InvGate Service Desk 4.2.36 SQL Injection

InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL injections as an authenticated, but non-privileged end-user role user. Most are also stacked injections...

Kerio Control 8.3.1 - Blind SQL Injection

Document Title: ====================== Kerio Control = 8.3.1 Boolean-based blind SQL Injection Primary Informations: ====================== Product Name: Kerio Control Software Description: Kerio Control brings together multiple capabilities including a network firewall and router, intrusion...

Windows Movie Maker 2.1.4026.0 - (.wav) Crash PoC

No description provided by source. Exploit Title: Windows Movie Maker Version 2.1.4026.0 .wav - Crash POC Date: 16-07-2013 Exploit Author: ariarat Vendor Homepage: http://www.microsoft.com Software Link: included in windows xp sp2 and sp3 Version: 2.1.4026.0 Tested on: Windows XP sp3 CVE :...

Campaign Enterprise 11.0.421 SQLi Vulnerability

No description provided by source. Exploit Title: Campaign Enterprise 11.0.421 SQLi Vulnerability Author: Craig Freyman @cd1zz Date Discovered: 12/12/2011 Vendor Site: http://www.arialsoftware.com Vendor Notified: 1/19/2012 Vendor Fixed: 1/30/2012 Version 11.0.512 Description: The SID parameter i...

Mail.ru: SQL Injection on 11x11.mail.ru

Приветствую! SQL Inject boolean-based True http://11x11.mail.ru/xml/games/champ.php?act=groups&division=6&tournament=66+and+1=ifsubstr@@version,1,5=0x352e302e37,1,2%23 Сезон 22, Дивизион 3-C False...

MongoDB NoSQL Collection Enumeration Via Injection

This module can exploit NoSQL injections on MongoDB versions less than 2.4 and enumerate the collections available in the data via boolean injections. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Videos Tube 1.0 - Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Videos Tube SQL Injection and Remote Code Execution Google Dork: inurl:"single.php?url=" video Date: 05.05.2014 Exploit Author: Mustafa ALTINKAYNAK Vendor Homepage: http://www.phpscriptlerim.com Software Link:...

SMART iPBX SQL Injection Vulnerability

SMART iPBX suffers from multiple remote SQL injection vulnerabilities. SMART iPBX - Multiple Sql Injection =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : email protected , email protected .:. Home : http://www.iphobos.com/blog/ .:...

CVE-2013-6375

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean...

Code injection

Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean...

Win32k Memory Allocation Vulnerability(MS13-053)

No description provided by source. / more detials: https://labs.mwrinfosecurity.com/blog/2013/09/06/mwr-labs-pwn2own-2013-write-up-kernel-exploit/ this poc is written by 0xBigBan / include windows.h define NtUserMessageCall 0x11ea //on win7 sp1 x86 void SystemCallDWORD ApiNumber, ... asm lea edx,...

MS13-053 Win32k Memory Allocation Vulnerability

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain...

(Pwn2Own) Microsoft Windows NtUserMessageCall Privilege Escalation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

console

This plugin writes the framework messages to the console. One configurable parameter exists: verbose Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- verbose | boolean | False | Enables verbose output for the console | No detailed help available Sour...

Website Created By Triad SQL Injection

| | | | '| | | | ' \ / \ ' \ | | | ' | | | \ / / | | | || | | | / | | | | | | | | | || | = 5.0 AND error-based - WHERE or HAVING clause Payload: id=5' AND SELECT 8596 FROMSELECT COUNT,CONCAT0x3a6974713a,SELECT CASE WHEN 8596=8596 THEN 1 ELSE 0 END,0x3a6a6c763a,FLOORRAND02x FROM...

Joomla com_etree Blind SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla cometree Blind SQL-inj Vuln Date: 20.02.2012 Author: Mach1ne Version: 1.5.+ Category:: remote, webapps Google dork: inurl:compersonal Tested in: web ============================== ================================= Multipl...

Campaign Enterprise 11.0.421 SQL Injection

Exploit Title: Campaign Enterprise 11.0.421 SQLi Vulnerability Author: Craig Freyman @cd1zz Date Discovered: 12/12/2011 Vendor Notified: 1/19/2012 Vendor Fixed: 1/30/2012 Version 11.0.512 Description: The SID parameter in a POST is vulnerable to a boolean based blind SQLi. You must be authenticat...

Campaign Enterprise 11.0.421 - SQL Injection

Campaign Enterprise 11.0.421 - SQL Injection Exploit Title: Campaign Enterprise 11.0.421 SQLi Vulnerability Author: Craig Freyman @cd1zz Date Discovered: 12/12/2011 Vendor Site: http://www.arialsoftware.com Vendor Notified: 1/19/2012 Vendor Fixed: 1/30/2012 Version 11.0.512 Description: The SID...

Campaign Enterprise 11.0.421 - SQL Injection

Exploit Title: Campaign Enterprise 11.0.421 SQLi Vulnerability Author: Craig Freyman @cd1zz Date Discovered: 12/12/2011 Vendor Site: http://www.arialsoftware.com Vendor Notified: 1/19/2012 Vendor Fixed: 1/30/2012 Version 11.0.512 Description: The SID parameter in a POST is vulnerable to a boolean...

WordPress Plugin SendIt 1.5.9 - Blind SQL Injection

WordPress Plugin SendIt 1.5.9 - Blind SQL Injection Exploit Title: WordPress SendIt plugin getvar"SELECT COUNT FROM $tableemail where email ='$POSTemailadd' and idlista = '$POSTlista';"; As you can see, $POSTlista parameter is nor validated neither escaped, so you can blind sql inject it using...