3945 matches found
CVE-2005-3951
Summary: There is a SQL injection vulnerability in PHP Labs Survey Wizard’s survey.php triggered by the sid parameter, allowing remote attackers to execute arbitrary SQL commands (root cause: unsanitized sid input). Impact: partial confidentiality, integrity, and availability (CVSSv2 base score 7...
CVE-2005-3944
The CVE-2005-3944 entry describes a SQL injection vulnerability in the SURVEY_ID parameter of survey.php in the ilyav Survey System 1.1 and earlier. The vulnerability allows remote attackers to execute arbitrary SQL commands and could lead to partial confidentiality and integrity or availability ...
CVE-2005-3944
SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEYID parameter...
CVE-2005-3944
SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEYID parameter...
CVE-2005-3951
SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter...
Survey System 1.1 - survey.php SQL Injection
Survey System 1.1 - survey.php SQL Injection source: https://www.securityfocus.com/bid/15641/info Survey System is prone to multiple SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
Survey System 1.1 SQL inj. vuln.
Survey System 1.1 SQL inj. vuln. Vuln. dicovered by : r0t Date: 29 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/survey-system-11-sql-inj-vuln.html Vendor:http://ilyav.net/?q=node/22 affected version:1.1 and prior Product Description: This extremely detailed Survey application ha...
Survey System 1.1 - 'survey.php' SQL Injection
source: https://www.securityfocus.com/bid/15641/info Survey System is prone to multiple SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of...
PHP Labs Survey Wizard - SQL Injection
PHP Labs Survey Wizard - SQL Injection source: https://www.securityfocus.com/bid/15551/info PHP Labs Survey Wizard is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
Survey Wizard "sid" SQL injection vuln.
Survey Wizard "sid" SQL injection vuln. Vuln. dicovered by : r0t Date 23 nov. 2005 Original advisory:http://pridels.blogspot.com/2005/11/survey-wizard-sid-sql-injection-vuln.html Vendor:http://www.phplabs.com/ Product link:http://www.phplabs.com/scripts.php?script=Survey20Wizard affected version:...
PHP Labs Survey Wizard - SQL Injection
source: https://www.securityfocus.com/bid/15551/info PHP Labs Survey Wizard is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise ...
CVE-2004-1837
Cross-site scripting XSS vulnerability in Modsurvey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings...
CVE-2004-1837
Cross-site scripting XSS vulnerability in Modsurvey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings...
"Content-Type" XSS vulnerability affecting other webmail systems
Roman Medina-Heigl Hernandez did a survey which other webmail systems where vulnerable to a bug he discovered in SquirrelMail. This advisory summarizes the results...
Mod_Survey security advisory: Script injection bug
This was published on the ModSurvey mailing list a few minutes ago. ModSurvey Security Advisory 2004-03-21, Script injection ABOUT MODSURVEY ---------------- ModSurvey is an Apache module which displays and handles questionnaires written in a special XML-based markup language. ModSurvey is...
PHP-Nuke 6.x7.0 Survey Module - SQL Injection
PHP-Nuke 6.x7.0 Survey Module - SQL Injection source: https://www.securityfocus.com/bid/9305/info A vulnerability has been reported to exist in the Survey module of PHP-Nuke that may allow a remote attacker to inject malicious SQL syntax into database queries. The source of this issue is...
CVE-2002-0614
PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server...
CVE-2002-0614
PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server...
CVE-2002-0614
PHP-Survey 20000615 and earlier is affected. The issue arises because the global.inc file is stored under the web root, allowing remote attackers to read sensitive information such as database credentials if .inc files are not preprocessed by the server. This is the underlying vulnerability in CV...
CVE-1999-0771
CVE-1999-0771 affects the web components of Compaq Management Agents and the Compaq Survey Utility , enabling a remote attacker to read arbitrary files via a .. (dot dot) path traversal in the web interface. The root cause is insufficient validation of file paths in the affected web components, r...