Lucene search
K

1339 matches found

Cvelist
Cvelist
added 2009/02/06 11:0 a.m.20 views

CVE-2008-6077

SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a and earlier allows remote authenticated users to execute arbitrary SQL commands via the colpick parameter in a singleread action...

7.9AI score0.00856EPSS
Exploits1References4
CVE
CVE
added 2009/02/06 11:0 a.m.49 views

CVE-2008-6077

This CVE (CVE-2008-6077) affects LoudBlog versions up to 0.8.0a, where the vulnerability is in loudblog/ajax.php. The underlying issue is an SQL injection in the singleread action, exploitable via the colpick parameter, allowing remote authenticated users to execute arbitrary SQL commands. The pr...

6.5CVSS8.2AI score0.00856EPSS
Exploits1References4Affected Software1
Exploit DB
Exploit DB
added 2009/02/02 12:0 a.m.29 views

OpenHelpDesk 1.0.100 - 'eval()' Code Execution (Metasploit)

$Id: phpeval.rb 5783 2008-10-23 02:43:21Z ramon $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.4AI score
Exploits0
Prion
Prion
added 2008/07/30 5:41 p.m.13 views

Sql injection

SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an expgetFeedContent action...

7.5CVSS8.8AI score0.02339EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2008/07/30 5:0 p.m.25 views

CVE-2008-3374

SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an expgetFeedContent action...

8.4AI score0.02339EPSS
Exploits1References7
CVE
CVE
added 2008/07/30 5:0 p.m.43 views

CVE-2008-3374

CVE-2008-3374 afects Gregarius up to version 0.5.4: an SQL injection in ajax.php via the rsargs array in the __exp__getFeedContent action. This allows an unauthenticated, remote attacker to manipulate database queries in the application and potentially disclose data. The vulnerability is triggere...

7.5CVSS8.4AI score0.02339EPSS
Exploits1References7Affected Software1
seebug.org
seebug.org
added 2008/07/30 12:0 a.m.25 views

Gregarius <= 0.5.4 rsargs[] Remote SQL Injection Vulnerability

No description provided by source. GulfTech Security Research July 29, 2008 Vendor : Marco Bonetti URL : http://www.gregarius.net/ Version : Gregarius = 0.5.4 Risk : SQL Injection Description: Gregarius is a popular web-based RSS/RDF/ATOM feed aggregator written in php. There are some SQL Injecti...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2008/07/02 5:0 p.m.25 views

CVE-2008-2976

Multiple directory traversal vulnerabilities in TinX/cms 1.1, when registerglobals is enabled, allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 language parameter to a includeme.php, b admin/ajax.php, and c...

7.3AI score0.01846EPSS
Exploits1References3
securityvulns
securityvulns
added 2007/05/25 12:0 a.m.37 views

[waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3

waraxe-2007-SA050 - Sql Injection in WordPress 2.1.3 ==================================================================== Author: Janek Vind "waraxe" Date: 21. May 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-50.html Target software description: Vulnerable: WordPress 2.1.3...

8.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/05/23 12:0 a.m.42 views

WordPress check_ajax_referer() Function SQL Injection

The version of WordPress on the remote host fails to properly sanitize input to the 'cookie' parameter of the 'wp-admin/admin-ajax.php' script before using it in the 'checkajaxreferer' function in database queries. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated, remote attacker...

7.5CVSS5.5AI score0.052EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2007/05/22 9:30 p.m.29 views

CVE-2007-2821

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...

7.5CVSS6.2AI score0.052EPSS
Exploits1References1
NVD
NVD
added 2007/05/22 9:30 p.m.27 views

CVE-2007-2821

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...

7.5CVSS8.2AI score0.052EPSS
Exploits1References10
Debian CVE
Debian CVE
added 2007/05/22 9:0 p.m.47 views

CVE-2007-2821

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...

7.5CVSS7.6AI score0.052EPSS
Exploits1
seebug.org
seebug.org
added 2007/05/22 12:0 a.m.514 views

Wordpress admin-ajax.php远程SQL注入漏洞

WordPress是一款免费的论坛Blog系统。 WordPress实现上存在输入验证漏洞,远程攻击者可能利用此漏洞执行SQL注入攻击非授权访问数据库。 WordPress的wp-admin/admin-ajax.php文件没有正确验证对cookie参数的输入。在wp-admin/admin-ajax.php的6行: ------------------source code---------------------- define'DOINGAJAX', true; checkajaxreferer; if !isuserloggedin die'-1';...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/05/22 12:0 a.m.37 views

Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit

No description provided by source. ?php errorreportingEALL; $normdelay = 0; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // WordPress 2.1.3 "admin-ajax.php" sql injection blind fishing exploit //...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2007/05/22 12:0 a.m.23 views

WordPress <= 2.1 - SQL Injection

Because of this vulnerability in wp-admin/admin-ajax.php,the attackers can execute arbitrary SQL commands via the "cookie" parameter. Solution Update WordPress...

7.5CVSS6.8AI score0.052EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2007/05/21 12:0 a.m.20 views

WordPress < 2.1.4 'admin-ajax.php' SQLi

Binary data 3995.prm...

7.5CVSS7.3AI score0.052EPSS
Exploits1References2
exploitpack
exploitpack
added 2007/05/21 12:0 a.m.20 views

WordPress 2.1.3 - admin-ajax.php SQL Injection Blind Fishing

WordPress 2.1.3 - admin-ajax.php SQL Injection Blind Fishing ?php errorreportingEALL; $normdelay = 0; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // WordPress 2.1.3 "admin-ajax.php" sql injection...

0.2AI score
Exploits0
0day.today
0day.today
added 2007/05/21 12:0 a.m.61 views

Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit

Exploit for unknown platform in category web applications ================================================================== Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit ================================================================== ?php errorreportingEALL; $normdelay = ...

7.1AI score
Exploits0
Rows per page
Query Builder