Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

48 matches found

Cvelist
Cvelistadded 2005/12/18 10:0 p.m.11 views

CVE-2005-4346

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was...

7AI score0.00396EPSS
Exploits1References4
CVE
CVEadded 2005/12/18 10:0 p.m.36 views

CVE-2005-4346

phpBB Blog 2.2.2 and earlier: A function in blog.php causes an invalid SQL query when the permalink parameter to index.php is cleansed to empty (non-digit chars stripped), leading to a SQL syntax error that leaks the full application pathname. This is not a true SQL injection in practice, but the...

5CVSS7.5AI score0.00396EPSS
Exploits1References4Affected Software1
securityvulns
securityvulnsadded 2005/11/15 12:0 a.m.28 views

SQL injection in phpWebThing 1.4.4

Vulnerable: phpWebThings 1.4.4 website : http://phpwebthings.org The bug in download.php ThE Exploit : http://www.target.com/download.php?file=|SQL ThE Error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'ord...

0.2AI score
Exploits0
exploitpack
exploitpackadded 2005/02/28 12:0 a.m.29 views

PostNuke Phoenix 0.7x - SHOW SQL Injection

PostNuke Phoenix 0.7x - SHOW SQL Injection source: https://www.securityfocus.com/bid/12684/info PostNuke Phoenix is reported prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. It is reported that issue presents itself when malicious...

8.6AI score
Exploits0
Exploit DB
Exploit DBadded 2004/03/20 12:0 a.m.40 views

Expinion.net Member Management System 2.1 - 'news_view.asp?ID' SQL Injection

source: https://www.securityfocus.com/bid/9931/info It has been reported that Member Management System may be prone to a SQL injection vulnerability that may allow a remote attacker to inject malicious SQL syntax into database queries. The problem is reported to exist in the 'ID' parameter...

7.4AI score
Exploits0
Exploit DB
Exploit DBadded 2003/12/27 12:0 a.m.17 views

PHP-Nuke 6.x/7.0 Survey Module - SQL Injection

source: https://www.securityfocus.com/bid/9305/info A vulnerability has been reported to exist in the Survey module of PHP-Nuke that may allow a remote attacker to inject malicious SQL syntax into database queries. The source of this issue is insufficient sanitization of user-supplied input. A...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2003/09/18 12:0 a.m.10 views

Mambo Site Server 4.0.14 - banners.php?bid SQL Injection

Mambo Site Server 4.0.14 - banners.php?bid SQL Injection source: https://www.securityfocus.com/bid/8647/info It has been reported that Mambo Open Source Server is prone to multiple input validation vulnerabilities that may allow remote attackers to inject malicious SQL syntax into database querie...

0.1AI score
Exploits0
securityvulns
securityvulnsadded 2002/04/17 12:0 a.m.41 views

ansi outer join syntax in Oracle allows access to any data

Hi all I thought this list may be interested in this issue, apologies if its known here already. Oracle 9i includes the new ANSI outer join syntax. Oracle still supports the old syntax but in the new syntax there is a serious security issue that allows any user to view any data. here is an exampl...

0.2AI score
Exploits0
Rows per page
Query Builder