NetBilleterie 2.8 SQL Injection / Information Disclosure

phpinfo 200 = http://localhost/netbilletterie/phpinfo.php SQL Injection Type: time-based blind 200 = http://localhost/netbilletterie/listerdetailbon.php?datedebut= 200 = http://localhost/netbilletterie/listerpointesok.php?datedebut= 302 = http://localhost/netbilletterie/deletearticle.php?article=...

NetBilleterie 2.8 SQL Injection / Information Disclosure

Exploit Title: NetBilletterie 2.8 | Multiple Vulnerabilities Date: 14/07/16 Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Vendor Homepage: http://net-billetterie.tuxfamily.org/ Software Link: https://sourceforge.net/projects/netbilletterie/files/ Demo Link:...

NetBilletterie 2.8 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: NetBilletterie 2.8 | Multiple Vulnerabilities Date: 14/07/16 Exploit Author: Wadeek Website Author: https://github.com/Wad-Deek Vendor Homepage: http://net-billetterie.tuxfamily.org/ Software Link:...

ALPINE-CVE-2016-7418

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

CVE-2016-7418

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

UBUNTU-CVE-2016-7132

ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddxdeserialize call, as...

Joyent Node.js UglifyJS Security Bypass Vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js UglifyJS allows remote attackers to alter functionality using specially crafted Javascript files, as the program fails to properly handle Non-Boolean comparisons...

PHPBack 1.3.0 - SQL Injection

/ + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/PHPBACK-v1.3.0-SQL-INJECTION.txt Vendor: ================ www.phpback.org Product: ================ PHPBack v1.3.0 Vulnerability Type: =================== SQL Injection CVE Reference:...

CakePHP 2.8.3, 3.0.18, 3.1.13 and 3.2.6 Released

CakePHP 2.8.3, 3.0.18, 3.1.13 and 3.2.6 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 2.8.3, 3.0.18, 3.1.13, and 3.2.6. These releases contain security fixes. 3.2.6 and 2.8.3 also contain bugfixes. Security Fixes These releases fix a weakness in...

SSO Authentication Bypass and Website Takeover in DOKEOS

High-Tech Bridge Security Research Lab discovered a high-risk vulnerability in a popular e-learning software DOKEOS. A remote unauthenticated attacker can bypass authentication process and login to the vulnerable website with an arbitrary account including administrator's one. Successful...

openssl security update

1.0.1e-51.1 - fix CVE-2015-3194 - certificate verify crash with missing PSS parameter - fix CVE-2015-3195 - X509ATTRIBUTE memory leak - fix CVE-2015-3196 - race condition when handling PSK identity hint 1.0.1e-51 - fix the CVE-2015-1791 fix broken server side renegotiation 1.0.1e-50 - improved fi...

Important: ganglia

Issue Overview: Ganglia-web auth can be bypassed using boolean serialization CVE-2015-6816. Affected Packages: ganglia Issue Correction: Run yum update ganglia or yum update --advisory ALAS-2015-612 to update your system. New Packages: i686: ganglia-gmetad-3.7.2-2.19.amzn1.i686 ...

openssh security, bug fix, and enhancement update

6.6.1p1-22 - Use the correct constant for glob limits 1160377 6.6.1p1-21 - Extend memory limit for remote glob in sftp acc. to stat limit 1160377 6.6.1p1-20 - Fix vulnerabilities published with openssh-7.0 1265807 - Privilege separation weakness related to PAM support - Use-after-free bug related...

Joomla JNews (com_jnews) Component 8.5.1 - SQL Injection Vulnerability

Exploit for php platform in category web applications Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management. Exploit Title: Joomla component comjnews - SQL injection Google Dork: inurl:option=comjnews Date: 2015-10-29 Explo...

Joomla! Component com_jnews 8.5.1 - SQL Injection

Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management. Exploit Title: Joomla component comjnews - SQL injection Google Dork: inurl:option=comjnews Date: 2015-10-29 Exploit Author: Omer Ramić Twitter:...

校无忧学校网站系统 TeachView.asp SQL注入漏洞

关键字简介有了。。 然后随便找一些网站 http://www.hainanez.com/TeachView.asp?id=33 http://www.lcztxx.com/TeachView.asp?id=1 http://www.yrenedu.com/TeachView.asp?id=37 http://www.tajx.com/TeachView.asp?id=25 http://nongxue.nyjj.net.cn/TeachView.asp?id=13 http://tuanwei.web.sdutcm.edu.cn/TeachView.asp?id=21...

Pligg CMS 2.0.2 - load_data_for_search.php SQL Injection

Pligg CMS 2.0.2 - loaddataforsearch.php SQL Injection Exploit Title: Pligg CMS 2.0.2 SQL injection Date: 29-08-2015 Exploit Author: jsass Vendor Homepage: http://pligg.com Software Link: https://github.com/Pligg/pligg-cms/archive/2.0.2.zip Version: 2.0.2 Tested on: kali sana 2.0 Q8 Gray Hat Team...

Pligg CMS 2.0.2 - (load_data_for_search.php) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Pligg CMS 2.0.2 SQL injection Date: 29-08-2015 Exploit Author: jsass Vendor Homepage: http://pligg.com Software Link: https://github.com/Pligg/pligg-cms/archive/2.0.2.zip Version: 2.0.2 Tested on: kali sana 2.0 Q8 Gray Hat Team...

Pligg CMS 2.0.2 - 'load_data_for_search.php' SQL Injection

Exploit Title: Pligg CMS 2.0.2 SQL injection Date: 29-08-2015 Exploit Author: jsass Vendor Homepage: http://pligg.com Software Link: https://github.com/Pligg/pligg-cms/archive/2.0.2.zip Version: 2.0.2 Tested on: kali sana 2.0 Q8 Gray Hat Team SQLInjection File : loaddataforsearch.php $search = ne...

ganglia-webfrontend -- auth bypass

Ivan Novikov reports: It's easy to bypass auth by using boolean serialization...