Infopop UBB.Threads Admin Credentials via SQL Injection

Discovered: 07-18-08 By: SecureState R&D Team sasquatch www.securestate.com Background: ----------- SQL injection has previously been discovered http://www.securityfocus.com/bid/14052/ New Details: ------------ UBBThreads is nice enough to encrypt/mask the regular users' passwords in the database...

Infopop UBB.Threads Admin Credentials via SQL Injection

No description provided by source. Background: ----------- SQL injection has previously been discovered \ http://www.securityfocus.com/bid/14052/ New Details: ------------ UBBThreads is nice enough to encrypt/mask the regular users' passwords in the \ database, but stores the admin users' passwor...

Fedora Update for phpMyAdmin FEDORA-2007-3627

Check for the Version of phpMyAdmin OpenVAS Vulnerability Test Fedora Update for phpMyAdmin FEDORA-2007-3627 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Information disclosure

Sam Crew MyBlog stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...

Fedora Update for mantis FEDORA-2008-8925

Check for the Version of mantis OpenVAS Vulnerability Test Fedora Update for mantis FEDORA-2008-8925 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Fedora Update for mantis FEDORA-2008-6647

Check for the Version of mantis OpenVAS Vulnerability Test Fedora Update for mantis FEDORA-2008-6647 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Fedora Update for cacti FEDORA-2008-1699

Check for the Version of cacti OpenVAS Vulnerability Test Fedora Update for cacti FEDORA-2008-1699 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

MemHT Portal 4.0.1 - Delete All Private Messages

MemHT Portal 4.0.1 - Delete All Private Messages !/usr/bin/perl MemHT Portal query"DELETE FROM memhtpvtmsg WHERE id=$value"; if isset$POST'deletepm' foreach $POST'deletepm' as $value $dblink-query"DELETE FROM memhtpvtmsg WHERE id=$value"; ? ok then foreach $POST'deletenewpm' as $value deletenewpm...

Cisco Security Manager unauthorized access

Unauthorized MySQL database access is possible if used with Cisco IPS Event Viewer...

Establish a remote connection for the root user-bug warning-the black bar safety net

The following statement has the ROOT user the same permissions. Everyone in the holding station should come across. the root user of mysql, you can only locally connected, the external refuse the connection. The following methods can help you solve this problem, the following statements function...

CVE-2008-5847

Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column...

Design/Logic Flaw

Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information by reading the hash column...

[SECURITY] Fedora 8 Update: roundcubemail-0.2-5.beta.fc8

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

gonafish-sql.txt

/\ \ /\ \ \ /\ /\ \ //\ \ \ \ \ \ \ \ \ \ \ /',\ \ \ \ \ \ \ \ /\ /'\ /'\ \ \ \ /\ ,\ /, \ \ \ \ ,\ \ \ \ // / // /\//\///\/\ \ \/\ // // // //////// //// security breakd0wn! Title: Gonafish LinksCaffePRO 4.5 index.php SQL Injection Vulnerability Vendor:...

Gonafish LinksCaffePRO 4.5 - 'index.php' SQL Injection

/\ \ /\ \ \ /\ /\ \ //\ \ \ \ \ \ \ \ \ \ \ /',\ \ \ \ \ \ \ \ /\ /'\ /'\ \ \ \ /\ ,\ /, \ \ \ \ ,\ \ \ \ // / // /\//\///\/\ \ \/\ // // // //////// //// security breakd0wn! Title: Gonafish LinksCaffePRO 4.5 index.php SQL Injection Vulnerability Vendor:...

MySQL空两进制字符串远程拒绝服务漏洞

BUGTRAQ ID: 31081br / CVE ID：CVE-2008-3963br / CNCVE ID：CNCVE-20082358br / br / MySQL是一款开放源代码的数据库应用程序。br / MySQL处理空两进制值存在问题，远程攻击者可以利用漏洞使服务程序崩溃。br / 通过Mysql客户端提交如下查询:br / select b'';br / 可导致服务程序崩溃。br / MySQL AB MySQL 6.0.4 MySQL AB MySQL 5.1.23 MySQL AB MySQL 5.0.60 可升级到最新版本：...

GLSA-200809-05 : Courier Authentication Library: SQL injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200809-05 Courier Authentication Library: SQL injection vulnerability It has been discovered that some input e.g. the username passed to the library are not properly sanitised before being used in SQL queries. Impact : A remote...

CVE-2008-3840

Crafty Syntax Live Help CSLH 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...

CVE-2008-3840

Crafty Syntax Live Help CSLH 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information...

Ultrastats <= 0.2.142 (players-detail.php) Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; ! Discovered.: DNX ! Vendor.....: http://www.shooter-szene.de | http://www.ultrastats.org ! Detected...: 29.06.2008 ! Reported...: 04.07.2008 ! Response...: xx.xx.2008 ! Background.: UltraStats is a very...