Server side request forgery (ssrf)

Server-side request forgery SSRF vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter...

CVE-2014-8749

Server-side request forgery SSRF vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests that authenticate to arbitrary databases via the dbhost parameter...

Oracle MySQL Server <= 5.5.38 / 5.6 <= 5.6.19 Security Update (cpuoct2014) - Windows

Oracle MySQL Server is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft SQL Server SQLi Escalate Db_Owner

This module can be used to escalate SQL Server user privileges to sysadmin through a web SQL Injection. In order to escalate, the database user must to have the dbowner role in a trustworthy database owned by a sysadmin user. Once the database user has the sysadmin role, the mssqlpayloadsqli modu...

Important: Red Hat Security Advisory: rsyslog7 security update

Updated rsyslog7 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

RedHat Update for rsyslog RHSA-2014:1397-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 20 Update: pnp4nagios-0.6.22-2.fc20

PNP is an addon to nagios which analyzes performance data provided by plugi ns and stores them automatically into RRD-databases...

[SECURITY] Fedora 19 Update: pnp4nagios-0.6.22-2.fc19

PNP is an addon to nagios which analyzes performance data provided by plugi ns and stores them automatically into RRD-databases...

PicoPublisher 2.0 - Remote SQL Injection

No description provided by source. Exploit Title : PicoPublisher v2.0 Remote SQL injection Date : 29/03/2012 Author : ZeTH Contact : zeth/at/hacktheplan8/dot/com http://www.hacktheplan8.com Vendor : Pico Software Site : http://pico.no/ Version : 2.0 Price : $29,00 Dork : intext:Drives med...

Interbase 6.x External Table File Verification Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7291/info A vulnerability has been reported for Interbase that may result in the corruption of arbitrary system files. The vulnerability exists due to insufficient checks performed when creating or manipulating external...

Visible Systems Razor 4.1 Password File Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/1424/info The Razor Configuration Management program stores passwords in an insecure manner. A local attacker can obtain the Razor passwords, and either seize control of the software and relevant databases or use those...

GNU findutils 4.0/4.1 Locate Arbitrary Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3127/info GNU locate is an application that searches file databases for file names that match user-supplied patterns. A boundary condition error can occur when the program reads database files composed in an old format,...

Linux Kernel <= 2.6.9 / <= 2.4.28 - vc_resize int Local Overflow Exploit

No description provided by source. / vcresize int overflow Copyright Georgi Guninski Cannot be used in vulnerability databases / include stdio.h include stdlib.h include sys/types.h include sys/stat.h include fcntl.h include linux/vt.h include sys/vt.h include sys/ioctl.h include string.h include...

Parallels PLESK 9.x - Insecure Permissions

No description provided by source. Exploit Title: PLESK 9.x insecure directory permission admin password revealed Date: 25/04/2012 Author: Nicolas Krassas , twitter.com/dinosn Software Link: www.parallels.com/plesk/ Version: 9.x Tested on: ubuntu / centos During backup procedures, PLESK panel is...

EQdkp <= 1.3.1 (Referer Spoof) Remote Database Backup Vulnerability

No description provided by source. Title: EQdkp = 1.3.1 Referer Spoof to access to SQL Database URL: http://www.eqdkp.com Hook: Powered by EQdkp Author: Eight10 Contact: [email protected] --------------------------------------------------------------------------------------------------------...

openSUSE Security Update : libfreebl3 (openSUSE-SU-2011:1241-1)

This mozilla update fixes the following security issues : - explicitely distrust DigiCert Sdn. Bhd bnc728520, bmo698753 - make sure NSSNoDBInit does not try to use wrong certificate databases CVE-2011-3640, bnc726096, bmo641052 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Nosql-Exploitation-Framework - A FrameWork For NoSQL Scanning and Exploitation Framework

A FrameWork For NoSQL Scanning, Enumeration and Exploitation. NoSQL Databases are schema less databases. They were invented to store data easily and flexibly. NoSQL Databases have gained popularity and its security has always been under the scanner. The NoSQL Exploitation Framework focuses...

帝友P2P借贷系统SQL注入通杀#1

简要描述： =。= 详细说明： 模块：省市信息联动插件（通杀V4.0,3.1） 基于后台读数据库出数据的省市信息联动插件，省市区变量直接转int即可！ Location:./?plugins&q=areas&areaid=174 http://www.diyou.cc/?plugins&q=areas&areaid=174 GET参数areaid未有效过滤导致存在注入 通知存在注入点，未做进一步测试，赶紧赶紧赶紧修复！ python sqlmap.py -u "http://www.diyou.cc/?plugins&q=areas&areaid=174" -p "areaid"...

Pompem - Exploit Finder

Pompem is an open source tool, which is designed to automate the search for exploits in major databases. Developed in Python, has a system of advanced search, thus facilitating the work of pentesters and ethical hackers. In its current version, performs searches in databases: Exploit-db, 1337day,...

Automated NoSQL Database Injection Attacks: NoSQLMap

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...