Vulmon
Recent Vulnerabilities
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
sql injection vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2005-3310
Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the...
Phpbb Group
Phpbb
7.5
CVSSv2
CVE-2005-3536
SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type....
Phpbb Group
Phpbb
7.5
CVSSv2
CVE-2005-3420
usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement....
Phpbb Group
Phpbb
5
CVSSv2
CVE-2005-3537
A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs....
Phpbb Group
Phpbb
4.3
CVSSv2
CVE-2005-3418
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to...
Phpbb Group
Phpbb
7.5
CVSSv2
CVE-2005-3417
phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables....
Phpbb Group
Phpbb
7.5
CVSSv2
CVE-2005-3416
phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which...
Phpbb Group
Phpbb
7.5
CVSSv2
CVE-2005-3415
phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC...
Phpbb Group
Phpbb
7.5
CVSSv2
CVE-2010-0400
SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username....
Mahara
7.5
CVSSv2
CVE-2006-1804
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter....
Phpmyadmin
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
maximo asset management
CVE-2020-6291
disclosure management
CVE-2020-15105
CVE-2020-4511
application delivery controller firmware
qradar security information and event manager
CVE-2020-10045
CVE-2020-8196
client side
insecure direct object reference
wireless
CVE-2020-5902
« PREV
1
2
3
4
5
6
7
8
NEXT »
Vulmon