[Wapiti 2.3.0] Web Application Vulnerability Scanner

Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti act...

Tiki Wiki CMS Groupware vulnerable to SQL injection

Overview Tiki Wiki CMS Groupware Tiki is a content management system CMS. Tiki contains a SQL injection vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary SQL...

UBUNTU-CVE-2013-1434

Multiple SQL injection vulnerabilities in 1 apipoller.php and 2 utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors...

[aidSQL] A tool that will aid you when trying to find vulnerable spots in your site

Is a PHP application provided for detecting security holes in your website/s. It's a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. 2013-05-27 NEW aidSQL Release which supports MS SQL SERVER 2000 Database injection and reverse...

rubygem-json: Denial of Service and SQL Injection

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

[JSQL v0.3] Java Tool for Automatic Database Injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.2 features: GET, POST, header, cookie methods normal, error based, blind, time based algorithms automatic...

rubygem-activerecord: find_by_* SQL Injection

SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use...

PT-2013-1054 · Ruby +1 · Ruby On Rails +1

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions 2.3.x through 2.3.15 Ruby on Rails versions 3.0.x through 3.0.19 Description: The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely. The problem lies i...

WordPress Plugin foxypress 0.4.2.5 - Multiple Vulnerabilities

waraxe-2012-SA095 - Multiple Vulnerabilities in Wordpress FoxyPress Plugin =============================================================================== Author: Janek Vind "waraxe" Date: 30. October 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-95.html Description of vulnerab...

cumin: SQL injection flaw

Multiple SQL injection vulnerabilities in the getsamplefiltersbysignature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to execute arbitrary SQL commands via the 1 agent or 2 object id...

DEBIAN-CVE-2012-0805

Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the 1 limit or 2 offset keyword to the select function, or unspecified vectors to the 3 select.limit or 4 select.offset function...

CreateVision CMS SQL Injection

!/usr/local/bin/perl Exploit Title: CreateVision CMS Database injection. Description: Virtually none of the variables are not filtered. Google Dork: inurl:artykulprint.php Date: 2012/02/24 Author : Zwierzchowski Oskar Software Link: http://www.createvision.pl/ Version: All Version Security Risk:...

CreateVision CMS Database injection

Exploit for php platform in category web applications !/usr/local/bin/perl Exploit Title: CreateVision CMS Database injection. Description: Virtually none of the variables are not filtered. Google Dork: inurl:artykulprint.php Date: 2012/02/24 Author : Zwierzchowski Oskar Software Link:...

DEBIAN-CVE-2011-4824

SQL injection vulnerability in authlogin.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the loginusername parameter...

Debian DSA-2338-1 : moodle - several vulnerabilities

Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning : - MSA-11-0020 Continue links in error messages can lead offsite - MSA-11-0024 reCAPTCHA images were being authenticated from an older server - MSA-11-0025 Gro...

CVE-2010-5000

SQL injection vulnerability in login/loginindex.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter aka Username field in a dologin action. NOTE: some of these details are obtained from third party information...

CVE-2010-5013

SQL injection vulnerability in listingdetail.asp in Mckenzie Creations Virtual Real Estate Manager VRM 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid parameter...

CVE-2010-5014

SQL injection vulnerability in standings.php in Elite Gaming Ladders 3.5 allows remote attackers to execute arbitrary SQL commands via the ladderid parameter...

phpcms 2008 c.php 跨站脚本漏洞

前言： phpcms目前已经退出v9版本，2008版已经停止更新，但仍有少数网站使用phpcms2008框架。 漏洞描述： 该漏洞主要由referer地址未进行过滤，直接插入数据库导致的注入漏洞。 代码： $info'referer' = HTTPREFERER; //这里为进行字符串过滤 $year = date'ym',TIME; $table = DBPRE.'ads'.$year; $tablestatus = $db-tablestatus$table; if!$tablestatus include MODROOT.'include/create.table.php';...

CVE-2010-4967

SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter...