EUVD-2015-4689

Malware in sbrugna...

KORA 2.7.0 SQL Injection

Exploit Title: KORA 2.7.0 - SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.matrix.msu.edu/ Software Link: https://sourceforge.net/projects/kora/files/latest/download Version: 2.7.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...

KORA 2.7.0 - 'cid' SQL Injection

Exploit Title: KORA 2.7.0 - SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.matrix.msu.edu/ Software Link: https://sourceforge.net/projects/kora/files/latest/download Version: 2.7.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...

CVE-2018-16956

The AjaxControl component of Oracle WebCenter Interaction Portal 10.3.3 does not validate the names of pages when processing page rename requests. Pages can be renamed to include characters unsupported for URIs by the web server hosting the WCI Portal software such as IIS. Renaming pages to inclu...

MetalGenix GeniXCMS SQL Injection Vulnerability (CNVD-2017-00557)

MetalGenix GeniXCMS is a PHP-based content management system and framework CMSF from MetalGenix Indonesia, which provides modules for user management, content management and menu management. A SQL injection vulnerability exists in the inc/lib/Control/Ajax/tags-ajax.control.php file in MetalGenix...

CVE-2017-5345

SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI...

CVE-2015-4670

Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit aka AjaxControlToolkit before 15.1 allows remote attackers to write to arbitrary files via a .. dot dot in the fileId parameter to AjaxFileUploadHandler.axd...

Directory traversal

Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit aka AjaxControlToolkit before 15.1 allows remote attackers to write to arbitrary files via a .. dot dot in the fileId parameter to AjaxFileUploadHandler.axd...

CVE-2015-4670

Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit aka AjaxControlToolkit before 15.1 allows remote attackers to write to arbitrary files via a .. dot dot in the fileId parameter to AjaxFileUploadHandler.axd...

CVE-2015-4670

CVE-2015-4670 affects the AjaxFileUpload control in the AjaxControlToolkit (Ajax Control Toolkit) before 15.1. The issue: the uploaded file’s fileId GUID is not validated, allowing directory traversal with “..” to write files to arbitrary locations via AjaxFileUploadHandler.axd. Veracode and rela...

Discuz! NT 2. x - 3.5.2 SQL injection(0day)-vulnerability warning-the black bar safety net

Vulnerability type: SQL injection Vulnerability description: Discuz! NT is the Kang Sheng Chong thinkComsenzits a powerful based on ASP.NET platform community software. Vulnerability analysis: ajaxtopicinfo. ascx user control poster SQL injectionvulnerability Combined with ajax. aspx call any use...