Yahoo Query Language Cross Site Scripting

/ Exploit Title: Yahoo Query Language Cross Site Scripting Vulnerability Exploit Author: Peyman D. aka C4T Vendor Homepage : http://query.yahooapis.com/ Google Dork: none Date: 2015-03-08 Tested on: Windows 7 / Mozila Firefox Exploit Code: Discovered by Peyman D. aka C4T alert'Successfully...

Cisco Secure Access Control System SQL Injection Vulnerability

Cisco Secure ACS is a central management platform for Cisco network devices that controls authentication and authorization of devices. A SQL injection vulnerability exists in the Cisco Secure Access Control System due to the program not adequately filtering user-supplied data before using it in S...

SIPhone Enterprise PBX SQL Injection Vulnerability

SIPhone Enterprise PBX is an enterprise switch product. A SQL injection vulnerability exists in SIPhone Enterprise PBX. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands via a username...

Multiple SQL Injection Vulnerabilities in ZeroCMS

ZeroCMS is a simple content management system, built with PHP and MySQL. ZeroCMS suffers from multiple SQL injection vulnerabilities due to the program failing to properly filter user-supplied input. An attacker is allowed to exploit this vulnerability to access or modify data, or to exploit a...

PT-2023-25556 · Monetdb +1 · Monetdb Server +1

Name of the Vulnerable Software and Affected Versions: MonetDB Server versions 11.45.17 through 11.46.0 Description: The issue in the list append component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For versions 11.45.17 and 11.46.0, update to a...

Red Hat CloudForms Management Engine SQL Injection Vulnerability

Red Hat CloudForms is hybrid cloud management software from Red Hat. A SQL injection vulnerability in Red Hat CloudForms Management Engine allows attackers to send specially crafted REST API requests to manipulate or obtain database data...

PT-2015-3930 · Red Hat · Red Hat Cloudforms

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms 3.1 Management Engine CFME version 5.3 Description: The issue allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter. This can be achieved by sending a malicious...

CFME: REST API SQL Injection

It was found that CloudForms 4 exposed SQL filters via the REST API without any input escaping. An authenticated user could use this flaw to perform SQL injection attacks against the CloudForms Management Engine database...

WordPress Plugin Cdnvote SQL Injection Vulnerability

WordPress is a use of PHP language development of blogging platform , users can support PHP and MySQL database server set up their own weblog . cdnvote is a WordPress plugin to create a voting module . WordPress plugin Cdnvote has a SQL injection vulnerability. A remote attacker can exploit this...

WordPress Social Slider Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.Social Slider is a social sharing button display plugin. Social Slider plugin suffers from a SQL injection vulnerability that allows remo...

HumHub SQL Injection Vulnerability

HumHub is a flexible, open source social networking system developed in PHP. HumHub 0.10.0-rc.1 and earlier versions suffer from a SQL injection vulnerability that allows remote authenticated users to execute arbitrary SQL commands...

PMB SQL Injection Vulnerability

PMB is a WEB-based application. The PMB catalog.php script fails to properly filter the id parameter, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

Osclass 'alert' Parameter SQL Injection Vulnerability

OSClass is a PHP MySQL based development , used to create and manage classified ads website open source system . The Osclass 'alert' parameter suffers from a SQL injection vulnerability because it fails to adequately filter user-supplied data before using it in a SQL query. Allows an attacker to...

mysql: unspecified vulnerability related to SRINFOSC (CPU July 2014)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SRINFOSC...

CVE-2014-2081

Multiple SQL injection vulnerabilities in the login in webreports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter...

UBUNTU-CVE-2014-3704

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys...

rubygem-activerecord: SQL injection vulnerability in 'range' quoting

It was discovered that Active Record did not properly quote values of the range type attributes when using the PostgreSQL database adapter. A remote attacker could possibly use this flaw to conduct an SQL injection attack against applications using Active Record...

Yahoo!: Read arbitrary XML files on YQL backend servers via XSLT document()

The YQL Yahoo! Query Language service had an arbitrary XSLT document execution vulnerability. The YQL service allowed users to execute arbitrary XSLT stylesheets under the Apache Xalan-J XSLTC processor via the xslt table. Although the JAXP secure mode feature was activated to prevent code...

[SECURITY] Fedora 19 Update: php-doctrine-orm-2.4.2-2.fc19

Object relational mapper ORM for PHP that sits on top of a powerful datab ase abstraction layer DBAL. One of its' key features is the option to write database queries in a proprietary object oriented SQL dialect called Doctri ne Query Language DQL, inspired by Hibernate's HQL. This provides...

EMC Documentum D2 Privilege Escalation (ESA-2014-045)

The remote host is running EMC Documentum D2. It is, therefore, affected by a privilege escalation vulnerability due to a flaw in the Documentum Query Language DQL engine. A remote, authenticated attacker can exploit this vulnerability to execute arbitrary DQL queries with superuser privileges. C...