Oracle HTML DB 1.51.6 - f?p Cross-Site Scripting

Oracle HTML DB 1.51.6 - f?p Cross-Site Scripting source: https://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context...

Oracle HTML DB 1.5/1.6 - 'f?p=' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. An attacker can leverage...

CVE-2005-2778

SQL injection vulnerability in member.php in MyBulletinBoard MyBB allows remote attackers to execute arbitrary SQL statements via the fid parameter...

CVE-2004-2354

SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-site scripting XSS attacks when MySQL errors are triggered...

CVE-2004-2354

CVE-2004-2354 describes a SQL injection vulnerability in the 4nGuestbook 0.92 module used with PHP-Nuke 6.5–6.9. The flaw allows remote attackers to modify SQL statements via the entry parameter to modules.php, with the potential to trigger MySQL errors that may enable cross-site scripting (XSS)....

CVE-2005-2432

SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as 1 members or 2 admin...

CVE-2004-2266

SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter...

CVE-2004-2266

CVE-2004-2266 affects Ansel 2.1 and earlier. The issue is a SQL injection vulnerability that allows remote attackers to modify SQL statements via the image parameter. According to the provided data, the NVD CVSS v2.0 base score is 7.5 (HIGH) with network attack vector, low attack complexity, no a...

CVE-2005-2284

Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors...

CVE-2004-2240

Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via 1 the query string in read.php or 2 unknown vectors in file.php...

CVE-2004-2232

SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements...

CVE-2005-2206

Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the 1 idProduct parameter to tellAFriend.asp, 2 sortType parameter to viewSupportTickets.asp, or the id parameter to 3 updateCreditCards.asp or 4 deleteCreditCards.asp...

CVE-2005-2066

SQL injection vulnerability in commentpost.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter...

Invision Board < 2.0.5 Privilege Escalation / SQL Injection

Binary data 2942.prm...

CVE-2004-2056

SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter...

CVE-2004-2057

SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements...

CVE-2004-2057

CVE-2004-2057 affects ASPrunner, specifically version 2.4. The vulnerability is described as a SQL injection that would let remote attackers execute arbitrary SQL statements. The provided connected documents confirm the flaw exists in ASPrunner 2.4 and indicate multiple issues in older ASPrunner ...

Oracle 8.x/9.x/10.x Database - Multiple SQL Injections

source: https://www.securityfocus.com/bid/13144/info Oracle database is reported prone to multiple SQL injection vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data. These issues can be exploited using malformed PL/SQL statements to pass unauthorized SQL...

CVE-2005-1048

CVE-2005-1048 relates to a SQL injection in PostNuke 0.760 RC3, where the sid parameter in modules.php can be exploited remotely to run arbitrary SQL statements. The affected software is PostNuke (version 0.760 RC3 as cited; vendor reportedly could not reproduce issues for 0.760 RC3 or 0.750). Th...

CVE-2004-1608

SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation...