Vulmon Recent Vulnerabilities Trends Blog About Contact

sql injection vulnerabilities and exploits

(subscribe to this query)

4.3
CVSSv2
CVE-2010-1644
Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to...
7.5
CVSSv2
CVE-2016-4999
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set...
7.5
CVSSv2
CVE-2005-1525
SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter....
5
CVSSv2
CVE-2005-3537
A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs....
7.5
CVSSv2
CVE-2005-3536
SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type....
7.5
CVSSv2
CVE-2005-3420
usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement....
7.5
CVSSv2
CVE-2005-3419
SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized....
7.5
CVSSv2
CVE-2005-3417
phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables....
7.5
CVSSv2
CVE-2005-3416
phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which...
7.5
CVSSv2
CVE-2005-3415
phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
cpanelLFICVE-2020-26101cross-site scriptingdosCVE-2020-25223CVE-2020-1895CVE-2020-25747CVE-2020-15802CVE-2020-25134