1417 matches found
Oracle Database OLAP component ODCITABLESTART buffer overflow
Added: 02/06/2009 CVE: CVE-2008-3974 BID: 33177 OSVDB: 51347 Background The Online Analytical Processing OLAP component of Oracle Database is a set of stored procedures used for multi-dimensional analytical queries. Problem A buffer overflow vulnerability in the ODCITABLESTART function allows...
Oracle Database OLAP component ODCITABLESTART buffer overflow
Added: 02/06/2009 CVE: CVE-2008-3974 BID: 33177 OSVDB: 51347 Background The Online Analytical Processing OLAP component of Oracle Database is a set of stored procedures used for multi-dimensional analytical queries. Problem A buffer overflow vulnerability in the ODCITABLESTART function allows...
YapBB <= 1.2 (forumID) Blind SQL Injection Exploit
No description provided by source. --+++======================================================+++-- --+++====== YapBB = 1.2 Blind SQL Injection Exploit ======+++-- --+++======================================================+++-- !/usr/bin/perl use strict; use warnings; use IO::Socket; sub usage d...
Lootan - login.asp SQL Injection
Lootan - login.asp SQL Injection source: https://www.securityfocus.com/bid/33439/info Lootan is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...
w3bcms - '/admin/index.php' SQL Injection
source: https://www.securityfocus.com/bid/33310/info The 'w3bcms' application is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, acces...
LinksPro - OrderDirection SQL Injection
LinksPro - OrderDirection SQL Injection source: https://www.securityfocus.com/bid/33305/info LinksPro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromis...
Dark Age CMS 2.0 - login.php SQL Injection
Dark Age CMS 2.0 - login.php SQL Injection source: https://www.securityfocus.com/bid/33271/info Dark Age CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Microsoft SQL Server Generic Query
This module will allow for simple SQL statements to be executed against a MSSQL/MSDE instance given the appropriate credentials. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL...
REDPEACH CMS (zv) Remote SQL Injection Vulnerability
No description provided by source. REDPEACH CMS - SQL Injection Vulnerability http://www.redpeach.de/ Vulnerability discovered by: LidlosesAuge Greetz to: -=Player=- , Suicide, g4ms3, enco, Palme, GPM, karamble, Free-Hack Date: 23.12.2008 Admin Panel: Target/admin/login.php Description: The Files...
phpMyAdmin 3.1.0 (XSRF) SQL Injection Vulnerability
No description provided by source. Written by Michael Brooks Special Thanks to str0ke and rGod Intro: phpMyAdmin is by far the most popular PHP project. Between phpmyadmin and the xampp project there are more than 34+ million downloads from sourceforge.net . This exploit was released along side...
phpMyAdmin 3.1.0 - Cross-Site Request Forgery SQL Injection
phpMyAdmin 3.1.0 - Cross-Site Request Forgery SQL Injection Written by Michael Brooks Special Thanks to str0ke and rGod Intro: phpMyAdmin is by far the most popular PHP project. Between phpmyadmin and the xampp project there are more than 34+ million downloads from sourceforge.net . This exploit...
Pre Classified Listings 1.0 - 'detailad.asp' SQL Injection
source: https://www.securityfocus.com/bid/32566/info Pre Classified Listings is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access...
Natterchat 1.1 - Authentication Bypass
Natterchat 1.1 - Authentication Bypass + Script Name : NATTERCHAT v1.1 remote login bypass + Author : Bl@ckbe@rD 'Tunisian TerrorisT' + Contact : blackbeard-sqlA.Thotmail.fr ; + Dork : Powered by NATTERCHAT v 1.1 --//-- + Expl0iT : 1 Go to the Login page...
Natterchat 1.1 - Authentication Bypass
Script Name : NATTERCHAT v1.1 remote login bypass + Author : Bl@ckbe@rD 'Tunisian TerrorisT' + Contact : blackbeard-sqlA.Thotmail.fr ; + Dork : Powered by NATTERCHAT v 1.1 --//-- + Expl0iT : 1 Go to the Login page http://www.exemple.ff/chat/nattechat/home.asp 2 Username : admin Password : ' or...
Easyedit CMS - page.php?intPageID SQL Injection
Easyedit CMS - page.php?intPageID SQL Injection source: https://www.securityfocus.com/bid/32369/info Easyedit is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...
SpitFire Photo Pro - pages.php SQL Injection
SpitFire Photo Pro - pages.php SQL Injection source: https://www.securityfocus.com/bid/32012/info SpitFire Photo Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attack...
Joekoe(乔客CMS)3.0Sql注入漏洞
JoekoeCMS3在获取客户端浏览器类型参数User-agent时没有严格过滤,导致在引入查询时可以通过修改数据包构造特殊的user-agent值来达到添加后台管理员等目的。 JoekoeCMS3将所有类都封装在了一个JoekoeCMS3b.dll的Dll中, Joekoe是通过cls.ipsys1来获取客户端的User-Agent,所以在其程序中调用cls.ipsys1并放入SQL查询的页面\common\review.asp、\forum\post.asp、\forum\inc\incpost.asp均存在此漏洞。...
myEvent Multiple Remote Vulnerabilities
myEvent is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2008 Josh Zlatin-Amishav Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Dizi Portali - diziler.asp SQL Injection
Dizi Portali - diziler.asp SQL Injection source: https://www.securityfocus.com/bid/31849/info Dizi Portali is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
PHP-Nuke Sarkilar Module - id SQL Injection
PHP-Nuke Sarkilar Module - id SQL Injection source: https://www.securityfocus.com/bid/31830/info Sarkilar module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow ...