Multiple Bugs Haunt WordPress Setup

Researchers have found a string of weaknesses in the WordPress default installation page, including PHP code execution and a persistent cross-site scripting flaw, affecting versions 3.3.1 and later. WordPress officials say that they’re not planning to fix the vulnerabilities as there’s only a sma...

WordPress <= 3.3.1 - Multiple Vulnerabilities

WordPress version 3.3.1 is prone to PHP code execution and persistent cross-site scripting vulnerabilities via "setup-config.php" page. The attackers can host their own MySQL database server and then successfully complete the WordPress installation without having any valid credentials on the targ...

WordPress Core 3.3.1 - Multiple Vulnerabilities

Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version affected: 3.3.1 and prior Product...

phpMyAdmin 3.4.8之前版本多个跨站脚本执行漏洞

BUGTRAQ ID: 51099 CVE ID: CVE-2011-4634 phpMyAdmin是一个用PHP编写的，可以通过web方式控制和操作MySQL数据库。 phpMyAdmin 3.4.8之前版本在实现上存在多个跨站脚本执行漏洞，远程攻击者可利用这些漏洞在受影响站点的用户浏览器中执行任意脚本代码，窃取Cookie身份验证凭证。 使用特制的数据库名称，可能会在数据库同步和数据库重命名面板中执行XSS。使用无效的和特制的SQL查询，在表格全览面板上编辑查询时造成XSS或在使用创建视图对话框时执行XSS。使用特制的列类型，可能在表格搜索或创建索引对话框时执行XSS 0...

Welt.de hacked - Credit Card info of 30264 users Compromised

Welt.de hacked - Credit Card info of 30264 users Compromised Welt.de hacked using an SQL Injection https://boot24.welt.de/indexwelt..php?ac =. The Hacker was deeply penetrate into the infrastructure of the Website and copy number information from the database of MySQL. He has published the links ...

Stevens Institute of Technology database leaked by p0keu for #Antisec

Stevens Institute of Technology database leaked byp0keu for Antisec Stevens Institute of Technology database leaked by Anonymous - p0keu for Antisec on pastebin, the leaks are a MySQL database and a cms database, usernames/passwords, this leak comes from the same source as the 4 random leaks and...

PT-2011-09: Arbitrary Command Execution in ManageEngine ServiceDesk Plus 8.0.0

The specialists of the Positive Research center have revealed an arbitrary code execution vulnerability in ManageEngine ServiceDesk Plus. If Microsoft SQL Server is used as application database server, insufficient validation of input settings for /CustomReporthandler.do script that is use to...

ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal

ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal Advisory: ManageEngine Support Center Plus 7.8 build 0x90.nl Software link: http://www.manageengine.com/products/support-center/download.html Tested on: Linux & Windows Category: Directory Traversal Severity: High Google Dork:...

CVE-2011-1906

Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756...

Design/Logic Flaw

Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756...

CVE-2011-1906

Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756...

NooMS CMS version 1.1.1 CSRF

Exploit for php platform in category web applications NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this mornin...

NooMS CMS 1.1.1 Cross Site Request Forgery

NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this morning so figured I'd try to see how fast it would take me ...

[SECURITY] Fedora 15 Update: roundcubemail-0.5.1-1.fc15

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Joomla 1.6.0 Cross Site Scripting

========================================== Joomla! 1.6.0 | Cross Site Scripting XSS Vulnerability ========================================== 1. OVERVIEW Joomla! 1.6.0 was vulnerable to Cross Site Scripting. 2. PRODUCT DESCRIPTION Joomla is a free and open source content management system CMS for...

Keynect eCommerce - SQL Injection

Keynect eCommerce - SQL Injection ======================================================================================== | Title : SQL Injection Keynect Ecommerce | | Author : Arturo Zamora | | email : [email protected] | | DAte : 10/03/2011 | | Verified : yes | | Risk : High | |...

BMForum Myna 6.0 SQL injection vulnerability-vulnerability warning-the black bar safety net

BMForum is a used in personal, business areas based on the MySQL database to the new PHP Forum program. BMForum Myna 6.0 existSQL injectionvulnerabilities that could lead to sensitive information disclosure. +info: BMForum Myna 6.0 SQL Injection Vulnerability Author: Stephan Sattler Software...

JAKCMS <= v2.01 RC1 Blind SQL Injection Exploit

Exploit for php platform in category web applications !/usr/bin/python jakCMS = v2.01 RC1 Blind SQL Injection Exploit Understanding: The parameters 'JAKCOOKIENAME' and 'JAKCOOKIEPASS' are parsed via cookies to the application and are unchecked for malicious characters. The contents of these...

Lingxia I.C.E CMS - Blind SQL Injection

Lingxia I.C.E CMS - Blind SQL Injection !/usr/bin/python ICE CMS Blind SQLi 0day. mrme@pluto ice$ python icecold.py -p localhost:8080 -t 10.3.100.25:8500 -d /ice/ | ---------------------------------------------------- | | Lingxia I.C.E CMS Remote Blind SQL Injection Exploit | | by mrme -...

Fedora Update for mod_auth_mysql FEDORA-2011-0100

Check for the Version of modauthmysql OpenVAS Vulnerability Test Fedora Update for modauthmysql FEDORA-2011-0100 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...