Survey Maker < 1.5.6 - Authenticated Blind SQL Injections

The getresults and getitems functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Note WPScanTeam: Other SQLi were identified when confirming the...

FAQ Builder < 1.3.6 - Authenticated Blind SQL Injections

The getfaqs function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL...

CVE-2018-5404 The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections.

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges 'User Console Only' role to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. A...

ASUSTOR ADM <= 3.1.2.RHG1 Multiple Vulnerabilities - Active Check

ASUSTOR ADM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:asustor:adm"; if description...

DTracker 1.5 - Multiple Unauthenticated Blind SQL Injections

The dtracker WordPress plugin was affected by a Multiple Unauthenticated Blind SQL Injections security vulnerability...

SOBI2 2.9.3.2 Joomla! Component Blind SQL Injections

No description provided by source. Exploit Title: SOBI2 2.9.3.2 Joomla! Component Blind SQL Injections Date: 13 July 2011 Author: jdc Software Link: http://www.sigsiu.net Version: 2.9.3.2 Fixed In: 2.9.4 Verified: http://www.sigsiu.net/changelog as Bugfix: Blind SQL injection Versions prior to...

Pixie CMS 1.01 - 1.04 Blind SQL Injections

No description provided by source. Exploit Title: Pixie CMS 1.01 - 1.04 "pixieuser" Blind SQL Injection Google Dork: None Date: 11/14/2011 Author: Piranha, piranhaattorontomail.com Software Link: http://www.getpixie.co.uk/ Version: 1.01 - 1.04 Tested on: Windows XP SP3, Pixie versions: 1.01 - 1.0...

Pixie CMS 1.01 &lt; 1.04 - Blind SQL Injections

Exploit Title: Pixie CMS 1.01 - 1.04 "pixieuser" Blind SQL Injection Google Dork: None Date: 11/14/2011 Author: Piranha, piranhaattorontomail.com Software Link: http://www.getpixie.co.uk/ Version: 1.01 - 1.04 Tested on: Windows XP SP3, Pixie versions: 1.01 - 1.04 CVE : None Example request: GET...

Pixie CMS 1.01 - 1.04 Blind SQL Injections

Exploit for php platform in category web applications Exploit Title: Pixie CMS 1.01 - 1.04 "pixieuser" Blind SQL Injection Google Dork: None Date: 11/14/2011 Author: Piranha, piranhaattorontomail.com Software Link: http://www.getpixie.co.uk/ Version: 1.01 - 1.04 Tested on: Windows XP SP3, Pixie...

Cisco Unified Operations Manager < 8.6 Multiple Vulnerabilities

According to its self-reported version number, the version of Cisco Unified Operations Manager on the remote host has multiple vulnerabilities : - Multiple reflected XSS. CVE-2011-0959, CVE-2011-0961, CVE-2011-0962 - Multiple blind SQL injections. CVE-2011-0960 - A directory traversal in...

Joomla! Component com_sobi2 2.9.3.2 - Blind SQL Injections

Exploit Title: SOBI2 2.9.3.2 Joomla! Component Blind SQL Injections Date: 13 July 2011 Author: jdc Software Link: http://www.sigsiu.net Version: 2.9.3.2 Fixed In: 2.9.4 Verified: http://www.sigsiu.net/changelog as " Bugfix: Blind SQL injection" Versions prior to 2.9.4 suffer from a blind sql...

LiteRadius 3.2 - Multiple Blind SQL Injections

Exploit Title: LiteRadius 80 www.websiteauditing.org www.areyousecure.net Shouts to the Belegit crew...

Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006

Sense of Security - Security Advisory - SOS-11-006 Release Date. 18-May-2011 Last Update. - Vendor Notification Date. 28-Feb-2011 Product. Cisco Unified Operations Manager Common Services Framework Help Servlet Common Services Device Center CiscoWorks Homepage Note: All of the above products are...

PhpMyShopping 1.0.1505 Cross Site Scripting / SQL Injection

.:. Author : Metropolis .:. Home : www.metropolis.fr.cr .:. Script : PhpMyShopping .:. Version : v1.0.1505 .:. Download Script: http://www.phpmyshopping.org/nightbuild/PhpMyShoppingmonoboutiquev1.0.1505.tar.gz .:. Bug Type : Multiple Vulnerabilities / Blind SQL Injections / XSS === Blind Sql...

ColdOfficeView 2.04 - Multiple Blind SQL Injections

ColdOfficeView 2.04 - Multiple Blind SQL Injections ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities Vendor: http://www.coldgen.com/ Found by: mrme net-ninja.net PoC's 1. http://target/path/index.cfm?fuseaction=ViewEventDetails&EventID=Blind SQLi...

Cкрипт для работы со слепыми инъекциями

Скрипт для работы со слепыми инъекциями. Наверное аналогов очень много, но этот скрипт заточен под слепые инъекции, а так же я постарался включить в него все возможные функции к примеру работа с informationschema очень полезно если версия БД = 5 или вывод файла что будет применимо если версия БД ...

[DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities

original advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital Security Research Group DSecRG Advisory DSECRG-09-037 Application: AbleSpace Versions Affected: 1.0 Vendor URL: http://abk-soft.com/ Bugs: Multiple Blind SQL Injections, Multiple XSS Exploits: YES Reported: 18.03.2009 Vendor...

AbleSpace 1.0 (XSS/BSQL) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ======================================================== AbleSpace 1.0 XSS/BSQL Multiple Remote Vulnerabilities ======================================================== riginal advisory: http://dsecrg.com/pages/vul/show.php?id=137 Digital...

[DSECRG-08-015] Multiple Security Vulnerabilities in Dokeos 1.8.4

Digital Security Research Group DSecRG Advisory DSECRG-08-015 Application: Dokeos E-Learning System Versions Affected: 1.8.4 Vendor URL: http://dokeos.com Bugs: Multiple SQL Injections,Multiple Blind SQL Injections,Multiple XSS, etc. Exploits: YES Reported: 25.01.2008 Vendor response: 28.01.2008...

Lore 1.5.4/1.5.6 - &#039;article.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/15665/info Lore is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or...