minute software vulnerabilities
vulnerabilities.aspcode.net
Searching minute software vulnerabilities
Multiple "potential" SQL injection vulnerabilit
vulnerabilities
|
"potential"
|
DCP-Portal
|
injection
|
Multiple
|
SQL
|
Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via (1) the password and username parameters in advertiser.php, (2) the aid parameter in announcement.php, (3) the dcp5_member_id, year, agid, day, day_s, hour, minute, month, month_s, and year_s parameters in calendar.php, (4) the cid parameter in contents.php, (5) the dcp5_member_id parameter in forums.php, (6) the bid parameter in go.php, (7) the lid parameter in golink.php, (8) the dcp5_member_id and mid parameters in inbox.php, (9) the catid, dcat, and dl parameters in index.php, (10) the dcp5_member_id in informer.php, (11) the nid parameter in news.php, (12) the type and rate parameters in rate.php, (13) the q parameter in search.php, and (14) the dcp5_member_id in update.php. NOTE: other vectors in the PHP-CHECKER report are also covered by CVE-2005-3365 and CVE-2005-0454.
** DISPUTED ** Multiple SQL injection vulnerab
vulnerabilities
|
userscriptphp
|
arbitrary
|
injection
|
attackers
|
Multiple
|
commands
|
DISPUTED
|
earlier
|
execute
|
remote
|
Minute
|
Green
|
allow
|
via
|
SQL
|
** DISPUTED ** Multiple SQL injection vulnerabilities in userscript.php in Green Minute 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) huserid, (2) pituus, or (3) date parameters. NOTE: this issue has been disputed by the vendor, saying "those parameters mentioned ARE checked (preg_match) before they are used in SQL-query... If someone decided to add SQL-injection stuff to certain parameter, they would see an error text, but only because _nothing_ was passed inside that parameter (to MySQL-database)." As allowed by the vendor, CVE investigated this report on Thursday, May 25, 2006 and found that the demo site demonstrated a non-sensitive SQL error when given standard SQL injection manipulations.
Software vulnerabilities results 1 to 3 of 3
Page:
1