CVE-2008-4573 – MunzurSoft Wep Portal W3 - 'kat' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4573
SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W3 allows remote attackers to execute arbitrary SQL commands via the kat parameter. Vulnerabilidad de inyección SQL en kategori.asp de MunzurSoft Wep Portal W3 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro kat. • https://www.exploit-db.com/exploits/6725 http://secunia.com/advisories/32238 http://securityreason.com/securityalert/4420 http://www.securityfocus.com/bid/31713 https://exchange.xforce.ibmcloud.com/vulnerabilities/45817 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-3888 – MiniNuke 2.1 - 'uid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-3888
SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a member_details action. Vulnerabilidad de inyección SQL en members.asp de Mini-NUKE Freehost 2.3, permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro uid en una acción member_details. • https://www.exploit-db.com/exploits/5187 http://www.securityfocus.com/archive/1/495743/100/0/threaded • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-3495 – Pcshey Portal - 'kategori.asp' SQL Injection
https://notcve.org/view.php?id=CVE-2008-3495
SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter. Vulnerabilidad de inyección SQL en kategori.asp de Pcshey Portal permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro kid. • https://www.exploit-db.com/exploits/32151 http://downloads.securityfocus.com/vulnerabilities/exploits/30534.pl http://www.securityfocus.com/bid/30534 https://exchange.xforce.ibmcloud.com/vulnerabilities/44213 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2008-2873 – shibby shop 2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2873
sHibby sHop 2.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request to Db/urun.mdb. sHibby sHop 2.2 y versiones anteriores, almacena información sensible bajo la raíz web con controles de acceso insuficientes, lo cual permite a atacantes remotos descargarse una base de datos a través de una petición directa a Db/urun.mdb. • https://www.exploit-db.com/exploits/5895 http://secunia.com/advisories/30787 https://exchange.xforce.ibmcloud.com/vulnerabilities/43296 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-2872 – shibby shop 2.2 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-2872
SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. Vulnerabilidad de inyección SQL en default.asp in sHibby sHop 2.2 y versiones anteriores, permite a atacantes remotos ejecutar comandos SQL arbitrariamente a través del parámetro sayfa. • https://www.exploit-db.com/exploits/5895 http://secunia.com/advisories/30787 http://www.securityfocus.com/bid/29875 https://exchange.xforce.ibmcloud.com/vulnerabilities/43295 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •