Lucene search
K

3945 matches found

CVE
CVE
added 2005/12/01 11:0 a.m.45 views

CVE-2005-3951

Summary: There is a SQL injection vulnerability in PHP Labs Survey Wizard’s survey.php triggered by the sid parameter, allowing remote attackers to execute arbitrary SQL commands (root cause: unsanitized sid input). Impact: partial confidentiality, integrity, and availability (CVSSv2 base score 7...

7.5CVSS8.9AI score0.01211EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2005/12/01 11:0 a.m.49 views

CVE-2005-3944

The CVE-2005-3944 entry describes a SQL injection vulnerability in the SURVEY_ID parameter of survey.php in the ilyav Survey System 1.1 and earlier. The vulnerability allows remote attackers to execute arbitrary SQL commands and could lead to partial confidentiality and integrity or availability ...

7.5CVSS8.8AI score0.01162EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2005/12/01 11:0 a.m.17 views

CVE-2005-3944

SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEYID parameter...

8.4AI score0.01162EPSS
Exploits1References5
NVD
NVD
added 2005/12/01 6:3 a.m.12 views

CVE-2005-3944

SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEYID parameter...

7.5CVSS8.4AI score0.01162EPSS
Exploits1References5
NVD
NVD
added 2005/12/01 6:3 a.m.17 views

CVE-2005-3951

SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter...

7.5CVSS8.4AI score0.01211EPSS
Exploits0References4
exploitpack
exploitpack
added 2005/11/29 12:0 a.m.12 views

Survey System 1.1 - survey.php SQL Injection

Survey System 1.1 - survey.php SQL Injection source: https://www.securityfocus.com/bid/15641/info Survey System is prone to multiple SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...

8.6AI score
Exploits0
securityvulns
securityvulns
added 2005/11/29 12:0 a.m.47 views

Survey System 1.1 SQL inj. vuln.

Survey System 1.1 SQL inj. vuln. Vuln. dicovered by : r0t Date: 29 nov. 2005 orginal advisory:http://pridels.blogspot.com/2005/11/survey-system-11-sql-inj-vuln.html Vendor:http://ilyav.net/?q=node/22 affected version:1.1 and prior Product Description: This extremely detailed Survey application ha...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2005/11/29 12:0 a.m.22 views

Survey System 1.1 - 'survey.php' SQL Injection

source: https://www.securityfocus.com/bid/15641/info Survey System is prone to multiple SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/11/23 12:0 a.m.17 views

PHP Labs Survey Wizard - SQL Injection

PHP Labs Survey Wizard - SQL Injection source: https://www.securityfocus.com/bid/15551/info PHP Labs Survey Wizard is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...

Exploits0
securityvulns
securityvulns
added 2005/11/23 12:0 a.m.32 views

Survey Wizard "sid" SQL injection vuln.

Survey Wizard "sid" SQL injection vuln. Vuln. dicovered by : r0t Date 23 nov. 2005 Original advisory:http://pridels.blogspot.com/2005/11/survey-wizard-sid-sql-injection-vuln.html Vendor:http://www.phplabs.com/ Product link:http://www.phplabs.com/scripts.php?script=Survey20Wizard affected version:...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2005/11/23 12:0 a.m.28 views

PHP Labs Survey Wizard - SQL Injection

source: https://www.securityfocus.com/bid/15551/info PHP Labs Survey Wizard is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise ...

7AI score
Exploits0
Cvelist
Cvelist
added 2005/05/10 4:0 a.m.21 views

CVE-2004-1837

Cross-site scripting XSS vulnerability in Modsurvey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings...

5.8AI score0.01208EPSS
Exploits0References4
NVD
NVD
added 2004/12/31 5:0 a.m.15 views

CVE-2004-1837

Cross-site scripting XSS vulnerability in Modsurvey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings...

4.3CVSS5.8AI score0.01208EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2004/05/29 12:0 a.m.31 views

"Content-Type" XSS vulnerability affecting other webmail systems

Roman Medina-Heigl Hernandez did a survey which other webmail systems where vulnerable to a bug he discovered in SquirrelMail. This advisory summarizes the results...

6.8CVSS6.4AI score0.22528EPSS
Exploits1References4
securityvulns
securityvulns
added 2004/03/24 12:0 a.m.35 views

Mod_Survey security advisory: Script injection bug

This was published on the ModSurvey mailing list a few minutes ago. ModSurvey Security Advisory 2004-03-21, Script injection ABOUT MODSURVEY ---------------- ModSurvey is an Apache module which displays and handles questionnaires written in a special XML-based markup language. ModSurvey is...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2003/12/27 12:0 a.m.22 views

PHP-Nuke 6.x7.0 Survey Module - SQL Injection

PHP-Nuke 6.x7.0 Survey Module - SQL Injection source: https://www.securityfocus.com/bid/9305/info A vulnerability has been reported to exist in the Survey module of PHP-Nuke that may allow a remote attacker to inject malicious SQL syntax into database queries. The source of this issue is...

Exploits0
NVD
NVD
added 2002/06/18 4:0 a.m.11 views

CVE-2002-0614

PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server...

5CVSS6.5AI score0.02421EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/06/11 4:0 a.m.15 views

CVE-2002-0614

PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server...

6.5AI score0.02421EPSS
Exploits0References3
CVE
CVE
added 2002/06/11 4:0 a.m.56 views

CVE-2002-0614

PHP-Survey 20000615 and earlier is affected. The issue arises because the global.inc file is stored under the web root, allowing remote attackers to read sensitive information such as database credentials if .inc files are not preprocessed by the server. This is the underlying vulnerability in CV...

5CVSS6.9AI score0.02421EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2000/01/04 5:0 a.m.55 views

CVE-1999-0771

CVE-1999-0771 affects the web components of Compaq Management Agents and the Compaq Survey Utility , enabling a remote attacker to read arbitrary files via a .. (dot dot) path traversal in the web interface. The root cause is insufficient validation of file paths in the affected web components, r...

5CVSS7AI score0.06235EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder