Negin Group CMS - (v) Multiple Web Vulnerabilities

Document Title: =============== Negin Group CMS - v Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1831 Release Date: ============= 2016-04-24 Vulnerability Laboratory ID VL-ID: ==================================== 1831 Comm...

WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection

Exploit Title: WordPress: cp-reservation-calendar 1.1.6 SQLi injection Date: 2015-09-15 Google Dork: Index of /wp-content/plugins/cp-reservation-calendar/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Software Link: https://downloads.wordpress.org/plugin/cp-reservation-calendar.z...

JSPMySQL Administrador CSRF & XSS Vulnerabilities

JSPMySQL Administrador，通过基于jsp技术的B/S模式来远程管理MySQL数据库。下载链接：https://sites.google.com/site/mfpledon/producao-de-software影响版本：JSPMySQL Administrador V.1漏洞类型：CSRF、XSS漏洞等级: 高危CVE-ID：N/A披露时间：供应商通知：2015年8月31日公开披露：2015年9月4日漏洞详情：1）允许远程攻击者在没有CSRF令牌的情况下，在MySQL数据库中执行任意的SQL命令。2）listabd2.jsp中存在XSS的切入点。请求方法：POST ...

WordPress Plugin Business Intelligence - SQL Injection (Metasploit)

Exploit Title : Wordpress Plugin 'Business Intelligence' Remote SQL Injection vulnerability Author : Jagriti Sahu AKA Incredible Vendor Link : https://www.wpbusinessintelligence.com Download Link : https://downloads.wordpress.org/plugin/wp-business-intelligence-lite.1.6.1.zip Date : 1/04/2015...

Cacti monitoring system injection vulnerability trigger the bloodshed-vulnerability warning-the black bar safety net

Preface: Security is a whole, any one of the short Board will cause Safety accident, from the border network to the IDC operation and maintenance of the network to the office network, are the whole of each of the network cannot be ignored. Enterprise in for security to do a multi-layer protection...

E-Journal CMS (ID) - Multiple Web Vulnerabilities

Document Title: =============== E-Journal CMS ID - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1380 Release Date: ============= 2014-12-17 Vulnerability Laboratory ID VL-ID: ==================================== 1380 Commo...

MyBB 1.8.X - Multiple Vulnerabilities

Latest MyBB forum software suffers on multiple vulnerabilities, including SQL Injection and Cross Site Scripting. Such bugs may allow attacker to perform remote sql queries against the database, and so on. Title: MyBB 1.8.X - Multiple Vulnerabilities Date: 13.11.2014 Tested on: Linux / Apache 2.2...

LoadedCommerce7 - Systemic Query Factory Vulnerability

No description provided by source. Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor...

LoadedCommerce7 - Systemic Query Factory Vulnerability

Loaded Commerce 7 shopping cart/online store suffers from a systemic vulnerability in its query factory, allowing attackers to circumvent user input sanitizing to perform remote SQL injection. Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory:...

LoadedCommerce7 - Systemic Query Factory

Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor notified - 29 July 2014 Vendor...

TomatoCart v1.x (latest-stable) Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3978 - Remote SQL Injection Vulnerability CVE-2014-3830 - Reflected Cross Site Scripting - ------------------------------------------------------------------------------ Title: TomatoCart v1.x latest-stable Remote SQL Injection Vulnerability...

plugin WP-Forum 1.7.4 - Remote SQL Injection

The wpforum WordPress plugin was affected by a Remote SQL Injection security vulnerability...

plugin WP-Forum 1.7.8 - Remote SQL Injection

The wpforum WordPress plugin was affected by a Remote SQL Injection security vulnerability...

st_newsletter - Remote SQL Injection

The stnewsletter WordPress plugin was affected by a Remote SQL Injection security vulnerability...

PHP-Nuke <= 8.0 Final (INSERT) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl 0day exploit for PHP-nuke =8.0 Final Sql injection attack in INSERT syntax version for every basePostgreSQL,mssql... except MySQL base Coded by:Maciej krasza [email protected] Screenshot: 0day exploit for PHP-nuke =8.0 Final Sql injection atta...

Invision Power Board 2.1 <= 2.1.6 - Remote SQL Injection Exploit (2)

No description provided by source. !/usr/bin/perl use LWP::UserAgent; $ua = LWP::UserAgent-new; &header; if @ARGV 2 &info; exit; $server = $ARGV0; $dir = $ARGV1; print + SERVER $server\r\n; print + DIR $dir\r\n; Step 1, detecting vulnerability print 1 Testing forum vulnerability...; $q = UNION...

DataLife Engine <= 4.1 - Remote SQL Injection Exploit (perl)

No description provided by source. !/usr/bin/perl DataLife Engine sql injection exploit by RST/GHC coded by 1dt.w0lf RST/GHC http://rst.void.ru http://ghc.ru 18.06.06 use LWP::UserAgent; use Getopt::Std; getopts'u:n:p:'; $url = $optu; $name = $optn; $prefix = $optp || 'dle'; if!$url || !$name $sn...

addalink <= 4 (category_id) Remote SQL Injection Vulnerability

No description provided by source...

Wordpress plugin WP-Forum 1.7.4 - Remote SQL Injection Vulnerability

No description provided by source. remote sql injection exploit -::DESCRIPTION== WordPress forum plugin by Fredrik Fahlstad. Version: 1.7.4. exploit: 1+union+select+null,concatuserlogin,0x2f,userpass,0x2f,useremail,null,null,null,null,null+from+wpusers where id=1/ wptbvusers google: Fredrik...

Mobius <= 1.4.4.1 (browse.php id) Remote SQL Injection Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl Mobius = 1.4.4.1 Remote SQL Injection Vulnerability Script: Mobius Web Publishing Software Script sit...