CVE-2021-24457 Portfolio Responsive Gallery < 1.1.8 - Authenticated Blind SQL Injections

The getportfolios and getportfolioattributes functions in the class-portfolio-responsive-gallery-list-table.php and class-portfolio-responsive-gallery-attributes-list-table.php files of the Portfolio Responsive Gallery WordPress plugin before 1.1.8 did not use whitelist or validate the orderby...

FAQ Builder < 1.3.6 - Authenticated Blind SQL Injections

The getfaqs function in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard PoC SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL...

Popup box < 2.3.4 - Authenticated Blind SQL Injections

The getayspopupboxes and getpopupcategories functions of the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Exploit All of them with same technique. SQLMAP:...

Survey Maker < 1.5.6 - Authenticated Blind SQL Injections

The getresults and getitems functions in the plugin did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard Note WPScanTeam: Other SQLi were identified when confirming the...

CVE-2018-5404 The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections.

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges 'User Console Only' role to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. A...

ASUSTOR ADM <= 3.1.2.RHG1 Multiple Vulnerabilities - Active Check

ASUSTOR ADM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:asustor:adm"; if description...

DTracker 1.5 - Multiple Unauthenticated Blind SQL Injections

The dtracker WordPress plugin was affected by a Multiple Unauthenticated Blind SQL Injections security vulnerability...

Pixie CMS 1.01 - 1.04 - Blind SQL Injections

No description provided by source. Exploit Title: Pixie CMS 1.01 - 1.04 pixieuser Blind SQL Injection Google Dork: None Date: 11/14/2011 Author: Piranha, piranhaattorontomail.com Software Link: http://www.getpixie.co.uk/ Version: 1.01 - 1.04 Tested on: Windows XP SP3, Pixie versions: 1.01 - 1.04...

SOBI2 2.9.3.2 Joomla! Component Blind SQL Injections

No description provided by source. Exploit Title: SOBI2 2.9.3.2 Joomla! Component Blind SQL Injections Date: 13 July 2011 Author: jdc Software Link: http://www.sigsiu.net Version: 2.9.3.2 Fixed In: 2.9.4 Verified: http://www.sigsiu.net/changelog as Bugfix: Blind SQL injection Versions prior to...

Pixie CMS 1.01 - 1.04 Blind SQL Injections

No description provided by source. Exploit Title: Pixie CMS 1.01 - 1.04 "pixieuser" Blind SQL Injection Google Dork: None Date: 11/14/2011 Author: Piranha, piranhaattorontomail.com Software Link: http://www.getpixie.co.uk/ Version: 1.01 - 1.04 Tested on: Windows XP SP3, Pixie versions: 1.01 - 1.0...

Pixie CMS 1.01 &lt; 1.04 - Blind SQL Injections

Exploit Title: Pixie CMS 1.01 - 1.04 "pixieuser" Blind SQL Injection Google Dork: None Date: 11/14/2011 Author: Piranha, piranhaattorontomail.com Software Link: http://www.getpixie.co.uk/ Version: 1.01 - 1.04 Tested on: Windows XP SP3, Pixie versions: 1.01 - 1.04 CVE : None Example request: GET...

Pixie CMS 1.01 - 1.04 Blind SQL Injections

Exploit for php platform in category web applications Exploit Title: Pixie CMS 1.01 - 1.04 "pixieuser" Blind SQL Injection Google Dork: None Date: 11/14/2011 Author: Piranha, piranhaattorontomail.com Software Link: http://www.getpixie.co.uk/ Version: 1.01 - 1.04 Tested on: Windows XP SP3, Pixie...

Cisco Unified Operations Manager < 8.6 Multiple Vulnerabilities

According to its self-reported version number, the version of Cisco Unified Operations Manager on the remote host has multiple vulnerabilities : - Multiple reflected XSS. CVE-2011-0959, CVE-2011-0961, CVE-2011-0962 - Multiple blind SQL injections. CVE-2011-0960 - A directory traversal in...

Joomla! Component com_sobi2 2.9.3.2 - Blind SQL Injections

Exploit Title: SOBI2 2.9.3.2 Joomla! Component Blind SQL Injections Date: 13 July 2011 Author: jdc Software Link: http://www.sigsiu.net Version: 2.9.3.2 Fixed In: 2.9.4 Verified: http://www.sigsiu.net/changelog as " Bugfix: Blind SQL injection" Versions prior to 2.9.4 suffer from a blind sql...

LiteRadius 3.2 - Multiple Blind SQL Injections

Exploit Title: LiteRadius 80 www.websiteauditing.org www.areyousecure.net Shouts to the Belegit crew...

Cisco Unified Operations Manager Multiple Vulnerabilities - SOS-11-006

Sense of Security - Security Advisory - SOS-11-006 Release Date. 18-May-2011 Last Update. - Vendor Notification Date. 28-Feb-2011 Product. Cisco Unified Operations Manager Common Services Framework Help Servlet Common Services Device Center CiscoWorks Homepage Note: All of the above products are...

PhpMyShopping 1.0.1505 Cross Site Scripting / SQL Injection

.:. Author : Metropolis .:. Home : www.metropolis.fr.cr .:. Script : PhpMyShopping .:. Version : v1.0.1505 .:. Download Script: http://www.phpmyshopping.org/nightbuild/PhpMyShoppingmonoboutiquev1.0.1505.tar.gz .:. Bug Type : Multiple Vulnerabilities / Blind SQL Injections / XSS === Blind Sql...

ColdOfficeView 2.04 - Multiple Blind SQL Injections

ColdOfficeView 2.04 - Multiple Blind SQL Injections ColdGen - coldofficeview v2.04 Remote Blind SQL Injection vulnerabilities Vendor: http://www.coldgen.com/ Found by: mrme net-ninja.net PoC's 1. http://target/path/index.cfm?fuseaction=ViewEventDetails&EventID=Blind SQLi...

Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injections

Joomla! Component JE FAQ Pro 1.5.0 - Multiple Blind SQL Injections --------------------------------------------------------------------------------- Joomla Component JE FAQ Pro : Multiple Remote Blind Sql Injection ---------------------------------------------------------------------------------...

Cкрипт для работы со слепыми инъекциями

Скрипт для работы со слепыми инъекциями. Наверное аналогов очень много, но этот скрипт заточен под слепые инъекции, а так же я постарался включить в него все возможные функции к примеру работа с informationschema очень полезно если версия БД = 5 или вывод файла что будет применимо если версия БД ...