CVE-2011-4741

The CVE-2011-4741 entry pertains to Parallels Plesk Panel 10.2.0 build 20110407.20. The Control Panel includes a database connection string within a web page, which allows remote attackers to obtain potentially sensitive information by reading the page at client@2/domain@1/hosting/aspdotnet/. The...

Oracle Hyperion Enterprise Performance Management arsqls24.dll缓冲区溢出漏洞

Oracle Hyperion Enterprise Performance Management是性能管理软件。 Oracle Hyperion Enterprise Performance Management在实现上存在安全漏洞，可被恶意用户利用控制用户系统。 在解析数据库连接字符串时，arsqls24.dll中存在边界错误。通过诱使用户打开特制的Hyperion Interactive Reporting Studio .oce文件造成栈缓冲区溢出。 Oracle Hyperion Enterprise Performance Management EPM 11.x 厂商补丁：...

Oracle DataDirect ODBC Drivers - HOST Attribute arsqls24.dll Stack Buffer Overflow (PoC)

Oracle DataDirect ODBC Drivers - HOST Attribute arsqls24.dll Stack Buffer Overflow PoC g 208.152c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception ha...

Oracle DataDirect ODBC Drivers HOST Attribute arsqls24.dll Stack Based

Exploit for windows platform in category dos / poc g 208.152c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception hand...

YOTHCMS guestbook write horse vulnerabilities and fixes-vulnerability warning-the black bar safety net

Some time ago released this system to traverse a directory problem. Feedback after the official has been amended. Today stumbled upon a new version of the Yothshop Mall system, can be found in Database inserted into a word, and a successful connection. Affect all versions. Official website:...

How to change URL in Enterprise Manager notification email

Purpose This article documents how to change the URL listed in the Veeam Backup Enterprise Manager notification email. Example of Backup Enterprise Manager Notification Solution Back Up Database Before Making Changes Before making changes to the VeeamBackupReporting database, create a backup of t...

WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project

WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be...

Epic Games Database Hacked by Contra

Epic Games Database Hacked by Contra Epic Games https://www.epicgames.com/ Database Hacked by Contra Hacker , He hack whole database and Leak all database structure online at https://pastebin.com/X455ZARH . The Site of Epic Games is currently showing Database connection error. About EPIC GAMES:...

Large power online online distance learning platform 0DAY National Electrical chase to eat)-vulnerability warning-the black bar safety net

Brief description: Long time of vulnerability, the vendor iswww.open.edu.cn, today finishing the blog found this 0day can also use the publication to the next. A plurality of injection vulnerabilities, filtering and etc. but can bypass the database connection configuration file is exposed,...

K6dvd music network 0day(anti-injection embarrassing)-vulnerability warning-the black bar safety net

Long time no see code to post before, I believe there should be a lot of seniors already know this BUG!! Ps:although I haven't found, perhaps is too long not concerned about the network! Oh K6dvd television system is the domestic good music leave management system! Today fish called me this week...

Rain Joe(YuQa)Network Information feedback system YuQaIFS V1. 0 vulnerability 0day and fix-vulnerability warning-the black bar safety net

Publishing author: f4tb0y Affected versions: YuQaIFS V1. 0 Vulnerability type: design flaw Vulnerability Description: a vulnerability in the file is YuQaIFSSave. the asp directly to the submitted data is written to the database, without any filtering. 主页 面 www.xxx.com/xx/index.asp（xx for this...

Armitage : Cyber Attack Management for Metasploit tool !

Armitage is a graphical cyber attack management tool for Metasploit that visualizes your targets, recommends exploits, and exposes the advanced capabilities of the framework. Armitage aims to make Metasploit usable for security practitioners who understand hacking but don't use Metasploit every...

QuickTalk 1.2 Information Disclosure

======================================================================= QuickTalk v1.2 Source code disclosure Multiple Vulnerabilities ======================================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\...

QuickTalk 1.2 - Source Code Disclosure

QuickTalk 1.2 - Source Code Disclosure ======================================================================= QuickTalk v1.2 Source code disclosure Multiple Vulnerabilities =======================================================================...

PT-2010-1590 · Tukeva · Tukeva Password Reminder

Name of the Vulnerable Software and Affected Versions: TUKEVA Password Reminder version 1.0.0.3 and earlier Description: The issue allows local users to discover credentials due to a hard-coded password for rem.accdb. This can be achieved via a DBI connection. Recommendations: For versions prior ...

Hua-the local portal system(port) 5.0 XDAY-vulnerability warning-the black bar safety net

Look at the background of the login authentication file: File code:admin/index. asp %dbs="../"% !-- include file="../inc/config. asp" - !-- include file="../inc/md5. asp" - % if session"adminid""" and session"adminuser""" Then response. Redirect "main. asp" response. End end if action=request...

Debian DSA-1909-1 : postgresql-ocaml - missing escape function

It was discovered that postgresql-ocaml, OCaml bindings to PostgreSQL's libpq, was missing a function to call PQescapeStringConn. This is needed, because PQescapeStringConn honours the charset of the connection and prevents insufficient escaping, when certain multibyte character encodings are use...

Storm library vulnerability construct thinking-vulnerability warning-the black bar safety net

Author:lonely the prodigal son Storm library vulnerability ODAY,celebration 2 0 1 0 the first day of the I in the testing a website got the SHELL,see if there's other ideas, I suddenly remembered the Browse inc directory see conn. asp /inc/conn. asp this method of attack has never worked conn. as...

conn. asp storm library law principles and applications-vulnerability warning-the black bar safety net

Today learn conn. asp storm database,this method is a very old method,it is through direct access to the database connection file conn. asp enables the server to produce the error,by returning the error information to storm out of the database the absolute path,here in conn. asp is the database...

How to use the database to crack the md5-vulnerability warning-the black bar safety net

Why password the number of bits short of MD5 unsafe? A length of 4 pure lowercase letters to generate passwords in the database with the help of Can in 0. 005s is cracked. This time also includes a connection to the database the time, the running environment is in my 900MHZ personal PC. Note that...