identYwaf: A Tool to Help You Identify Web Application Firewalls

PenTestIT RSS Feed I have been a fan of sqlmap for long and when the author released identYwaf recently, I wanted to try it out. Infact, all his other tools are awesome sauce too! Back to this post for now about this WAF identification tool. What is identYwaf? identYwaf is an open source, blind w...

CVE-2019-3577

An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows blind SQL Injection via the id0 parameter to the /product URI...

phpIPAM < 1.4 Multiple Vulnerabilities

phpIPAM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sql injection

WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...

WordPress Arigato Autoresponder and Newsletter Plugin < 2.5.2 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112446";...

CVE-2018-1002000

There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the delids variable by POST request...

LoginPress <= 1.1.15 - Authenticated Blind SQL Injection

Blind time-based SQL injection, combined with lack of permission check resulted in an unauthorised attack which can be performed by any user on the site including subscriber profiles. 1. Lack of permission check in settings import Similar to our recent analysis, this vulnerability was also caused...

CVE-2018-19436

An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter...

CVE-2018-19434

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear parameter...

CVE-2018-19434

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear parameter...

CVE-2018-19436

An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter...

Sql injection

An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter...

Sql injection

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear parameter...

CVE-2018-19436

An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter...

CVE-2018-19436

CVE-2018-19436 affects webERP v4.15, specifically the Manufacturing component. The vulnerability is a Blind SQL Injection in CollectiveWorkOrderCost.php exposed via the SearchParts parameter. This is documented across multiple feeds (NVD entry and mirrored records) and is described as a SQL injec...

CVE-2018-19434

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear parameter...

CVE-2018-19434

The CVE-2018-19434 issue affects webERP 4.15 within the General Ledger component, specifically the Bank Account Matching - Receipts screen. BankMatching.php contains a Blind SQL injection vulnerability via the AmtClear_ parameter that can be exploited remotely to execute SQL commands. This vulner...

NoSQL injection

Overview Versions of express-cart before 1.1.8 are vulnerable to NoSQL injection. The vulnerability is caused by the lack of user input sanitization in the login handlers. In both cases, the customer login and the admin login, parameters from the JSON body are sent directly into the MongoDB query...

WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection Reflected Cross-Site Scripting

WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection Reflected Cross-Site Scripting Title: Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2018-08-22...

WordPress Plugin Arigato Autoresponder and Newsletter 2.5 - Blind SQL Injection / Reflected Cross-Site Scripting

Title: Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2018-08-22...