PT-2014-5461 · Drupal · Drupal

Name of the Vulnerable Software and Affected Versions: Drupal core versions prior to 7.32 Description: The issue concerns the expandArguments function in the database abstraction API, which does not properly construct prepared statements. This allows remote attackers to conduct SQL injection...

MangosWeb SQL Injection Vulnerability

No description provided by source. EXPLOIT TITLE: MangosWeb SQL Vulnerability DATE: 1/7/2012 BY Hood3dRob1n AFFECTED PRODUCTS: MangosWeb Enhanced Version 3.0.3 SW LINK: http://code.google.com/p/mwenhanced/ CATEGORY: WebApp 0day DORK: intext:MangosWeb ENhanced Version 3.0.3 @2009-2011, KeysWow Dev...

Debian Security Advisory DSA 2877-1 (lighttpd - security update)

Several vulnerabilities were discovered in the lighttpd web server. CVE-2014-2323 Jann Horn discovered that specially crafted host names can be used to inject arbitrary MySQL queries in lighttpd servers using the MySQL virtual hosting module modmysqlvhost. This only affects installations with the...

MangosWeb SQL Injection

EXPLOIT TITLE: MangosWeb SQL Vulnerability DATE: 1/7/2012 BY Hood3dRob1n AFFECTED PRODUCTS: MangosWeb Enhanced Version 3.0.3 SW LINK: http://code.google.com/p/mwenhanced/ CATEGORY: WebApp 0day DORK: intext:MangosWeb ENhanced Version 3.0.3 @2009-2011, KeysWow Dev Team TESTED ON: W7 & Backtrack 5...

MangosWeb - SQL Injection

MangosWeb - SQL Injection EXPLOIT TITLE: MangosWeb SQL Vulnerability DATE: 1/7/2012 BY Hood3dRob1n AFFECTED PRODUCTS: MangosWeb Enhanced Version 3.0.3 SW LINK: http://code.google.com/p/mwenhanced/ CATEGORY: WebApp 0day DORK: intext:MangosWeb ENhanced Version 3.0.3 @2009-2011, KeysWow Dev Team...

MangosWeb SQL Vulnerability

Exploit for php platform in category web applications EXPLOIT TITLE: MangosWeb SQL Vulnerability Author: BY Hood3dRob1n Greetz: 1337day Inj3ct0r Exploit DataBase 1337day.com AFFECTED PRODUCTS: MangosWeb Enhanced Version 3.0.3 SW LINK: http://code.google.com/p/mwenhanced/ CATEGORY: WebApp 0day DOR...

MangosWeb - SQL Injection

EXPLOIT TITLE: MangosWeb SQL Vulnerability DATE: 1/7/2012 BY Hood3dRob1n AFFECTED PRODUCTS: MangosWeb Enhanced Version 3.0.3 SW LINK: http://code.google.com/p/mwenhanced/ CATEGORY: WebApp 0day DORK: intext:MangosWeb ENhanced Version 3.0.3 @2009-2011, KeysWow Dev Team TESTED ON: W7 & Backtrack 5...

CVE-2010-4963

SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the orderby parameter...

DEBIAN-CVE-2010-1595

Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the 1 c, 2 val1, or 3 ongletbis parameter...

INVOhost - SQL Injection

Andrés Gómez Exploit Title : INVOhost SQL Injection Date : 2010-04-24 Author : Andrés Gómez Software Link : http://www.invohost.com/ Contact : [email protected] Dork : "Powered by INVOhost" An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the...

SugarCRM vulnerable to SQL injection

Overview SugarCRM contains a SQL injection vulnerability. SugarCRM is a customer relationship management CRM software. SugarCRM contains a SQL injection vulnerability. Takeshi Terada of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

SQL injection vulnerability in SKIP from SKIP User Group

Overview SKIP from SKIP User Group contains a SQL injection vulnerability. SKIP from SKIP User Group is an open source SNS Social Networking Service software. SKIP contains a SQL injection vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

JP1/NETM/DM Manager SQL Injection Vulnerability

Overview JP1/NETM/DM Manager for Windows is vulnerable to SQL injection where a relational database is used as the JP1/NETM/DM database. This could allow attackers to execute arbitrary SQL command and/or corrupt database when it receives a malformed request. Impact An attacker could execute...

MiniNuke 1.8.2 - Multiple SQL Injections

Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: MiniNuke www.miniex.net Version: 1.8.2 and prior versions must be affected. About:Via this method remote attacker can inject SQL query to the news.asp --- How&Example: GET -...

CVE-2004-1318

Cross-site scripting XSS vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab "%09" character, which prevents the rest of the query from being properly sanitized...

DEBIAN-CVE-2004-2186

SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance...

ASP Portal - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic content. An attacker may reportedly inje...

CVE-2001-0425

AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information...

CVE-2001-0425

AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain privileges to AdCycle via a malformed Agent: header in the HTTP request, which is inserted into a resulting SQL query that is used to verify login information...