Joomla Random Article SQL Injection

Exploit Title : Joomla Random Article Component SQL Injection vulnerability Author : Jagriti Sahu AKA Incredible Vendor Link : http://demo.web-dorado.com Date : 23/03/2015 Discovered at : IndiShell Lab Love to : error1046 ^^ ,Team IndiShell,Codebreaker ICA ,Subhi,Mrudu,Hary,Kavi ^^...

Joomla Spider FAQ SQL Injection

Exploit Title : Joomla Spider FAQ component SQL Injection vulnerability Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://demo.web-dorado.com/spider-faq.html Date : 21/03/2015 Discovered at : IndiShell Lab Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kisha...

Joomla! Component Spider FAQ - SQL Injection

Exploit Title : Joomla Spider FAQ component SQL Injection vulnerability Author : Manish Kishan Tanwar AKA error1046 Vendor Link : http://demo.web-dorado.com/spider-faq.html Date : 21/03/2015 Discovered at : IndiShell Lab Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kisha...

XCat - Tool that aides in the exploitation of blind XPath injection vulnerabilities

XCat is a command line program that aides in the exploitation of blind XPath injection vulnerabilities. It can be used to retrieve the whole XML document being processed by a vulnerable XPath query, read arbitrary files on the hosts filesystem and utilize out of bound HTTP requests to make the...

OPMANAGER - Blind SQL/XPath injectio

No description provided by source. Blind SQL/XPath injection in OPMANAGER88 Exploit Title: Blind SQL/XPath injection in OPMANAGER Date: 8-Dec-09 Author: Asheesh Kumar Mani Tripathi AKS IT Services Software Link: http://www.manageengine.com/products/opmanager/download.html Version: app version...

GuppY 4.5.18 - Blind SQL/XPath Injection Vulnerability

No description provided by source...

Ametys CMS 3.5.2 - (lang parameter) XPath Injection Vulnerability

No description provided by source. Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Download: http://www.ametys.org/en/download/ametys-cms.html Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open sour...

MobileIron VSP/Sentry 'j_username'参数XPath注入漏洞

Bugtraq ID:66595 CVE ID:CVE-2014-1409 MobileIron是一个虚拟智能终端平台，包含VSP,Sentry等组件。 MobileIron VSP/Sentry管理接口存在验证绕过漏洞，https://target/mics/jspringsecuritycheck中的脚本不正确过滤'jusername'参数，允许未验证攻击者进行XPath注入攻击，可获取XML文档数据，如配置文件等。 0 MobileIron VSP 5.9.1 MobileIron Sentry 5.0 MobileIron VSP 5.9.1和MobileIron Sentry...

MobileIron VSP / Sentry Authentication Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Matta Consulting - Matta Advisory https://www.trustmatta.com MobileIron Multiple Products Authentication Bypass Vulnerability Advisory ID: MATTA-2013-004 CVE reference: CVE-2014-1409, CVE-2013-7286 Affected platforms: VSP and Sentry Version: VSP...

IBM Web Content Manager 'LIBRARY' Parameter XPath Injection Vulnerability

IBM Web Content Manager is prone to an XPath-injection vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection

SEC Consult Vulnerability Lab Security Advisory 20131227-0 ======================================================================= title: XPath Injection product: IBM Web Content Manager WCM vulnerable version: 6.x, 7.x, 8.x fixed version: - impact: high homepage: http://www.ibm.com/ found:...

IBM Web Content Manager XPath Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XPath Injection product: IBM Web Content Manager WCM vulnerable version: 6.x, 7.x, 8.x fixed version: - impact: high homepage: http://www.ibm.com/ found: 2013-10-27 CVE:...

Ametys CMS 3.5.2 XPath Injection Vulnerability

Ametys CMS version 3.5.2 suffers from an XPath injection vulnerability. Input passed via the 'lang' POST parameter in the newsletter plugin is not properly sanitized before being used to construct an XPath query for XML data. Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor:...

Ametys CMS 3.5.2 - lang XPath Injection

Ametys CMS 3.5.2 - lang XPath Injection Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Download: http://www.ametys.org/en/download/ametys-cms.html Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open...

Ametys CMS 3.5.2 - 'lang' XPath Injection

Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Download: http://www.ametys.org/en/download/ametys-cms.html Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open source CMS combining rich content with ...

Ametys CMS 3.5.2 XPath Injection

Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open source CMS combining rich content with an easy-to-use and intuitive interface. Desc: Input passed v...

Ametys CMS 3.5.2 (lang parameter) XPath Injection Vulnerability

Summary Ametys is a Java-based open source CMS combining rich content with an easy-to-use and intuitive interface. Description Input passed via the 'lang' POST parameter in the newsletter plugin is not properly sanitised before being used to construct a XPath query for XML data. This can be...

[RIPS] A static source code analyser for vulnerabilities in PHP scripts

RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks potentially vulnerable functions that can be tainted b...

CVE-2013-0505

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors...

Design/Logic Flaw

IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors...