RBlog 1.0 (admin.mdb) Remote Password Disclosure Vulnerablity

Exploit for unknown platform in category web applications ============================================================= RBlog 1.0 admin.mdb Remote Password Disclosure Vulnerablity ============================================================= Discovered: Aria-Security Team Risk: Low Type:Remote...

RBlog 1.0 - 'admin.mdb' Remote Password Disclosure

Discovered: Aria-Security Team Vendor: http://mike.dewolfe.bc.ca/scripts/rblog/ Risk: Low Type:Remote Database Download PoC: http://TARGET/path/data/admin.mdb http://TARGET/path/data/rblog.mdb Contact: [email protected] milw0rm.com 2007-01-01...

RBlog 1.0 - admin.mdb Remote Password Disclosure

RBlog 1.0 - admin.mdb Remote Password Disclosure Discovered: Aria-Security Team Vendor: http://mike.dewolfe.bc.ca/scripts/rblog/ Risk: Low Type:Remote Database Download PoC: http://TARGET/path/data/admin.mdb http://TARGET/path/data/rblog.mdb Contact: [email protected] milw0rm.com 2007-01...

IBM DB2 < 8.1 Fix Pack 14 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 running on the remote host may crash when processing specially crafted SQLJRA packets because it attempts to dereference a NULL pointer in the sqledb2raasrecvrequest function. A remote attacker can send such packets without authentication to...

CVE-2006-6289

Woltlab Burning Board wBB Lite 1.0.2 does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the wbbuserid parameter to the top-level URI...

comersusDB.txt

ComerSus ASP Shopping Cart Vendor : Www.Compersus.Com Credits : MFox HomePage : Www.HackerZ.ir Remote DataBase Getting ! Proof of Concept : Http://Target/Path/database/comersus.mdb...

Comersus ASP shopping cart &lt;= DataBase Downloading vuln

ComerSus ASP Shopping Cart Vendor : Www.Compersus.Com Credits : MFox HomePage : Www.HackerZ.ir Remote DataBase Getting ! Proof of Concept : Http://Target/Path/database/comersus.mdb...

MultipleDisclose.txt

Title: 5 php scripts remote database password disclosure Date: Sun July 02 21:04 2006 Credits: Security hole discovered by DarkFig [email protected] Problem: Database configuration is located in a .inc fileno protected by .htaccess file Web: http://acid-root.new.fr VulnScr: Mp3netbox Beta 1...

PT-2006-2938 · Unknown · Rechnungszentrale V2

Name of the Vulnerable Software and Affected Versions: RechnungsZentrale V2 versions 1.1.3 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the SQL injection vulnerability in the authent.php4 file, specifically via the Us...

PT-2005-5482 · Unknown · Land Down Under

Name of the Vulnerable Software and Affected Versions: Land Down Under LDU versions v801 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via parameters including 1 the m parameter in "auth.php", 2 the f parameter in "events.php", ...

Generic HTTP SQLi (Web Application) - Active Check

This script attempts to use SQL injection SQLi techniques on CGI / web application scripts. SPDX-FileCopyrightText: 2002 John Lampe Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

JGS-XA JGS-Portal <= 3.0.2 Multiple XSS and SQLi Vulnerabilities - Active Check

The remote version of JGS-Portal contains an input validation flaw leading multiple SQL injection and XSS vulnerabilities. SPDX-FileCopyrightText: 2005 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

JGS-Portal Multiple XSS and SQL injection Vulnerabilities

The remote host is running the JGS-Portal, a web portal written in PHP. The remote version of this software contains an input validation flaw leading multiple SQL injection and XSS vulnerabilities. An attacker may exploit these flaws to execute arbirtrary SQL commands against the remote database...

Advanced Guestbook index.php SQL Injection Vulnerability

Advanced Guestbook is prone to an input validation flaw leading to an SQL injection vulnerability. SPDX-FileCopyrightText: 2005 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

mantis-poc.txt

--------------------------------------------------------------------------- Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2005 Location: Basque Country...

Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities

--------------------------------------------------------------------------- Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2005 Location: Basque Country...

VP-ASP Multiple Script SQL Injection

The remote host is using the VP-ASP, a shopping cart program written in ASP. The remote version of this software contains three SQL injection vulnerabilities in the files shopaddtocart.asp, shopaddtocartnodb.asp and shopproductselect.asp. An attacker may exploit these flaws to execute arbitrary S...

PT-2005-2863 · Unknown · Livingmailing

Name of the Vulnerable Software and Affected Versions: livingmailing version 1.3 Description: The issue allows remote attackers to execute arbitrary SQL commands via the password in the login.asp file. There is little public information available about the product and its vendor. Recommendations:...

DEBIAN-CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...

Invision Power Board Multiple Vulnerabilities (Priv Esc, SQLi

According to its banner, the version of Invision Power Board on the remote host suffers from a privilege escalation issue. To carry out an attack, an authenticated user goes to delete his own group and moves users from that group into the root admin group. In addition to this, the remote version ...