oceandir-sql.txt

/ @title Oceandir = 2.9 showvote.php id Remote SQL injection @author JEEN HACKER TEAM Jeen + Secertry @cost 250$ @script http://www.oceandir.com @copyright 2008 @homepage http://www.hackteach.org/cc/teach.php @email [email protected] , [email protected] / Exploit : user...

Dreamlevels Dreampics Builder 'page' SQL注入漏洞

BUGTRAQ ID: 30166 CNCAN ID：CNCAN-2008071103 Dreamlevels Dreampics Builder是一款基于PHP的WEB应用程序。 Dreamlevels Dreampics Builder不正确处理用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可能获得敏感信息或操作数据库。 问题由于脚本对用户提交给'page'参数缺少过滤，构建恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 DreamLevels Dreampics Builder 目前没有解决方案提供：...

Comdev News Publisher Remote SQL Injection Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ Comdev News Publisher SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- Discovered By:...

oscom-sql.txt

osCommerce SQL Injection customertestimonials.php Author: it's my Home page: http://www.antichat.ru Dork: inurl:"customertestimonials.php" Exploit:...

Debian Security Advisory DSA 998-1 (libextractor)

The remote host is missing an update to libextractor announced via advisory DSA 998-1. Derek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in libextractor, a library to extract arbitrary meta-data from files. The old stable distribution woody does not contai...

WorkingOnWeb 2.0.1400 events.php Remote SQL Injection Vulnerability

No description provided by source. WorkingOnWeb 2.0.1400 Remote SQL Injection d0rk: Powered by WorkingOnWeb 2.0.1400 bug found by ka0x - D.O.M TEAM contact: ka0x01!gmail.com we: ka0x, an0de, xarnuz, s0cratex, Hendrix from spain 1: ? 2: $query = "SELECT cnfshortname, cnfname, cnfbegindate,...

WebChat 0.78 - 'login.php?rid' SQL Injection

webchat 0.78 Class: SQL Injection Published 28/06/2007 Remote: Yes Critical Level : Dangerous Site: http://sourceforge.net/projects/webdev-webchat/ Download: http://downloads.sourceforge.net/webdev-webchat/webchat-078.zip?modtime=1046649600&bigmirror=0 Author: r00t Vulnerable code: login.php...

HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit

Exploit for multiple platform in category remote exploits ==================================================================== HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit ==================================================================== !/usr/bin/perl HP Mercury Qualit...

Cell Phone Operating System Discovery

Binary data 3846.prm...

ncompress buffer overflow

Buffer overflow on data extraction...

Update Protection against Oracle Reports Arbitrary File Reading Vulnerability

Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server...

vBulletin - 'LAST.php' SQL Injection

Example: http://www.example.com/last.php?fsel=,user.password%20as%20title,user.%20%20%20%20username%20as%20lastposter%20FROM%20user,thread%20%20%20%20%20WHERE%20usergroupid=6%20LIMIT%201 milw0rm.com 2004-11-15...

NetBIOS Name Service Reply Information Disclosure

Binary data 1922.prm...

More and More SQL injection on PHP-Nuke 6.5.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 /----------------------------------------------------------------------------- | 7 A 6 9 - A d v C: 011 |-----------------------------------------------------------------------------| | | PHP-Nuke SQL injection |...

Aladdin eToken 3.3.3.x Hardware USB Key Private Data Extraction

@Stake Inc. L0pht Research Labs www.atstake.com www.L0pht.com Security Advisory Advisory Name: eToken Private Information Extraction and Physical Attack Release Date: May 4, 2000 Application: N/A Platform: Aladdin eToken USB Key 3.3.3.x Severity: An attacker can access all private information...

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability. Local exploit for windows platform source: http://www.securityfocus.com/bid/231/info The HKeyLocalMachine\SECURITY\Policy\Secrets\ key contains obfuscated data for various system services/resources. Clear-text usernames a...