GLSA-201311-03 : Quassel: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201311-03 Quassel: Multiple Vulnerabilities Two vulnerabilities have been found in Quassel: Quassel does not properly handle multiple CTCP requests CVE-2010-3443. Quassel, when used with certain versions of Qt and PostgreSQL, does...

Obehotel CMS SQL Injection Vulnerability

Obehotel CMS suffers from denial of service, insecure transit, directory listing, and remote SQL injection vulnerabilities. OBEHOTEL Spanish CMS Blind SQLinjection / Apache httpd Remote Denial of Service / Directory Listing / Insecure transition from HTTPS to HTTP in form post I-VULNERABILITY...

SQLAlchemy: SQL injection

Background SQLAlchemy is a Python SQL toolkit and Object Relational Mapper. Description SQLAlchemy does not properly sanitize input passed from the “limit” and “offset” keywords to the select function before using it in an SQL query. Impact A remote attacker could exploit this vulnerability to...

GLSA-201208-04 : Gajim: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201208-04 Gajim: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Gajim. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially...

Gajim: Multiple vulnerabilities

Background Gajim is a Jabber and XMPP client written in PyGTK. Description Multiple vulnerabilities have been discovered in Gajim. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted link using Gajim, possibly...

CVE-2012-0709

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements...

Kingdee Apusic Web framework for the backend to get the site webshell and repair-vulnerability warning-the black bar safety net

Apusic Web Management Console Default background address: admin/login. jsp The default management account password: admin admin Use method: the background has to execute SQL statements, also have to load anything. Specific words have forgotten Find Upload, a loaded God horse, just look to...

AlstraSoft EPay Enterprise 4.0 SQL Injection

Exploit Title: AlstraSoft EPay Enterprise v4.0 Blind SQL Injection Google Dork: Copyright @ 2010 iPayGold.com Date: Decembar/6/2011 Author: Don BalcanCrew & BalcanHack Software Link: http://www.alstrasoft.com/epayenterprise.htm Version: 4.0 Tested on: Apache/1.3.37 An attacker may execute arbitra...

CA Total Defense Suite - reGenerateReports Stored procedure SQL Injection (Metasploit)

$Id: catotaldefenseregeneratereports.rb 13810 2011-10-02 17:03:23Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Asterisk2Billing v1.9.4 - SQL Injection Vulnerability

Document Title: =============== Asterisk2Billing v1.9.4 - SQL Injection Vulnerability Release Date: ============= 2011-08-11 Vulnerability Laboratory ID VL-ID: ==================================== 246 Product & Service Introduction: =============================== Asterisk ist eine freie Software...

Sql injection

Ecava IntegraXor HMI before n 3.60 Build 4032 allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate...

KLINK - SQL Injection

Andr�s G�mez Exploit Title : KLINK Sql Injection Vulnerability Date : 2010-12-31 Author : Andr�s G�mez Software Developed by : http://www.contacto.com Contact : [email protected] Dork : "allinurl:.php?txtCodiInfo=" An attacker may execute arbitrary SQL statements on the vulnerable system...

Sybase PowerDesigner Repository Proxy Detection

The remote service is a Sybase PowerDesigner Repository Proxy, which allows users to issue SQL statements via an ODBC connection to be executed on the database server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description...

Update : Havij v1.13 automated SQL Injection tool - New version

Update : Havij v1.13 automated SQL Injection tool - New version "Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform...

Authentication flaw

The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the...

Symantec IM Manager Administrative Interface rdpageimlogic.aspx SQL Injection Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx page which is exposed through an IIS extension on the defau...

Cag CMS 0.2 - Cross-Site Scripting / Blind SQL Injection

----------------------------------------------------------------------------------------- Cag CMS Version 0.2 Beta = XSS && Blind SQL Injection Multiple Vulnerabilities ----------------------------------------------------------------------------------------- Author : Shamus Date : October, 05th...

Oracle MySQL 5.1.50 - Privilege Escalation

Oracle MySQL 5.1.50 - Privilege Escalation source: https://www.securityfocus.com/bid/43677/info MySQL is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to run arbitrary SQL statements with 'SUPER' privileges on the slave database system. This will allow t...

Oracle Database InterMedia Denial of Service

Oracle Database Server is an enterprise-level relational database application suite. In addition to common basic data types, such as INT or VARCHAR, Oracle uses specialized object types to store and manage complex data objects, such as images and audio/video data. Object types are conceptually...

INVOhost SQL Injection

Andrés Gómez Exploit Title : INVOhost SQL Injection Date : 2010-04-24 Author : Andrés Gómez Software Link : http://www.invohost.com/ Contact : [email protected] Dork : "Powered by INVOhost" An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the...