4196 matches found
WordPress Theme Magazine Basic - id SQL Injection
WordPress Theme Magazine Basic - id SQL Injection source: https://www.securityfocus.com/bid/56664/info The Magazine Basic theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can...
WordPress Magazine Basic Theme - SQL Injection
This WordPress Magazine Basic theme's "id" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the theme...
WordPress Magazine Basic SQL Injection
|| | || || | | | | 0 | In the name of iran | -|- | | | |||| | Exploit Title: Wordpress magazine-basic-plugin/ Theme SQL Injection | Google Dork: inurl:/magazine-basic/viewartist.php?id= | Exploit Author: Novin hack khatarnak Category: Web Application Tested on: Windows 7 | | Location:...
WordPress Theme Magazine Basic - 'id' SQL Injection
source: https://www.securityfocus.com/bid/56664/info The Magazine Basic theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application,...
CVE-2012-5888
CVE-2012-5888 describes a cross-site scripting (XSS) vulnerability in the TYPO3 extension Basic SEO Features (seo_basics) prior to version 0.8.2. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Public sources cite this vulnerability and provide an...
PT-2012-1253 · Mendix · Mendix Runtime
Name of the Vulnerable Software and Affected Versions: Mendix Runtime V8 versions Mendix Runtime V9 versions prior to V9.24.29 Mendix Runtime V10 versions prior to V10.16.0 Mendix Runtime V10.6 versions prior to V10.6.15 Mendix Runtime V10.12 versions prior to V10.12.7 Description: A race conditi...
SAP /sap/bc/soap/rfc SOAP Service RFC_READ_TABLE Function Dump Data
This module makes use of the RFCREADTABLE Function to read data from tables using the /sap/bc/soap/rfc SOAP service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port o...
WinRM Authentication Method Detection
This module sends a request to an HTTP/HTTPS service to see if it is a WinRM service. If it is a WinRM service, it also gathers the Authentication Methods supported. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...
Microsoft Office Excel Code Execution
!/usr/bin/perl Microsoft Office Excel ReadAV Arbitrary Code Execution Author: Jean Pascal Pereira Vendor URI: http://office.microsoft.com Vendor Description: Microsoft Excel is a commercial spreadsheet application written and distributed by Microsoft for Microsoft Windows and Mac OS X. It feature...
CVE-2010-5202
Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic allows local users to gain privileges via a Trojan horse WNASPI32.DLL file in the current working directory, as demonstrated by a directory that contains a .mp3 file. NOTE: some of these details are obtained from third party...
CVE-2010-5202
CVE-2010-5202 affects JetAudio 8.0.7.1000 Basic. It is described as an untrusted search path vulnerability that allows local users to gain privileges via a Trojan horse WNASPI32.DLL file placed in the current working directory, demonstrated with a directory containing a .mp3 file. The vulnerabili...
Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)
This host is missing a critical security update according to Microsoft Bulletin MS12-060. OpenVAS Vulnerability Test $Id: secpodms12-060.nasl 5912 2017-04-10 09:01:51Z teissa $ Microsoft Windows Common Controls Remote Code Execution Vulnerability 2720573 Authors: Veerendra G G Copyright: Copyrigh...
MS12-060: Description of the security update for Visual Basic 6.0 Service Pack 6: August 14, 2012
Resolves a vulnerability that exists in Windows common controls that could allow remote code execution if a user visits a website that contains specially crafted content that is designed to exploit the vulnerability.View products that this article applies to.IntroductionMicrosoft has released the...
Microsoft Windows Common Controls ActiveX Control CVE-2012-1856 Remote Code Execution Vulnerability
Description Microsoft Windows Common Controls is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the...
StudioLine Photo Basic NMSDVDXU.dll ActiveX EnableLog() Arbitrary File Overwrite
The remote host has a version of StudioLine Photo Basic less than or equal to 3.70.34.0 installed. Such versions are affected by an arbitrary file overwrite vulnerability in the EnableLog method on the NMSDVDXU.dll ActiveX control. By tricking a victim into opening a specially crafted web page, a...
StudioLine Photo Basic Detection
The remote host has StudioLine Photo Basic installed. StudioLine Photo Basic is an image editing software. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid60021; scriptversion"1.7"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/02/06";...
Visual Basic for Applications Remote Code Execution Vulnerability (2707960)
This host is missing a critical security update according to Microsoft Bulletin MS12-046. OpenVAS Vulnerability Test $Id: secpodms12-046.nasl 5931 2017-04-11 09:02:04Z teissa $ Visual Basic for Applications Remote Code Execution Vulnerability 2707960 Authors: Madhuri D Copyright: Copyright c 2012...
MS12-046: Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)
The version of Visual Basic for Applications installed on the remote host is affected by an insecure library loading vulnerability. A remote attacker could exploit this flaw by tricking a user into opening a legitimate Microsoft Office file located in the same directory as a maliciously crafted...
CVE-2012-1854
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications VBA; and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current...
CVE-2012-1854
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications VBA; and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current...