1339 matches found
CVE-2008-6077
SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a and earlier allows remote authenticated users to execute arbitrary SQL commands via the colpick parameter in a singleread action...
CVE-2008-6077
This CVE (CVE-2008-6077) affects LoudBlog versions up to 0.8.0a, where the vulnerability is in loudblog/ajax.php. The underlying issue is an SQL injection in the singleread action, exploitable via the colpick parameter, allowing remote authenticated users to execute arbitrary SQL commands. The pr...
OpenHelpDesk 1.0.100 - 'eval()' Code Execution (Metasploit)
$Id: phpeval.rb 5783 2008-10-23 02:43:21Z ramon $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Sql injection
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an expgetFeedContent action...
CVE-2008-3374
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an expgetFeedContent action...
CVE-2008-3374
CVE-2008-3374 afects Gregarius up to version 0.5.4: an SQL injection in ajax.php via the rsargs array in the __exp__getFeedContent action. This allows an unauthenticated, remote attacker to manipulate database queries in the application and potentially disclose data. The vulnerability is triggere...
Gregarius <= 0.5.4 rsargs[] Remote SQL Injection Vulnerability
No description provided by source. GulfTech Security Research July 29, 2008 Vendor : Marco Bonetti URL : http://www.gregarius.net/ Version : Gregarius = 0.5.4 Risk : SQL Injection Description: Gregarius is a popular web-based RSS/RDF/ATOM feed aggregator written in php. There are some SQL Injecti...
CVE-2008-2976
Multiple directory traversal vulnerabilities in TinX/cms 1.1, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 language parameter to a includeme.php, b admin/ajax.php, and c...
[waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3
waraxe-2007-SA050 - Sql Injection in WordPress 2.1.3 ==================================================================== Author: Janek Vind "waraxe" Date: 21. May 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-50.html Target software description: Vulnerable: WordPress 2.1.3...
WordPress check_ajax_referer() Function SQL Injection
The version of WordPress on the remote host fails to properly sanitize input to the 'cookie' parameter of the 'wp-admin/admin-ajax.php' script before using it in the 'checkajaxreferer' function in database queries. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated, remote attacker...
CVE-2007-2821
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...
CVE-2007-2821
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...
CVE-2007-2821
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...
Wordpress admin-ajax.php远程SQL注入漏洞
WordPress是一款免费的论坛Blog系统。 WordPress实现上存在输入验证漏洞,远程攻击者可能利用此漏洞执行SQL注入攻击非授权访问数据库。 WordPress的wp-admin/admin-ajax.php文件没有正确验证对cookie参数的输入。在wp-admin/admin-ajax.php的6行: ------------------source code---------------------- define'DOINGAJAX', true; checkajaxreferer; if !isuserloggedin die'-1';...
Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit
No description provided by source. ?php errorreportingEALL; $normdelay = 0; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // WordPress 2.1.3 "admin-ajax.php" sql injection blind fishing exploit //...
WordPress <= 2.1 - SQL Injection
Because of this vulnerability in wp-admin/admin-ajax.php,the attackers can execute arbitrary SQL commands via the "cookie" parameter. Solution Update WordPress...
WordPress < 2.1.4 'admin-ajax.php' SQLi
Binary data 3995.prm...
WordPress 2.1.3 - admin-ajax.php SQL Injection Blind Fishing
WordPress 2.1.3 - admin-ajax.php SQL Injection Blind Fishing ?php errorreportingEALL; $normdelay = 0; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // WordPress 2.1.3 "admin-ajax.php" sql injection...
Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit
Exploit for unknown platform in category web applications ================================================================== Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit ================================================================== ?php errorreportingEALL; $normdelay = ...