queries software vulnerabilities
vulnerabilities.aspcode.net
Searching queries software vulnerabilities
wwwthreads does not properly cleanse numeric da
privileges
|
wwwthreads
|
attackers
|
properly
|
queries
|
numeric
|
cleanse
|
forums
|
allows
|
remote
|
passed
|
names
|
table
|
which
|
gain
|
does
|
data
|
SQL
|
not
|
wwwthreads does not properly cleanse numeric data or table names that are passed to SQL queries, which allows remote attackers to gain privileges for wwwthreads forums.
SQL injection vulnerability in read.php3 and ot
vulnerability
|
injection
|
readphp3
|
scripts
|
Phorum
|
other
|
SQL
|
SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter.
The Postaci frontend for PostgreSQL does not pr
deletecontactphp
|
characters
|
PostgreSQL
|
semicolons
|
attackers
|
arbitrary
|
frontend
|
properly
|
Postaci
|
execute
|
program
|
queries
|
remote
|
filter
|
which
|
could
|
allow
|
such
|
does
|
not
|
SQL
|
via
|
The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program.
nss_postgresql 0.6.1 and before allows a remote
nss_postgresql
|
nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
AdCycle 1.17 and earlier allow remote attackers
AdCycle
|
AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database.
SQL injection vulnerability in bb_memberlist.ph
bb_memberlistphp
|
vulnerability
|
injection
|
phpBB
|
SQL
|
SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.
SQL injection vulnerability in the Calendar mod
vulnerability
|
demonstrated
|
phpWebSite
|
attackers
|
arbitrary
|
parameter
|
injection
|
Calendar
|
execute
|
queries
|
earlier
|
module
|
allows
|
remote
|
using
|
year
|
SQL
|
09x
|
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.
SQL injection vulnerability in pass_done.php fo
vulnerability
|
pass_donephp
|
PY-Membres
|
arbitrary
|
attackers
|
injection
|
parameter
|
execute
|
earlier
|
queries
|
allows
|
remote
|
email
|
SQL
|
via
|
SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter.
SQL injection vulnerability in search.php for I
vulnerability
|
attackers
|
arbitrary
|
searchphp
|
injection
|
parameter
|
Invision
|
execute
|
queries
|
allows
|
remote
|
Board
|
Forum
|
SQL
|
via
|
SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter.
SQL injection vulnerability in PostCalendar 4.0
vulnerability
|
PostCalendar
|
injection
|
SQL
|
SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries.
Multiple SQL injection vulnerabilities in Tunez
vulnerabilities
|
injection
|
arbitrary
|
attackers
|
120-pre2
|
Multiple
|
execute
|
queries
|
remote
|
before
|
Tunez
|
allow
|
SQL
|
Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow remote attackers to execute arbitrary SQL queries.
Secure Computing Corporation Sidewinder G2 6.1.
Corporation
|
Sidewinder
|
Computing
|
Secure
|
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries.
Kerio WinRoute Firewall before 6.0.9 uses infor
Firewall
|
WinRoute
|
before
|
Kerio
|
Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries in response to A queries, which allows remote attackers to poison the DNS cache or cause a denial of service (connection loss).
Gigafast router (aka CompUSA router) with the D
Gigafast
|
router
|
Gigafast router (aka CompUSA router) with the DNS proxy option enabled allows remote attackers to cause a denial of service via malformed DNS queries.
Dnsmasq before 2.21 allows remote attackers to
Dnsmasq
|
before
|
Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.
SQL injection vulnerability in sql.cls.php in I
vulnerability
|
sqlclsphp
|
injection
|
Board
|
SQL
|
SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php.
SQL injection vulnerability in password.php in
vulnerability
|
passwordphp
|
injection
|
PhpMyFaq
|
SQL
|
SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain adninistrator privileges via the user field.
The default configuration of ISC BIND, when con
configuration
|
information
|
delegation
|
additional
|
configured
|
attackers
|
recursive
|
arbitrary
|
addresses
|
provides
|
caching
|
service
|
default
|
queries
|
allows
|
remote
|
server
|
denial
|
cause
|
which
|
name
|
BIND
|
ISC
|
The default configuration of ISC BIND, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
The LDAP server (ns-slapd) in Sun Java System D
server
|
LDAP
|
The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 Patch4 and earlier and ONE Directory Server 5.1 and 5.2 allows remote attackers to cause a denial of service (crash) via malformed queries, probably malformed BER queries, which trigger a free of uninitialized memory locations.
** DISPUTED ** The proxy DNS service in Symant
Symantec
|
Security
|
DISPUTED
|
Gateway
|
service
|
proxy
|
DNS
|
** DISPUTED ** The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configuration does not proxy DNS queries received on the external interface.
Software vulnerabilities results 1 to 20 of 75
Page:
1
2
3
4
►