkaStep and CAMOUFL4G3 Vendor: http://www.rootpanel.ru/ ============================================================ What is RootPanel ? RootPanel is professional hosting...
WordPress Plugin WP Feed - nid SQL Injection
WordPress Plugin WP Feed - nid SQL Injection source: https://www.securityfocus.com/bid/60904/info WP Feed plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow...
Motion - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/60818/info Motion is prone to multiple security vulnerabilities including multiple buffer-overflow vulnerabilities, a cross-site scripting vulnerability and a cross-site request-forgery vulnerability. An attacker may exploit these issues to execute...
ScriptCase - scelta_categoria.php SQL Injection
ScriptCase - sceltacategoria.php SQL Injection source: https://www.securityfocus.com/bid/60461/info ScriptCase is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
MyMarket 1.72 bypass admin login & product_details blind sqli
Exploit for php platform in category web applications Exploit Title: MyMarket 1.72 bypass admin login & productdetails blind sqli Google Dork: intext:"MyMarket version 1.71" Tested on: Linux Bug finder & Exploit Coder:NEt Bomber http://fb.me/net.bomba Beside other sqli exploits found on exploits...
MetInfo 5.1 /message/access.php SQL注入漏洞
MetInfo是国内一款比较流行的企业网站管理系统,其5.1版本/message/access.php文件中的第12行代码处外界传入的变量$id直接拼接到SQL查询语句中,导致了SQL注入漏洞的产生。 MetInfo 5.1...
WordPress Plugin Spiffy XSPF Player - 'playlist_id' SQL Injection
source: https://www.securityfocus.com/bid/58976/info Spiffy XSPF Player plug-in for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
PostgreSQL Denial of Service Vulnerability (Apr 2013) - Windows
PostgreSQL is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2013-0678
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query...
CVE-2013-0676
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query...
Information disclosure
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query...