CVE-2015-6481

CVE-2015-6481 affects Moxa OnCell Central Manager Software prior to version 2.2. The vulnerability arises from a hard-coded root credential in the RequestController.login function, enabling remote attackers to obtain administrative access and potentially execute code on affected systems. NVD and ...

IP. Board <= 3.4.7 SQL Injection analysis-vulnerability warning-the black bar safety net

IPB stands for Invision Power Board is a PHP Development Forum program, foreign used more widely. In its 3. 4. 7 version and the previous presence of a SQL injection vulnerability, this article to its analysis. poc link http://seclists.org/fulldisclosure/2014/Nov/20 !/ usr/bin/env python Sunday,...

Betster 1.0.4 SQL Injection / Authentication Bypass Vulnerabilities

Betster version 1.0.4 suffers from a remote SQL injection vulnerability that allows for authentication bypass. ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX ...

PHP Betoffice (Betster) 1.0.4 - Authentication Bypass SQL Injection

PHP Betoffice Betster 1.0.4 - Authentication Bypass SQL Injection ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX /...

CVE-2013-1364

The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter...

eggBlog _lib/user.php eb_login Function Cookie Handling SQL Injection

The remote host is running eggBlog, a free PHP and MySQL blog software package. The version of eggBlog installed on the remote host fails to sanitize input to the 'email' and 'password' cookies before using it in the 'eblogin' function in 'lib/user.php' to perform database queries. Provided PHP's...

Sql injection

Multiple SQL injection vulnerabilities in the login function in system/classpermissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to admin/index.php...

wheatblog-rfi.txt

Found by E.Minaev [email protected] ITDefence.ru 1 SQL Injection in login function. With help of this injection is possible to make per-symbol brute of tables names of blog's database magicquotesgpc should be tured off. ------------------------------------------ "$sql = "select from $tblUse...

WheatBlog 1.1 RFI/SQL Injection

Found by E.Minaev [email protected] ITDefence.ru 1 SQL Injection in login function. With help of this injection is possible to make per-symbol brute of tables names of blog's database magicquotesgpc should be tured off. ------------------------------------------ "$sql = "select from $tblUse...

CVE-2006-6358

SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the 1 username and possibly the 2 password parameter. NOTE: some of these details are obtained from third party information...

OTRS 2.0 - Login Function User SQL Injection

OTRS 2.0 - Login Function User SQL Injection source: https://www.securityfocus.com/bid/15537/info OTRS is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to multiple...