Joomla 3.7.0 - com_fields SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on...

Joomla! 3.7.0 - com_fields SQL Injection

Joomla! 3.7.0 - comfields SQL Injection Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on: Win, Kali...

Joomla! 3.7.0 - 'com_fields' SQL Injection

Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on: Win, Kali Linux x64, Ubuntu, Manjaro and Arch Linux...

[SECURITY] Fedora 25 Update: yara-3.5.0-7.fc25

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

[SECURITY] Fedora 24 Update: yara-3.5.0-7.fc24

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

Mirage – Fancy Clone - SQL Injection

Mirage – Fancy Clone - SQL Injection Mirage – Fancy Clone, the presence of the parameter filter is not strict, leading to a sql injection vulnerability, if the other server is turned on the error display, can directly use, if you turn off the error display, you can use the time-based and Boolean...

PHP Forum Script v3.0 - SQL Injection

PHP Forum Script v3. 0 - SQL Injection PHP Forum Script v3. 0, the presence of the parameter filter is not strict, leading to a sql injection vulnerability, if the other server is turned on the error display, can directly use, if you turn off the error display, you can use the time-based and...

Joomla! Component Simple Membership 3.3.3 - 'userId' Parameter SQL Injection

Joomla! Component Simple Membership 3.3.3 - the 'userId' Parameter SQL Injection Joomla! Component Simple Membership 3.3.3, the presence of the parameter filter is not strict, leading to a sql injection vulnerability, if the other server is turned on the error display, can directly use, if you tu...

Joomla com_product v2. 2 parameters main_proid SQL injection vulnerability

Joomla comproduct 2.2 SQL injection Vulnerability Joomla comproduct 2.2, the presence of the parameter filter is not strict, leading to a sql injection vulnerability, if the other server is turned on the error display, can directly use, if you turn off the error display can be used based on the...

Zigaform - SQL injection vulnerability

Zigaform the modelforms. in php form parameters into SQL statements cause SQL injection Injection point: http://localhost/PATH/formbuilder/frontend/viewform/? form=SQL payload: AND SELECT 2120 FROMSELECT COUNT,CONCAT0x716a7a6271,SELECT ELT2120=2120,1,0x7171767071,FLOORRAND02,md5233x FROM...

HotelCMS with Booking Engine - SQL injection vulnerability

http://localhost/PATH/locale? locale=SQL the locale parameter there is sql injection Wherein the error injection as follows: payload: http://localhost/PATH/locale? locale=1' AND SELECT 3507 FROMSELECT COUNT,CONCATFLOORRAND02,md5233x FROM INFORMATIONSCHEMA. The PLUGINS GROUP BY xa-- Lilt Test...

UBUNTU-CVE-2016-9955

The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...

UBUNTU-CVE-2016-9814

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...

CVE-2016-9955

The SimpleSAMLXMLValidator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service memory consumption by leveraging improper conversion of return values to boolean...

dotCMS 3.6.1 Blind Boolean SQL Injection

Blind Boolean SQL Injection in dotCMS = 3.6.1 CVE-2017-5344 Product Description dotCMS is a scalable, java based, open source content management system CMS that has been designed to manage and deliver personalized, permission based content experiences across multiple channels. dotCMS can serve as...

PHP Marketplace Script SQL Injection

Exploit Title : PHP Marketplace Script - Multiple SQL Injection Vulnerabilities Author : Yunus YILDIRIM Th3GundY Team : CT-Zer0 @CRYPTTECH - https://www.crypttech.com Website : http://www.yunus.ninja Contact : [email protected] Vendor Homepage : http://www.ecommercemix.com/ Software Li...

PHP Marketplace Script - SQL Injection

PHP Marketplace Script - SQL Injection Exploit Title : PHP Marketplace Script - Multiple SQL Injection Vulnerabilities Author : Yunus YILDIRIM Th3GundY Team : CT-Zer0 @CRYPTTECH - https://www.crypttech.com Website : http://www.yunus.ninja Contact : [email protected] Vendor Homepage :...

PHP Marketplace Script - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : PHP Marketplace Script - Multiple SQL Injection Vulnerabilities Author : Yunus YILDIRIM Th3GundY Team : CT-Zer0 @CRYPTTECH - https://www.crypttech.com Website : http://www.yunus.ninja Contact : email protected Vendor Homepage :...

NewsBee CMS - SQL Injection

Exploit Title: NewsBee CMS – SQL Injection Date: 06.02.2017 Software Link: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937?srank=2 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...

Itech Multi Vendor Script 6.49 - SQL Injection

Exploit Title : Itech Multi Vendor Script - Multiple SQL Injections Author : Yunus YILDIRIM Th3GundY Team : CT-Zer0 @CRYPTTECH - https://www.crypttech.com Website : http://www.yunus.ninja Contact : [email protected] Vendor Homepage : http://itechscripts.com/ Software Link :...