497 matches found
Yarubo #1: Arbitrary SQL Execution in Participants Database for Wordpress
Yarubo 1: Arbitrary SQL Execution in Participants Database for Wordpress ========================================================= Program: Participants Database = 1.5.4.8 Severity: Unauthenticated attacker can fully compromise the Wordpress installation Permalink:...
Maccms V8 XSS可打后台 #3
简要描述: 刚发了个后台getshell,但是屌丝的攻城狮要怎么进入后台呢?XSS呀 本应该两个洞一起发的,xss+后台getshell=getshell,手快发早了,只好再找个其它的接口来充数了 详细说明: 在留言板本处 插入即可 打后台 漏洞证明: 结合后台漏洞攻击: 1. 后台任意文件删除,可删除install.lock导致重装 接口 http://localhost/maccms8/admin/?m=extend-picdel post参数: fname%5B%5D=..%2Fupload%2Fart%2F..%5C%5C..%5C%5C\inc\install.lock 2...
PT-2014-3495 · Red Hat · Red Hat Cloudforms Management Engine
Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms Management Engine CFME versions prior to 5.2.3.2 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This is related to the MiqReportResult.exists function in the ReportController...
DEBIAN-CVE-2014-1471
SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System OTRS 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL...
ThinkSNS某操作泄露数据库表前缀
简要描述: ThinkSNS某操作提交地址直接返回执行的SQL语句可获得数据库表前缀(影响不大) 详细说明: http://demo.thinksns.com/t3/index.php?app=public&mod=Account&act=doSaveProfile 个人设置的标签设置和基本信息 此提交地址 每次提交数据 返回时都将DB层SQL语句返回 可知网站数据表前缀 漏洞证明: http://demo.thinksns.com/t3/index.php?app=public&mod=Account&act=doSaveProfile...
Dimensions buy the system stored XSS can be comfortably background-vulnerability warning-the black bar safety net
fanwe buy the system thereXSScan obtain an administrator cookie and into the background First, in a goods to go in, inside there will be a refund of the message, will be there even if paid. Then comments can be addedXSS, the administrator every day view, the view will obtain administrator COOkie...
TCCMS某处设计缺陷,成功打入官网后台
简要描述: TCCMS某处设计缺陷,成功打入官网后台! 详细说明: 问题发生在 app\controller\user.class.php 146行 public function update $Obj = M 'user' ; if $POST 'info' 'password' !== $POST 'password1' StringUtil::msgbox Config::lang "PWDNOTTHESAME" , 'index.php?ac=usersinfo', 1 ; exit ; $Obj-create ; if $POST 'info' 'password' != "...
PT-2013-4989 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.2.3 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the fqdn or hostgroup parameter in the app/models/concerns/host common.rb file. Recommendations: For versio...
shopex ctl. member. php file SQL injection vulnerability-vulnerability warning-the black bar safety net
Issql injectionvulnerability testing version: shopex-singel-4.8.5.78660 File:\core\shop\controller\ctl.member.php function delTrackMsg if! empty$POST'deltrack' $oMsg = &$this-system-loadModel'resources/msgbox'; $oMsg-delTrackMsg$POST'deltrack'; $this-splash'success',...
DEBIAN-CVE-2012-6496
SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use...
PT-2012-4127 · Ipswitch · Ipswitch Whatsup Gold
Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold version 15.02 Description: The issue allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter in the "WrVMwareHostList.asp" file. This enables attackers to manipulate database queries,...
PT-2012-2069 · Gr Board · Gboard
Name of the Vulnerable Software and Affected Versions: GR Board version 1.8.6.5 Community Edition Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the tableType or blindTarget parameter to "view.php", the delTargets0 parameter to "view...
postgresql: SQL injection due unsanitized newline characters in object names
CRLF injection vulnerability in pgdump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQ...
CVE-2010-5004
SQL injection vulnerability in searchvote.php in 2daybiz Polls aka Advanced Poll Script allows remote attackers to execute arbitrary SQL commands via the category parameter...
CVE-2010-5033
SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter...
CVE-2010-5021
SQL injection vulnerability in viewgroup.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter...
CVE-2010-4954
SQL injection vulnerability in productreviewsinfo.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the productsid parameter...
CVE-2011-1686
Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data...
CVE-2011-0987
The PMABookmarkget function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark...
KLINK - SQL Injection
KLINK - SQL Injection Andr�s G�mez Exploit Title : KLINK Sql Injection Vulnerability Date : 2010-12-31 Author : Andr�s G�mez Software Developed by : http://www.contacto.com Contact : [email protected] Dork : "allinurl:.php?txtCodiInfo=" An attacker may execute arbitrary SQL statements on...