UBUNTU-CVE-2020-29050

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal in conjunction with CVE-2019-14511 because the mysql client can be used for CALL SNIPPETS and loadfile operations on a full pathname e.g., a file in the /etc directory. NOTE: this is unrelated to CMUSphinx...

CVE-2021-45253

The id parameter in viewstorage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's loadfile function with a UNC file path that references a URL on an external domain. The application interacted...

PT-2021-6877 · Php +9 · Php +9

Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.32 PHP versions 7.4.x through 7.4.25 PHP versions 8.0.x through 8.0.12 Description: The issue is related to certain XML parsing functions in PHP, such as simplexml load file, which URL-decode the filename passed...

EARCLINK ESPCMS 跨站脚本漏洞

Honghu Erchuang Netlink Information Technology EARCLINK ESPCMS is an enterprise website builder from Honghu Erchuang Netlink Information Technology Company in China. A cross-site scripting vulnerability exists in EARCLINK ESPCMS-P8, which stems from a cross-site scripting XSS vulnerability...

The vulnerability of the IG_load_file function in the ImageGear image processing library allows a hacker to execute arbitrary code.

The vulnerability of the IGloadfile function in the ImageGear image processing library is related to the output of the operation outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created ICO file...

Nokogiri: Command injection

Background Nokogiri is an HTML, XML, SAX, and Reader parser. Description A command injection vulnerability in Nokogiri allows commands to be executed in a subprocess by Ruby’s Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being...

PT-2019-4784

Name of the Vulnerable Software and Affected Versions Nokogiri versions 1.10.3 and earlier Rexical versions 1.0.6 and earlier Description A command injection issue allows commands to be executed in a subprocess via Ruby's Kernel.open method. This occurs when the undocumented method...

AlienVault OSSIM and USM SQL Injection Vulnerabilities

AlienVault OSSIM and USM are both products of AlienVault Corporation, U.S.A. OSSIM is an open source security information management system. USM is a security management platform that provides security monitoring, security event management and reporting, and threat awareness system. An SQL...

yPlay 1.0.76 (.mp3) Local Crash PoC

No description provided by source. !/usr/bin/perl Usage--file created--load file--b00m.mp3 BOOM print \n; print ! yPlay 1.0.76 .mp3 Local Crash PoC\n; print \n; print ! Author: cr4wl3r\n; print ! Mail: cr4wl3r!linuxmail.org\n; print \n; my $boom = A x 1337; my $filename = b00m.mp3; open...

ownrs blog beta3 (sql/xss) Multiple Vulnerabilities

No description provided by source. ============================================================== OwnRS Blog beta3 SQL/XSS Multiple Remote Vulnerabilities ============================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH...

Ian Dunn: Path Disclosure Vulnerability

Hey , I'm Jamal in this report i want to show you a Vulnerability Found It In basic-google-maps-placemarks Pugin Description: Title : Path Disclosure Vulnerability Status : Unfixed Tested on : Firefox Author : Jamal Eddine Email : [email protected] Discovered : 2014/05/04 Report it : 2014/05/04...

Photodex ProShow Producer 5.0.3256 load File Handling Buffer Overflow

This module exploits a stack-based buffer overflow in Photodex ProShow Producer v5.0.3256 in the handling of the plugins load list file. An attacker must send the crafted "load" file to victim, who must store it in the installation directory. The vulnerability will be triggered the next time...

PHP Agenda 2.2.8 - SQL Injection

PHP Agenda 2.2.8 - SQL Injection Title:Simple PHP Agenda 2.2.8 SQLi Vulnerability Version: php-agenda 2.2.8 Author/Found by: loneferret Manifacturer/Software link: http://sourceforge.net/projects/php-agenda/files/latest/download Other vulnerability: http://www.exploit-db.com/exploits/18694/ Date...

Joomla! Component user_id com_sqlreport - Blind SQL Injection

============================================================================== »Joomla Component userid comsqlreport Blind SQL Injection Vulnerability ============================================================================== » Script: Joomla » Language: PHP » Founder: Snakespc...

PHPhotoalbum 0.5 - SQL Injection

Title: PHPhotoalbum Remote sql injection Vulnerability Tested on: windows http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+user+from+mysql.user-- http://server/PHPhotoalbum/thumbnails.php?album=-1+union+select+loadfile/directory hex/config.inc.php+from+mysql.user--...

Image Voting 1.0 SQL Injection

Image voting 1.0 Remote Sql injection AuTh0r : SKuLL-HacKeR H0ME : WwW.Sec-Best.com & Saudihack.com & S3curity-Art.CoM Email : [email protected] download script : http://www.plohni.com/wb/content/static/Download.php?file=../php/download/Imagevoting1-0.zip exploit :...

CmsFaethon 2.2.0 (info.php item) SQL Command Injection Exploit

No description provided by source. !/usr/bin/perl |----------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS |...

InselPhoto 1.1 SQL Injection

!/usr/bin/perl |----------------------------------------------------------------------------------------------------------------------------------| | INFORMATIONS | |----------------------------------------------------------------------------------------------------------------------------------|...

mysql reads the file in several ways and application-vulnerability warning-the black bar safety net

Today a friend asked me how to in mysql read the file, the I asked, stunned, found himself still guilty of careless: the problem is, therefore, specially checked the mysql manual. The ideas are the same, in the have the file permissions of the premise, to read the file as a string into a table,...

gamingdir-sql.txt

--==+================================================================================+==-- --==+ Gaming Directory 1.0 SQL Injection Vulnerbilitys +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 5 April 2008...