Searching sort software vulnerabilities

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.

Bugzilla |

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi.


Multiple SQL injection vulnerabilities in WowBB

vulnerabilities | injection | Multiple | Forum | WowBB | SQL |

Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.


SQL injection vulnerability in view_user.php in

vulnerability | view_userphp | injection | WowBB | SQL |

SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1.62 allows remote attackers to execute arbitrary SQL commands via the sort_by parameter.


Multiple directory traversal vulnerabilities in

vulnerabilities | overwrite | arbitrary | attackers | traversal | directory | Multiple | before | files | allow | YaMT | 05_2 | via |

Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options.


Multiple buffer overflows in YaMT before 0.5_2

attackers | arbitrary | overflows | Multiple | execute | buffer | before | allow | code | YaMT | 05_2 | via |

Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options.


Multiple SQL injection vulnerabilities in list.

vulnerabilities | injection | Multiple | Exhibit | listphp | Engine | SQL |

Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter.


SQL injection vulnerability in index.php in Noo

vulnerability | NooTopList | injection | indexphp | SQL |

SQL injection vulnerability in index.php in NooTopList 1.0.0 release 17 allows remote attackers to execute arbitrary SQL commands via the (1) o or (2) sort parameters.


The sort_offline function for texindex in texin

sort_offline | overwrite | arbitrary | temporary | function | texindex | texinfo | earlier | symlink | allows | attack | users | local | files | via |

The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.


tiki-view_forum_thread.php in TikiWiki 1.9.0 th

tiki-view_forum_threadphp | TikiWiki |

tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.


SQL injection vulnerability in messages.php in

vulnerability | messagesphp | PHP-Fusion | injection | SQL |

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp.


SQL injection vulnerability in CS-Cart 1.3.0 al

vulnerability | injection | CS-Cart | SQL |

SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.


SQL injection vulnerability in WowBB 1.65 allow

vulnerability | injection | WowBB | SQL |

SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. NOTE: the view_user.php/sort_by vector is already covered by CVE-2005-1554 and CVE-2004-2181.


Multiple SQL injection vulnerabilities in the m

vulnerabilities | injection | Multiple | manage | page | user | SQL |

Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.


Cross-site scripting (XSS) vulnerability in neo

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 allows remote attackers to inject arbitrary web script or HTML via the sort parameter. NOTE: some sources say that the affected parameter is "date," but the demonstration URL shows that it is "sort".


Cross-site scripting (XSS) vulnerability in cal

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in KCScripts Calendar, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the sort_order parameter.


Cross-site scripting (XSS) vulnerability in vie

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter.


users/index.php in Bitweaver 1.3 allows remote

users/indexphp | installation | information | sort_mode | sensitive | parameter | Bitweaver | attackers | resultant | database | message | reveals | invalid | obtain | remote | allows | which | error | path | via |

users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message.


SQL injection vulnerability in propview.php in

vulnerability | propviewphp | attackers | arbitrary | parameter | injection | commands | earlier | execute | remote | Realty | allows | 29-07 | sort | Free | SQL | via |

SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.


SQL injection vulnerability in modules/messages

modules/messages/indexphp | vulnerability | injection | exV2 | SQL |

SQL injection vulnerability in modules/messages/index.php in exV2 2.0.4.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.


Software vulnerabilities results 1 to 20 of 58     
Page: 123