WordPress Plugin IBPS Online Exam 1.0 - SQL Injection Cross-Site Scripting

WordPress Plugin IBPS Online Exam 1.0 - SQL Injection Cross-Site Scripting Exploit Title: IBPS Online Exam Plugin for WordPress v1.0 - XSS SQLi Date: 2017-07-11 Exploit Author: 8bitsec Vendor Homepage: https://elfemo.com/demo/server2/order2032/ Software Link:...

CVE-2017-1000067

MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges...

Event Espresso Lite <= 3.1.37.11.L - Authenticates Blind SQL Injection

The Event Espresso Lite - Event Management and Registration System WordPress plugin was affected by an Authenticates Blind SQL Injection security vulnerability...

Sql injection

An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release uaa-release 13.x versions prior to v13.13,...

CVE-2017-4972

CVE-2017-4972 describes a blind SQL injection vulnerability in Cloud Foundry components: cf-release before v257; UAA 2.x before v2.7.4.14, 3.6.x before v3.6.8, 3.9.x before v3.9.10, and other versions before v3.15.0; and UAA Release (uaa-release) 13.x before v13.12, 24.x before v24.7, and other v...

Easy Team Manager 1.3.2 - Authenticated Blind SQL Injection

The easy-team-manager WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

eventr 1.02.2 - Blind SQL Injection

The eventr WordPress plugin was affected by a Blind SQL Injection security vulnerability...

CVE-2017-6195

Ipswitch MOVEit Transfer formerly DMZ allows pre-authentication blind SQL injection. The fixed versions are MOVEit Transfer 2017 9.0.0.201, MOVEit DMZ 8.3.0.30, and MOVEit DMZ 8.2.0.20...

MODX CMS 2.x < 2.5.7 Multiple Vulnerabilities

MODX CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:modx:revolution"; if description...

Gongwalker API Manager 1.1 Blind SQL Injection Vulnerability

Gongwalker API Manager version 1.1 suffers from a remote blind SQL injection vulnerability. Exploit Title: gongwalker API Manager v1.1 - Blind SQL Injection Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/gongwalker/ApiManager Softwa...

Blind SQL Injection

CloudFoundry User Account and Authentication UAA is vulnerable to blind SQL injections. A malicious user cause a blind SQL injection when executing a simple query to the user database...

Emby MediaServer 3.2.5 Boolean-based Blind SQL Injection Vulnerability

Summary Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices. Emby is open-source, and uses a client-server model. Two comparable media servers are Plex and Windows Media Center. Description Emby suffers from a blind SQL...

CVE-2017-4972: Blind SQL Injection in UAA | Cloud Foundry

Severity High Vendor Cloud Foundry Foundation Versions Affected cf-release versions prior to v257 UAA release: 2.x versions prior to v2.7.4.14 3.6.x versions prior to v3.6.8 3.9.x versions prior to v3.9.10 Other versions prior to v3.15.0 UAA bosh release uaa-release: 13.x versions prior to v13.12...

ok.ru: Blind SQL Injection

@linkks reported a blind sql injection: POST /api/updateShareCount HTTP/1.1 Host: insideok.ru Cache-Control: no-cache Accept: application/json, text/javascript, /; q=0.01 Origin: http://insideok.ru Referer: http://insideok.ru/lica User-Agent: Mozilla/5.0 Windows NT 10.0; WOW64; rv:50.0...

WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection

WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection ============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score...

WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection

============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY -----------------------...

Calendar by WD <= 1.5.51 - Authenticated Blind SQL Injection

The SpiderCalendar WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...

WordPress Spider Event Calendar 1.5.51 Blind SQL Injection

============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY...

Avaya Radvision SCOPIA Desktop SQL Injection

https://www.osisecurity.com.au/avaya-radvision-scopia-desktop-dlgloginowneridjsp-ownerid-sql-injection.html Date: 04-Apr-2017 Product: Avaya Radvision SCOPIA Desktop Versions affected: v7.7.000.042 released in 2011 confirmed v8.2.101.046 relased in 2013 confirmed Vulnerability: Blind SQL injectio...

e107 &lt; 2.1.4 - &#039;keyword&#039; Blind SQL Injection

!/usr/bin/perl e107 = 2.1.4 "keyword" Blind SQL Injection Exploit -------------------------------------------------------------------------- Discovered by staker - stakerathotmaildotit Discovered on 09/03/2017 Site Vendor: http://www.e107.org BUG: Blind SQL Injection...