AlstraSoft EPay Enterprise 4.0 SQL Injection

Exploit Title: AlstraSoft EPay Enterprise v4.0 Blind SQL Injection Google Dork: Copyright @ 2010 iPayGold.com Date: Decembar/6/2011 Author: Don BalcanCrew & BalcanHack Software Link: http://www.alstrasoft.com/epayenterprise.htm Version: 4.0 Tested on: Apache/1.3.37 An attacker may execute arbitra...

CA Total Defense Suite - reGenerateReports Stored procedure SQL Injection (Metasploit)

$Id: catotaldefenseregeneratereports.rb 13810 2011-10-02 17:03:23Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

KLINK - SQL Injection

Andr�s G�mez Exploit Title : KLINK Sql Injection Vulnerability Date : 2010-12-31 Author : Andr�s G�mez Software Developed by : http://www.contacto.com Contact : [email protected] Dork : "allinurl:.php?txtCodiInfo=" An attacker may execute arbitrary SQL statements on the vulnerable system...

INVOhost SQL Injection

Andrés Gómez Exploit Title : INVOhost SQL Injection Date : 2010-04-24 Author : Andrés Gómez Software Link : http://www.invohost.com/ Contact : [email protected] Dork : "Powered by INVOhost" An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the...

Oracle Database Server ctxsys.driload Access Validation (CVE-2004-0637)

Stored procedures are a powerful feature of an Oracle database server. They are essentially a set of SQL statements that are stored server-side, which are called by name and optionally passed a set of parameters. Stored procedures provide improved performance, because only data specific to the...

Ipswitch WhatsUp Web Interface SQL Injection (CVE-2005-1250)

WhatsUp Professional 2005 is a network monitoring and resource management solution. WhatsUp Professional uses a relational database to store the information about user accounts and network devices that are monitored by the application. The relational databases supported by WhatsUp Professional ar...

glFusion <= 1.1.2 COM_applyFilter()/cookies Blind SQL Injection Exploit

No description provided by source. ?php / glFusion = 1.1.2 COMapplyFilter/cookies remote blind sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: "Page created in" "seconds by glFusion" +RSS Found...

GLSA-200903-27 : ProFTPD: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200903-27 ProFTPD: Multiple vulnerabilities The following vulnerabilities were reported: Percent characters in the username are not properly handled, which introduces a single quote character during variable substitution by modsql...

ProFTPD: Multiple vulnerabilities

Background ProFTPD is an advanced and very configurable FTP server. Description The following vulnerabilities were reported: Percent characters in the username are not properly handled, which introduces a single quote character during variable substitution by modsql CVE-2009-0542. Some invalid,...

Arcadem 2.01 Remote SQL Injection / RFI Vulnerabilties

Exploit for unknown platform in category web applications ====================================================== Arcadem 2.01 Remote SQL Injection / RFI Vulnerabilties ====================================================== Arcadem Remote File Inclusion Flaw / SQL Injection Software: Arcadem 2.01...

JPORTAL Multiple SQL Injection

DATE: ========= 3/11/2005 AFFECTED PRODUCTS ================= JPORTAL all version OVERVIEW ======== JpoRtaL is a simple portal system written in PHP using MySQL on backend. It includes article posting with comments, topics, links manager with section, download manager with section, short news...

PlaySMS Cookie SQL Injection

PlaySMS is a full-featured SMS gateway application that features sending of single or broadcast SMSes, the ability to receive and forward SMSes, an SMS board, an SMS polling system, SMS customs for handling incoming SMSes and forwarding them to custom applications, and SMS commands for...

IBProArcade index.php SQL Injection

One of the ibProArcade SPDX-FileCopyrightText: 2004 Ami Chayun Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.16086";...

CVE-2005-2778

SQL injection vulnerability in member.php in MyBulletinBoard MyBB allows remote attackers to execute arbitrary SQL statements via the fid parameter...

CVE-2005-2066

SQL injection vulnerability in commentpost.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter...

Invision Board < 2.0.5 Privilege Escalation / SQL Injection

Binary data 2942.prm...

CVE-2004-2057

CVE-2004-2057 affects ASPrunner, specifically version 2.4. The vulnerability is described as a SQL injection that would let remote attackers execute arbitrary SQL statements. The provided connected documents confirm the flaw exists in ASPrunner 2.4 and indicate multiple issues in older ASPrunner ...

CVE-2004-2056

SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter...

CVE-2004-2057

SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements...

CVE-2005-1048

CVE-2005-1048 relates to a SQL injection in PostNuke 0.760 RC3, where the sid parameter in modules.php can be exploited remotely to run arbitrary SQL statements. The affected software is PostNuke (version 0.760 RC3 as cited; vendor reportedly could not reproduce issues for 0.760 RC3 or 0.750). Th...