By Risk Score
By Publish Date
By Recent Activity
sql injection vulnerabilities and exploits
(subscribe to this query)
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to...
phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables....
phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which...
phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS variable with the same name, which causes phpBB to unset the GLOBALS variable but not the GPC...
Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the...
SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter....
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name....
1 EDB exploit available
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter....
SQL injection vulnerability in content.php in Mambo 126.96.36.199 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter....
1 EDB exploit available
SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors....
2 EDB exploits available
1 Metasploit module available
1 Nmap script available
18 Github repositories available
1 Article available