85 matches found
Snitz Forums 2000 SQL injection
The remote host is using Snitz Forum 2000 This version allow an attacker to execute stored procedures and non-interactive operating system commands on the system. The problem stems from the fact that the 'Email' variable in the register.asp module fails to properly validate and strip out maliciou...
CactuShop XSS and SQL injection flaws
The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in the script 'popuplargeimage.asp'. Successful exploitation of this issue may allow an...
Snitz Forums 2000 SQL injection
The remote host is using Snitz Forum 2000 which allows an attacker to execute stored procedures and non-interactive operating system commands on the system. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation
source: https://www.securityfocus.com/bid/5483/info Microsoft SQL Server 2000 uses an Agent which is responsible for restarting the SQL Server service, replication, and running scheduled jobs. Some of the jobs that the Agent executes have weak permissions, which could allow a user with low...
Microsoft SQL Server 2000 - sp_MScopyscript SQL Injection
Microsoft SQL Server 2000 - spMScopyscript SQL Injection source: https://www.securityfocus.com/bid/5309/info The Microsoft SQL Server 2000 spMScopyscript stored procedure does not sufficiently validate input before passing it to the xpcmdshell extended stored procedure. An attacker with the abili...