655 matches found
CVE-2016-2561
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via 1 normalization.php or 2 js/normalization.js in the database normalization page, 3...
phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability
The phpMyAdmin development team reports: XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of t...
Dimofinf 3.0.0 SQL Injection Vulnerability
Dimofinf version 3.0.0 cookie SQL injection exploit. Dimofinf CMS Automatic Cookie SQL Injection exploit Google Dork: intext:"Powered by Dimofinf" Date: 19/11/2015 Author: D35m0nd142 Software link: http://www.dimofinf.net Version: 3.0.0 Tested on: Dimofinf version 3.0.0 Sometimes it happens that...
Faraday 1.0.15 - Collaborative Penetration Test and Vulnerability Management Platform
A brand new version is ready for you to enjoy! Faraday v1.0.15 Community, Pro & Corp was published today with new exciting features. As a part of our constant commitment to the IT sec community we added a tool that runs several other tools to all IPs in a given list. This results in a major scan ...
DEBIAN-CVE-2015-2788
Multiple stack-based buffer overflows in the ibfillisqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns...
Stack overflow
Multiple stack-based buffer overflows in the ibfillisqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns...
PYSEC-2014-41
pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service memory consumption via a large value, related to formatColumns...
BS Auto Classifieds (info.php) SQL Injection Vulnerability Proof of Concept
No description provided by source. ----------------------------Information------------------------------------------------ +Autor : Easy Laster +ICQ : 11-051-551 +Date : 06.07.2010 +Script : BS Auto Classifieds +Price : $24.95 +Language :PHP +Discovered by Easy Laster 4004-security-project.com...
Blog System 1.x (note) SQL Injection Vuln
No description provided by source. Script : Blog System Version : 1.x Link : http://netartmedia.net/blogsystem/ Dork : powered by Blog System Table : websiteadminadminusers Columns : id,username,password,type Exploit :...
SiteGenius Blind SQL injection Vulnerability
No description provided by source. ===================================================== SiteGenius Blind SQL injection vulnerability ===================================================== Exploit title : SiteGenius Blind SQL injection vulnerability Date : 02 \ 08 \ 2011 Author : AutoRUN & dR.sqL...
Taboada Macronews <= 1.0 - SQLi Exploit
No description provided by source. ?php / Exploit Title: Taboada Macronews = 1.0 SQLi Exploit Date: 03rd January 2013 Exploit Author: WhiteCollarGroup Software Link: http://www.scriptbrasil.com.br/download/codigo/7144/ Version: 1.0 Google Dork: intext:Powered by: joaotaboada.com Usage: php...
PHP-Fusion MG User-Fotoalbum SQL Injection Vulnerability
No description provided by source. ----------------------------Information------------------------------------------------ +Name : PHP-Fusion mg user fotoalbum 1.0.1 = SQL injection Vulnerability Proof of Concept +Autor : Easy Laster +Date : 10.10.2010 +Script : PHP-Fusion mg user fotoalbum 1.0.1...
Calendarix 0.8.20071118 - SQL Injection
No description provided by source. Informatique inside Calendarix : SQL injection Version : 0.8.20071118 et infrieur Author : Thibow Contact : Thibow4tlinformatique-insidedotcom Location : France Website : http://www.informatique-inside.com Dork : inurl:calday.php?op=day&catview= Solution : Updat...
flinx <= 1.3 (category.php id) Remote SQL Injection Vulnerability
No description provided by source. -------------------------------------------------------------- H-T Team HouSSaMix + ToXiC350 + RxH -------------------------------------------------------------- Author : Houssamix From H-T Team Script : flinx 1.3 & below Download :...
Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database
SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database. Functions SQL Injection Operation System Function Dump Database Extract Database Schema Search Columns Name Read File read only Create File read only Brute Table & Column Download Simple SQLi Dumper v5....
Updated ruby-rails and associated packages fix multiple vulnerabilities
Updated ruby-activerecord and ruby-actionpack packages fix security vulnerabilities: There is a data injection vulnerability in Active Record. Specially crafted strings can be used to save data in PostgreSQL array columns that may not be intended CVE-2014-0080. There is an XSS vulnerability in th...
CVE-2014-0080
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ backslash character...
CVE-2014-0080
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ backslash character...
Sql injection
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ backslash character...
CVE-2014-0080
SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ backslash character...