229 matches found
Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection Exploit Title: Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Softwar...
Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection
Exploit Title: Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...
November 2, 2017—KB4049370 (OS Build 15063.675)
November 2, 2017—KB4049370 OS Build 15063.675 Improvements and fixes This release is intended for Microsoft Surface Laptop audiences only. This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where...
CVE-2017-15272
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a...
CVE-2017-15272
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a...
Default credentials
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a...
CVE-2017-15272
The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to extract the data. Cleartext is used for a...
October 10, 2017—KB4041681 (Monthly Rollup)
October 10, 2017—KB4041681 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4038803 released September 19, 2017 and resolves the following issues: Addressed issue with docking and undocking Internet Explorer windows. Addressed...
Simple ASC CMS 1.2 Cross Site Scripting
Document Title: =============== Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2072 Release Date: ============= 2017-05-21 Vulnerability Laboratory ID VL-ID: ====================================...
Simple ASC CMS v1.2 - (Guestbook) Persistent Vulnerability
Document Title: =============== Simple ASC CMS v1.2 - Guestbook Persistent Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2072 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15947 CVE-ID: ======= CVE-2017-15947 Release Date:...
U.S. Dept Of Defense: Access to job creation web page on http://████████
Summary: Hi DoD Team ! It looks like we may access to an ASP form on http://███ which enables any unauthenticated web user to create new jobs in the website database without any control. Furthermore, it seems that asp files are created with txt extensions too that enable the files to be readable...
XYCMS健身会所建站系统 v1.1 jsxm_detail.asp 参数id SQL注入漏洞
0x01漏洞简介 XYCMS健身会所建站系统采用asp+access架构。其v1.1版本在/jsxmdetail.asp处对参数id 过滤不严,导致出现SQL注入漏洞。 0x02漏洞详情 该系统默认存在一个管理员数据表adminuser,该表包含管理员名称字段admin和密码 md5加密字段password,远程攻击者可以结合union方式获取敏感信息,登陆后台,上传shell。 0x03修复方案 过滤。...
Yeager CMS 1.2.1 File Upload / SQL Injection / XSS / SSRF
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Yeager CMS vulnerable version: 1.2.1 fixed version: 1.3 CVE number: CVE-2015-7567,...
Avast! - JetDb::Ised4x Performs Unbounded Search on Input
Avast! - JetDb::Ised4x Performs Unbounded Search on Input Source: https://code.google.com/p/google-security-research/issues/detail?id=551 The attached Microsoft Access Database causes JetDb::IsExploited4x to be called, which contains an unbounded search for objects. Proof of Concept:...
Avast! - JetDb::Ised4x Performs Unbounded Search on Input
Source: https://code.google.com/p/google-security-research/issues/detail?id=551 The attached Microsoft Access Database causes JetDb::IsExploited4x to be called, which contains an unbounded search for objects. Proof of Concept:...
SmartWin CyberOffice Shopping Cart 2.0 Client Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1734/info Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000. It is possible for a remote user to gain read access to the private...
Web Wiz Forum 6.34 Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7380/info Web Wiz Forum has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Forum application...
Image gallery with Access Database dispimage.asp id Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/21131/info Image gallery with Access Database is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...
ASPSiteware Recipe Organizer SQL Injection
No description provided by source. Author: R4dc0re Exploit Title: ASPSiteware Recipe Organizer SQL injection Vulnerability Date: 04-12-2010 Vendor or Software Link: www.aspsiteware.com Category:WebApp Version:1.0 Price:50$ Contact: [email protected] Website: www.1337db.com Greetings to:...
ASPSiteware Contact Directory 1.0 - SQL Injection
No description provided by source. Author: R4dc0re Exploit Title: ASPSiteware Contact Directory SQL injection Vulnerability Date: 04-12-2010 Vendor or Software Link: www.aspsiteware.com Category:WebApp Version:1.0 Price:40$ Contact: [email protected] Website: www.1337db.com Greetings to:...