Cells Blog 3.3 - XSS Reflected & Blind SQLite Injection

No description provided by source. + Exploit: Cells v3.3 XSS Reflected & Blind SQLite Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + version: Cells Blog 3.3 + Vendor Homepage: http://cells.tw + 14/01/2014 vendor contacted + 17/01/2014 no response from vendor +...

SQLite Browser 2.0b1 - Local DoS Vulnerability

No description provided by source. Exploit Title: SQLite Browser 2.0b1 Local DoS Vulnerability Author: Nishant Das Patnaik Tested on: Windows XP SP2/SP3 x86, Vista x86, Windows 7 x64 Code : A specially crafted SQL file query can cause the the application to freeze and finally crash. The bug is th...

iOS iFileExplorer Free - Directory Traversal

No description provided by source. Exploit Title: iPod Touch/iPhone iFileExplorer Free Directory Traversal Date: 04/03/2011 UK date format Author: theSmallNothing Software Link: http://itunes.apple.com/gb/app/ifileexplorer-protect-multi/id355253462?mt=8 Version: 2.8 Tested on: iPod Touch 2G 4.1...

SweetRice < 0.6.4 (fckeditor) Remote File Upload

No description provided by source. Title: SweetRice 0.6.4 fckeditor Remote File Upload Vendor: http://www.basic-cms.org Dork: Powered By Basic CMS SweetRice AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory:...

CMSQLITE 1.3.2 - Multiple Vulnerabiltiies

No description provided by source. Title: ====== CMSQLITE v1.3.2 - Multiple Web Vulnerabiltiies Date: ===== 2012-10-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=726 VL-ID: ===== 726 Common Vulnerability Scoring System: ==================================== 4.3...

GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities

No description provided by source. Title: ====== GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities Date: ===== 2012-04-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=538 VL-ID: ===== 538 Introduction: ============= GENU is a Content Management System written...

lightneasy sqlite / no database <= 1.2.2 - Multiple Vulnerabilities

No description provided by source. Author: GiReX mySite: girex.altervista.org Date: 14/04/08 CMS: LightNEasy SQLite / no database = 1.2.2 Site: lightneasy.org Advisory: Multiple Remote Vulnerabilities Need: magicquotesgpc = Off magicquotesgpc = On / Off for SQL Injections Bug 1: Remote File...

phpliteadmin <= 1.9.3 - Remote PHP Code Injection Vulnerability

No description provided by source. Exploit Title: phpliteadmin = 1.9.3 Remote PHP Code Injection Vulnerability Google Dork: inurl:phpliteadmin.php Default PW: admin Date: 01/10/2013 Exploit Author: L@usch - http://la.usch.io - http://la.usch.io/files/exploits/phpliteadmin-1.9.3.txt Vendor Homepag...

Hexorbase - Multiple Database Management and Audit Tool

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL...

openSUSE Security Update : dovecot20 (dovecot20-4610)

dovecot crash when parsing mail headers that contain NUL characters CVE-2011-1929 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update dovecot20-4610. The text description of this plugin is C SUSE...

openSUSE Security Update : proftpd (openSUSE-2011-19)

Vulnerabilities were discovered for the proftpd packages in openSUSE version 12.1. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2011-19. The text description of this plugin is C SU...

openSUSE Security Update : dovecot12 (openSUSE-SU-2010:0923-1)

dovecot granted admin rights to all owner mailboxes CVE-2010-3706. When using multiple ACL entries for mailboxes the most specific one was not always applied CVE-2010-3707. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

openSUSE Security Update : mumble (openSUSE-2012-127)

remove read permissions for other users on local sqlite database as it may contain passwords bnc747833, CVE-2012-0863 - don't add built-in CA certificates bnc660784 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

MyBB Database Fingerprint

This module checks if MyBB is running behind an URL. Also uses a malformed query to force an error and fingerprint the backend database used by MyBB on version 1.6.12 and prior. This module requires Metasploit: https://metasploit.com/download Current source:...

Fedora 19 : php-5.5.12-1.fc19 (2014-5984)

Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 instead of 666. Check your configuration if php-fpm use UDS default configuration use a network socket. Upstream Changelog: 01 May 2014, PHP 5.5.12 Core : - Fixed bug 61019 Out of memory on comma...

Fedora 20 : php-5.5.12-1.fc20 (2014-5960)

Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 instead of 666. Check your configuration if php-fpm use UDS default configuration use a network socket. Upstream Changelog: 01 May 2014, PHP 5.5.12 Core : - Fixed bug 61019 Out of memory on comma...

Cells Blog 3.3跨站脚本和SQL注入漏洞

No description provided by source. 1 Reflective XSS on 'msg=' PoC: http://localhost/cells-v3-3/errmsg.php?msg= %3C%2Fp%3E%3Cscript%3Ealert%28%27XSS%27%29%3B%3C%2Fscript%3E%3Cp%3E Vulnerable Code: + errmsg.php ? echo "img src='images/error.gif'"; if isset$GET"msg"$msg=$GET"msg";else$msg=""; if...

Cells Blog 3.3 Cross Site Scripting / SQL Injection

Exploit: Cells v3.3 XSS Reflected & Blind SQLite Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + version: Cells Blog 3.3 + Vendor Homepage: http://cells.tw + 14/01/2014 vendor contacted + 17/01/2014 no response from vendor + 20/01/2014 no response from vendor +...

Cells Blog 3.3 - Reflected Cross-Site Scripting / Blind SQLite Injection

Exploit: Cells v3.3 XSS Reflected & Blind SQLite Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + version: Cells Blog 3.3 + Vendor Homepage: http://cells.tw + 14/01/2014 vendor contacted + 17/01/2014 no response from vendor + 20/01/2014 no response from vendor +...

Cells Blog 3.3 - Reflected Cross-Site Scripting Blind SQLite Injection

Cells Blog 3.3 - Reflected Cross-Site Scripting Blind SQLite Injection + Exploit: Cells v3.3 XSS Reflected & Blind SQLite Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + version: Cells Blog 3.3 + Vendor Homepage: http://cells.tw + 14/01/2014 vendor contacted +...