CVE-2018-16724

The CVE-2018-16724 entry concerns baijiacms V4 with a reported Blind SQL Injection through the order parameter in the request using the path index.php?act=index . Connected documents corroborate this vulnerability as a SQL injection issue, with descriptions noting remote attackers could leverage ...

mooSocial Store 2.6 SQL Injection

Exploit Title: mooSocial Store Plugin 2.6 - SQL Injection Exploit Author: Andrea Bocchetti Date: 2018-08-28 Google Dork: N/A - Vendor: https://moosocial.com/product/store-plugins/ Software Link: https://moosocial.com/product/store-plugins/ Demo URL: http://addons.moosocial.com/stores Purchase lin...

mooSocial Store Plugin 2.6 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: mooSocial Store Plugin 2.6 - SQL Injection Exploit Author: Andrea Bocchetti Vendor: https://moosocial.com/product/store-plugins/ Software Link: https://moosocial.com/product/store-plugins/ Demo URL:...

mooSocial Store Plugin 2.6 - SQL Injection

Exploit Title: mooSocial Store Plugin 2.6 - SQL Injection Exploit Author: Andrea Bocchetti Date: 2018-08-28 Google Dork: N/A - Vendor: https://moosocial.com/product/store-plugins/ Software Link: https://moosocial.com/product/store-plugins/ Demo URL: http://addons.moosocial.com/stores Purchase lin...

Sentrifugo HRMS 3.2 SQL Injection

Exploit Title: Sentrifugo HRMS 3.2 - 'deptid' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-26 Google Dork: N/A Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version: 3.2 and possibly before Patched Version:...

Mail.ru: Blind SQL injection [https://honor.hi-tech.mail.ru]

Blind boolean based SQLi in honor.hi-tech.mail.ru due to insecure use of GET parameter. Extended scope was not covered by bug bounty on the moment of reporting, the bounty was issued as a bonus...

CVE-2018-5384

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...

Sql injection

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...

CVE-2018-5384

CVE-2018-5384 affects Navarino Infinity web interface up to version 2.2. The vulnerability is an unauthenticated, blind SQL injection in a exposed script, enabling an attacker to query the underlying PostgreSQL database and potentially achieve total compromise of the product. The CVE is documente...

CVE-2018-5384 Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection

Navarino Infinity web interface up to version 2.2 exposes an unauthenticated script that is prone to blind sql injection. If successfully exploited the user can get info from the underlying postgresql database that could lead into to total compromise of the product. The said script is available...

Sql injection

There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET...

Top 5 my own security audit fails

I have been in application security since 2009. Since that time I was involved in more than 300 different projects and sometimes even discovered new things like SSRF or the first XXE OOB FTP exploitation. Today I’d like to talk about my fails during my 300+ projects to ensure you don’t repeat my...

Hanno's projects: blind sql injection

Summary: There exists a possibility that your Serendipity installation is vulnerable to a blind sql injection. Description: By sending specially crafted SQL commands to /plugin/tag/ and timing how long it takes for the server to respond, it is quite possible that the blog backend is interepreting...

ASUSTOR ADM <= 3.1.2.RHG1 Multiple Vulnerabilities - Active Check

ASUSTOR ADM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:asustor:adm"; if description...

CVE-2018-10997

The CVE-2018-10997 affects Etere EtereWeb prior to 28.1.20. A pre-authentication blind SQL injection exists in the POST parameters txUserName and txPassword, allowing an attacker to disclose database content and potentially other sensitive information without authentication. Public references con...

CVE-2018-10997

Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword...

Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Data Click 10.0 (CVE-2013-3034 CVE-2013-3040 CVE-2013-0599 CVE-2013-4057 CVE-2013-4058 CVE-2013-4059 CVE-2013-4066 CVE-2013-4067)

Summary The IBM InfoSphere DataClick administration and reporting console contains multiple security vulnerabilities. Note: IBM InfoSphere DataClick 10.0 is provided with IBM BigInsights version 2.0 and is not separately available. Vulnerability Details CVE ID: CVE-2013-3034 DESCRIPTION: An...

Security Bulletin: Multiple security vulnerabilities exist in IBM InfoSphere Information Server (CVE-2013-4057, CVE-2013-4058 and CVE-2013-4059)

Summary Security vulnerabilities exist in various versions of IBM InfoSphere Information Server or constituent products. See the individual descriptions for details. Vulnerability Details CVE ID: CVE-2013-4057 DESCRIPTION: Due to insufficient safeguards against cross-site request forgery in...

Pie Register <= 3.0.9 - Authenticated Blind SQL Injection

The Pie Register – User Registration Forms. Invitation based registrations, Custom Login, Payments WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

WordPress Plugin Pie Register 3.0.9 - Blind SQL Injection

WordPress Plugin Pie Register 3.0.9 - Blind SQL Injection Title: WordPress Plugin Pie Register order = escsql $order ; IV. PROOF OF CONCEPT The following URL have been confirmed to all suffer from Time Based SQL Injection. GET...