294 matches found
CVE-2009-4791
Multiple SQL injection vulnerabilities in Family Connections aka FCMS before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the 1 letter parameter to addressbook.php, 2 id parameter to recipes.php, 3 year parameter to register.php, 4 pollid parameter to home.php, and 5 email...
Zabbix < 1.8.2 SQLi Vulnerability
Zabbix is prone to an SQL injection SQLi vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...
Family Connections CMS 1.8.2 SQL Injection
Salvatore "drosophila" Fresta + Application: Family Connections + Version: = 1.8.2 + Website: http://www.familycms.com + Bugs: A Blind SQL Injection + Exploitation: Remote + Date: 1 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...
Gentoo Security Advisory GLSA 200611-18 (tin)
The remote host is missing updates announced in advisory GLSA 200611-18. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200507-10 (ruby)
The remote host is missing updates announced in advisory GLSA 200507-10. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
BigACE 1.8.2 - download.cmd.php Remote File Inclusion
BigACE 1.8.2 - download.cmd.php Remote File Inclusion source: https://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PH...
BigACE 1.8.2 - upload_form.php Remote File Inclusion
BigACE 1.8.2 - uploadform.php Remote File Inclusion source: https://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PHP...
BigACE 1.8.2 - 'download.cmd.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PHP code and execute it in the context of the webserver...
SPIP < 1.8.2-g SQL Injection and XSS Flaws
The remote web server has a PHP application that is affected by multiple flaws. Description: The remote host is running SPIP, an open-source CMS written in PHP. The remote version of this software is prone to SQL injection and cross site scripting attacks. An attacker could send specially crafted...
SPIP 1.8/1.9 - Multiple SQL Injections
source: https://www.securityfocus.com/bid/16458/info SPIP is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could allow an attacker to compromise...
MiniNukeSQL.txt
--Security Report-- Advisory: MiniNuke CMS System http://site/news.asp?Action=Print&hid=SQLQuery http://www.miniex.net/news.asp?Action=Print&hid=66%20union+select+0,sifre,0,0,0,0,0,0,0,0+from+members+where+uyeid=52 Columns of MEMBERS: uyeid = userid sifre = md5 password hash gsoru = secret...
MiniNuke <= 1.8.2 Multiple SQL Injection Vulnerabilities
Exploit for unknown platform in category web applications ======================================================== MiniNuke http://site/news.asp?Action=Print&hid=SQLQuery http://www.miniex.net/news.asp?Action=Print&hid=66%20union+select+0,sifre,0,0,0,0,0,0,0,0+from+members+where+uyeid=52 Columns ...
MiniNuke 1.8.2 - Multiple SQL Injections
Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: MiniNuke www.miniex.net Version: 1.8.2 and prior versions must be affected. About:Via this method remote attacker can inject SQL query to the news.asp --- How&Example: GET -...
MiniNuke <= 1.8.2 (news.asp hid) SQL Injection Exploit
Exploit for unknown platform in category web applications ====================================================== MiniNuke new Proto = "tcp", PeerAddr = $proxyAddr?"$proxyAddr":"$serv", PeerPort = $proxyPort?"$proxyPort":"80" || die "can't connect to: $serv\n";...