Searching quotes software vulnerabilities

SQL injection vulnerability in login.php for ph

vulnerability | injection | loginphp | phpGB | SQL |

SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.


The id3tag_sort function in id3tag.c for YAMT 0

id3tag_sort | attackers | arbitrary | function | commands | execute | id3tagc | double | Artist | quotes | remote | allows | file | YAMT | tag | via | MP3 |

The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag.


The _writeAttrs function in SafeHTML before 1.3

_writeAttrs | SafeHTML | function | before |

The _writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting (XSS) vulnerabilities in applications that rely on SafeHTML for protection.


SQL injection vulnerability in UseBB 0.5.1 and

vulnerability | injection | UseBB | SQL |

SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search function.


Microsoft Internet Explorer 5.2.3 for Mac OS al

Microsoft | Explorer | Internet |

Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI.


SQL injection vulnerability in news.php for Uto

vulnerability | injection | newsphp | Utopia | News | Pro | SQL |

SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary SQL via the newsid parameter.


merchants/index.php in Post Affiliate Pro 2.0.4

merchants/indexphp | Affiliate | Post | Pro |

merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability.


Unspecified vulnerability in Mambo 4.5 (1.0.0)

vulnerability | Unspecified | Mambo |

Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.


SQL injection vulnerability in OcoMon 1.21, and

vulnerability | injection | OcoMon | SQL |

SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662.


SQL injection vulnerability in index.php in Blo

magic_quotes_gpc | authentication | vulnerability | parameter | attackers | arbitrary | injection | indexphp | commands | username | disbled | BlogPHP | execute | action | allows | bypass | remote | login | via | SQL |

SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disbled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.


SQL injection vulnerability in login.php in min

gpc_magic_quotes | authentication | vulnerability | miniBloggie | injection | attackers | arbitrary | commands | disabled | loginphp | execute | earlier | bypass | allows | remote | via | SQL |

SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters.


SQL injection vulnerability in the NS-Languages

vulnerability | NS-Languages | injection | PostNuke | module | SQL |

SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php.


SQL injection vulnerability in CyBoards PHP Lit

vulnerability | injection | CyBoards | Lite | PHP | SQL |

SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to (1) post.php and possibly (2) process_post.php.


Multiple SQL injection vulnerabilities in DSDow

magic_quotes_gpc | vulnerabilities | DSDownload | attackers | injection | arbitrary | commands | disabled | Multiple | execute | remote | allow | via | SQL |

Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php.


SQL injection vulnerability in index.php in DSC

magic_quotes_gpc | X-Forwarded-For | vulnerability | injection | arbitrary | attackers | DSCounter | commands | indexphp | disabled | execute | allows | remote | field | SQL | via |

SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.


SQL injection vulnerability in DSLogin 1.0, wit

magic_quotes_gpc | authentication | vulnerability | $log_userid | attackers | arbitrary | injection | commands | variable | disabled | DSLogin | execute | allows | remote | bypass | SQL | via |

SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php.


Multiple SQL injection vulnerabilities in akoco

magic_quotes_gpc | vulnerabilities | akocommentphp | AkoComment | arbitrary | attackers | injection | disabled | commands | Multiple | execute | remote | module | allow | Mambo | via | SQL |

Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) acname or (2) contentid parameter.


SQL injection vulnerability in functions/final_

functions/final_functionsphp | vulnerability | injection | Lemon | VSNS | SQL |

SQL injection vulnerability in functions/final_functions.php in VSNS Lemon 3.2.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.


SQL injection vulnerability in authcheck.php in

magic_quotes_gpc | vulnerability | warforgeNEWS | authcheckphp | arbitrary | attackers | injection | commands | disabled | execute | remote | allows | via | SQL |

SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) authusername and possibly the (2) authpassword cookie.


SQL injection vulnerability in inc/elementz.php

magic_quotes_gpc | inc/elementzphp | vulnerability | arbitrary | attackers | parameter | injection | AliPAGER | disabled | commands | execute | allows | remote | ubild | SQL | via |

SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the ubild parameter.


Software vulnerabilities results 1 to 20 of 90     
Page: 12345