1417 matches found
SoftBB 0.1 - 'mail' Blind SQL Injection
!/usr/bin/env python LOTFREE TEAM 03/2006 http://lotfree.next-touch.com/ http://membres.lycos.fr/lotfree/sploits/LOTF-SoftBB.py Vulnerability info Product : SoftBB Version : 0.1 The field 'mail' in reg.php is used directly in a SQL query : $sql = 'SELECT pseudo,mail FROM '.$prefixtable.'membres...
SoftBB 0.1 - mail Blind SQL Injection
SoftBB 0.1 - mail Blind SQL Injection !/usr/bin/env python LOTFREE TEAM 03/2006 http://lotfree.next-touch.com/ http://membres.lycos.fr/lotfree/sploits/LOTF-SoftBB.py Vulnerability info Product : SoftBB Version : 0.1 The field 'mail' in reg.php is used directly in a SQL query : $sql = 'SELECT...
[eVuln] NMDeluxe XSS & SQL Injection Vulnerabilities
New eVuln Advisory: NMDeluxe XSS & SQL Injection Vulnerabilities http://evuln.com/vulns/93/summary.html --------------------Summary---------------- eVuln ID: EV0093 CVE: CVE-2006-1107 CVE-2006-1108 Software: NMDeluxe Sowtware's Web Site: http://nmdeluxe.com/ Versions: 1.0.0 STABLE Critical Level:...
Invision Power Board 2.1.5 - showtopic SQL Injection
source: https://www.securityfocus.com/bid/16971/info Invision Power Board is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...
Invision Power Board 2.1.5 - showtopic SQL Injection
Invision Power Board 2.1.5 - showtopic SQL Injection source: https://www.securityfocus.com/bid/16971/info Invision Power Board is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...
VBZoom Forum 1.11 - 'show.php' MainID SQL Injection
source: https://www.securityfocus.com/bid/16955/info VBZooM Forum is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise t...
DCI-Designs Dawaween 1.03 - 'Poems.php' SQL Injection
source: https://www.securityfocus.com/bid/16909/info Dawaween is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploits could allow a remote attacker to compromise the application, access or modify dat...
Advisory: Pentacle In-Out Board <= 6.03 (login.asp) Authencation ByPass Vulnerability
--Security Report-- Advisory: Pentacle In-Out Board = 6.03 login.asp Authencation ByPass Vulnerability --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 25/02/06 05:56 AM --- Contacts: ICQ: 10072 MSN/Email: nukedx at nukedx dot com Web: http://www.nukedx.com --- Vendor: G2SOFT...
PentacleBypass.txt
--Security Report-- Advisory: Pentacle In-Out Board http://site/ptdir/login.asp?username=any&password=' or '1'='1 -- Timeline: 25/02/2006: Vulnerability found. 25/02/2006: Contacted with vendor and waiting reply. -- Exploit: http://www.nukedx.com/?getxpl=13 -- Original advisory:...
Web Calendar Pro - Dropbase.php SQL Injection
Web Calendar Pro - Dropbase.php SQL Injection source: https://www.securityfocus.com/bid/16789/info Web Calendar Pro is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
DBeSession102.txt
GulfTech Security Research February 11, 2006 Vendor : Lawrence Osiris URL : http://www.phpclasses.org/browse/package/1624.html Version : DBeSession 1.0.2 Risk : SQL Injection Description: DBeSession is a feature-packed PHP class that stores the session data in a MySQL database rather than files. ...
DELTAScripts PHP Classifieds 6.20 - 'Member_Login.php' SQL Injection
source: https://www.securityfocus.com/bid/16642/info PHP Classifieds is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromis...
SQL Server SA rights summary of the classic techniques-vulnerability warning-the black bar safety net
The premise of the need for tools: SQL Query Analyzer and SqlExec Sunx Version The first part: About to remove the xpcmdshell to protect the system analysis summary: First of all know about the statement: 1. Remove the xpcmdshell extended procedure of the method is to use the following statement:...
[SA18821] XMB Forums today.php Cookie Data SQL Injection
TITLE: XMB Forums today.php Cookie Data SQL Injection SECUNIA ADVISORY ID: SA18821 VERIFY ADVISORY: http://secunia.com/advisories/18821/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: XMB 1.x http://secunia.com/product/1491/ DESCRIPTION: James Bercegay has...
[SA18715] PHP GEN Unspecified Cross-Site Scripting and SQL Injection
TITLE: PHP GEN Unspecified Cross-Site Scripting and SQL Injection SECUNIA ADVISORY ID: SA18715 VERIFY ADVISORY: http://secunia.com/advisories/18715/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: PHP GEN 1.x...
WebspotBlogging 3.0 - login.php SQL Injection
WebspotBlogging 3.0 - login.php SQL Injection source: https://www.securityfocus.com/bid/16319/info WebspotBlogging is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
White Album 2.5 - 'Pictures.php' SQL Injection
source: https://www.securityfocus.com/bid/16247/info White Album is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...
MiniNuke 1.8.2 - Multiple SQL Injections
Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: MiniNuke www.miniex.net Version: 1.8.2 and prior versions must be affected. About:Via this method remote attacker can inject SQL query to the news.asp --- How&Example: GET -...
See through cyber attacks magic: Log Parser-vulnerability warning-the black bar safety net
“Log Parser”is the most useful free Web Services Tools. It uses SQL-style Query mode analysisWeb serverlog file, and then returns a report that shows records that match the query all of the content. You can use Log Parser to create a search query, find trying to attack yourWeb serverand execute...
EV0021.txt
New eVuln Advisory: Venom Board SQL Injection Vulnerability --------------------Summary---------------- Software: Venom Board Sowtware's Web Site: http://sourceforge.net/projects/venomboard/ Versions: 1.22 Critical Level: Moderate Type: Cross-Site Scripting Class: Remote Status: Unpatched Exploit...