CVE-2017-12227

A vulnerability in the SQL database interface for Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters. An attacker...

WordPress Ads Pro 3.4 Cross Site Scripting / SQL Injection

Exploit Title: Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager = 5.0.12 AND time-based blind Payload: bsaprostats=1&[email protected]&bsaproid=xx AND SLEEP5...

WordPress Gallery Transformation plugin 1.0 - Blind SQL Injection vulnerability

Blind SQL Injection vulnerability found by Larry W. Cashdollar in WordPress Gallery Transformation plugin 1.0 version. SQL injection vulnerability lies in ./wordpress-gallery-transformation/gallery.php file, $jpic parameter passed into an SQL query unsanitized. Solution The plugin already removed...

WordPress Event Espresso Lite plugin <=3.1.37.11.L - Blind SQL Injection vulnerability

Blind SQL Injection vulnerability found by Larry W. Cashdollar in the WordPress Event Espresso Lite – Event Management and Registration System plugin version 3.1.37.11.L and earlier versions. The function editeventcategory does not sanitize user-supplied input via the $id parameter before passing...

ClipBucket 2.8.3 - Multiple Vulnerabilities

Exploit for php platform in category web applications @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title ClipBucket 2.8.3 - Multiple Vulnerabilities .:. Google Dorks .:. "Forged by ClipBucket" inurl:viewcollection.php?cid= .:. Date: August 15,...

ClipBucket 2.8.3 - Multiple Vulnerabilities

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title ClipBucket 2.8.3 - Multiple Vulnerabilities .:. Google Dorks .:. "Forged by ClipBucket" inurl:viewcollection.php?cid= .:. Date: August 15, 2017 .:. Exploit Author: bRpsd .:. Skype contact: vegno...

ClipBucket 2.8.3 - Multiple Vulnerabilities

ClipBucket 2.8.3 - Multiple Vulnerabilities @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title ClipBucket 2.8.3 - Multiple Vulnerabilities .:. Google Dorks .:. "Forged by ClipBucket" inurl:viewcollection.php?cid= .:. Date: August 15, 2017 .:...

Loginizer <= 1.3.5 - Blind SQL Injection

Blind SQL injection in the http-header: X-Forwarded-For and possible others...

Sql injection

A vulnerability in Cisco Unified Communications Manager 10.52.10000.5, 11.01.10000.10, and 11.51.10000.6 could allow an authenticated, remote attacker to conduct a blind SQL injection attack. The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass...

CVE-2017-6754

A vulnerability in the web-based management interface of the Cisco Smart Net Total Care SNTC Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the...

rk-responsive-contact-form 1.0 - Authenticated Blind SQL Injection

The rk-responsive-contact-form WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

WordPress Plugin Ads Pro &lt; 3.4 - Cross-Site Scripting / SQL Injection

Exploit Title: Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager = 5.0.12 AND time-based blind Payload: bsaprostats=1&[email protected]&bsaproid=xx AND SLEEP5 Credits & Author...

CVE-2017-3221

Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords...

CVE-2017-3221

Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords...

CVE-2017-3221

The CVE-2017-3221 issue is a Blind SQL Injection in Inmarsat AmosConnect 8 login form. The vulnerability allows attackers on the same network to access user credentials (usernames and passwords) stored by AmosConnect 8, with the ThreatPost report noting the server stores usernames and passwords i...

wordpress-gallery-transformation 1.0 - Blind SQL Injection

The wordpress-gallery-transformation WordPress plugin was affected by a Blind SQL Injection security vulnerability...

WordPress Plugin IBPS Online Exam <= 1.0 - Authenticated SQL Injection / Cross-Site Scripting

Exploit Author: 8bitsec Contact Author: https://twitter.com/8bitsec Stored XSS on exam input textfields and Blind SQL Injection on 'examappUserResult' page 'id' parameter. Authenticated Stored XSS: Logged as a student: Write the payload in the input textfields while attempting an exam. The payloa...

Joomla JoomRecipe 1.0.4 SQL Injection

Exploit Title: Joomla JoomRecipe 1.0.4 Component - Blind SQL Injection Vulnerability Date: 20.07.2017 Exploit Author: Teng Vendor Homepage: http://joomboost.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/joomrecipe/ Version: 1.0.4 Platform:...

Inmarsat AmosConnect8 Mail Client Vulnerable to SQL Injection and Backdoor Account

Overview Inmarsat Solutions offers a shipboard email client service, AmosConnect 8 AC8, which was designed to be utilized over satellite networks in a highly optimized manner. IOActive has identified two security vulnerabilities in the client software: On-board ship network access could provide...

Joomla! Component JoomRecipe 1.0.4 - search_author SQL Injection

Joomla! Component JoomRecipe 1.0.4 - searchauthor SQL Injection Exploit Title: Joomla JoomRecipe 1.0.4 Component - Blind SQL Injection Vulnerability Date: 20.07.2017 Exploit Author: Teng Vendor Homepage: http://joomboost.com/ Software Link:...