某政府系统两处注入打包

简要描述： RT 详细说明： 山东农友软件公司官网:http://www.nongyou.com.cn/ 所有参数:tname和 CountryName都存在注入的。 案例如下： http://218.56.99.84:8003/newSymSum/VillagePersonal2.aspx?tname=太河镇&CountryName=东同古村 http://222.135.109.70:8200/newSymSum/VillagePersonal2.aspx?tname=泽库镇&CountryName=辛立庄村...

PMB 4.1.3 - (Authenticated) SQL Injection

Exploit Title: PMB = 4.1.3 Post-Auth SQL Injection Vulnerability Google Dork: inurl:opaccss Date: 25-12-2014 Exploit Author: XD4rker Ismail Belkacim Email: xd4rkeratgmail.com Twitter: @xd4rker Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files...

PHPMyRecipes 1.2.2 - 'browse.php?category' SQL Injection

Exploit Title : phpMyRecipes 1.2.2 SQL injectionpage browse.php, parameter category Author : Manish Kishan Tanwar Download Link : http://prdownloads.sourceforge.net/php-myrecipes/phpMyRecipes-1.2.2.tar.gz?download Date : 23/12/2014 Discovered at : IndiShell Lab Love to : zero cool,Team...

PHPMyRecipes 1.2.2 - browse.php?category SQL Injection

PHPMyRecipes 1.2.2 - browse.php?category SQL Injection Exploit Title : phpMyRecipes 1.2.2 SQL injectionpage browse.php, parameter category Author : Manish Kishan Tanwar Download Link : http://prdownloads.sourceforge.net/php-myrecipes/phpMyRecipes-1.2.2.tar.gz?download Date : 23/12/2014 Discovered...

mysql: unspecified MyISAM temporary file issue fixed in 5.5.39 and 5.6.20

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM...

mysql: Remote Preauth User Enumeration flaw

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames...

WordPress XCloner Plugin <= 3.1.1 - Clear Text MySQL Database Password

Because of this vulnerability, the attackers can obtain sensitive information via unspecified vectors. Solution Update the plugin...

CVE-2014-8522

CVE-2014-8522 concerns the MySQL database component used by McAfee Network Data Loss Prevention (NDLP). The vulnerability stems from the NDLP deployment permitting unauthenticated access to its MySQL database prior to version 9.3, meaning remote attackers could gain access without credentials. Pu...

WordPress Database Manager 2.7.1 Command Injection / Credential Leak

WordPress Database Manager plugin version 2.7.1 suffers from remote command injection and credential leakage vulnerabilities. Title: Vulnerabilities in WordPress Database Manager v2.7.1 Author: Larry W. Cashdollar, @larry0 Date: 10/13/2014 Download: https://wordpress.org/plugins/wp-dbmanager/...

[SECURITY] [DSA 3054-1] mysql-5.5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3054-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 20, 2014 http://www.debian.org/security/faq -...

USN-2384-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the...

Immunity Canvas: CVE_2014_5261

Name| CVE20145261 ---|--- CVE| CVE-2014-5261 Exploit Pack| CANVAS Description| CVE-2014-5261 Notes| CVE Name: CVE-2014-5261 VENDOR: The Cacti Group Changelog: http://svn.cacti.net/viewvc?view=rev&revision=7454 Notes: This is a post-authentication command injection vulnerability in Cacti 0.8.8b,...

F5 BIG-IP SQL注入漏洞

No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20130122-1 ======================================================================= title: SQL Injection product: F5 BIG-IP vulnerable version: =11.2.0 fixed version: 11.2.0 HF3 11.2.1 HF3 CVE number: CVE-2012-3000...

Ultrastats <= 0.2.142 (players-detail.php) Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; ! Discovered.: DNX ! Vendor.....: http://www.shooter-szene.de | http://www.ultrastats.org ! Detected...: 29.06.2008 ! Reported...: 04.07.2008 ! Response...: xx.xx.2008 ! Background.: UltraStats is a very...

NooMS CMS 1.1.1 - CSRF

No description provided by source. NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this morning so figured I'd tr...

AlienVault OSSIM 4.1.2 - Multiple SQL Injection Vulnerabilities

No description provided by source. RunRunLevel Web Security Research - AlienVault OSSIM multiple SQL Injection vulnerabilities Vendor Website : http://www.alienvault.com INDEX --------------------------------------- 1. Background 2. Description 3. Affected Products 4. Vulnerabilities 5. Solution ...

Kimai 0.9.2 - 'db_restore.php' SQL Injection

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = AverageRanking include Msf::Exploit::Remote::HttpClient include...

InterWorx Control Panel 5.0.13 build 574 (xhr.php, i param) - SQL Injection

No description provided by source. ================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2014-2531...

PHP-Fusion <= 6.00.306 Multiple Vulnerabilities Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo PHPFusion = v6.00.306 avatar modmime arbitrary file upload &\r\n; echo local inclusion vulnerabilities\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; if $argc6 echo Usage: p...

Lingxia I.C.E CMS Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/python ICE CMS Blind SQLi 0day. mrme@pluto ice$ python icecold.py -p localhost:8080 -t 10.3.100.25:8500 -d /ice/ | ---------------------------------------------------- | | Lingxia I.C.E CMS Remote Blind SQL Injection Exploit | | by mrme - net-ninja.net...