4694 matches found
Informatica: [informatica.com] Blind SQL Injection
Hi guys! JSON POST parameter "docId" is vulnerable to Blind SQL Injection attack PoC Raw query POST /vtibin/RatingsCalculator/RatingsCalculator.asmx/CalculateRatings HTTP/1.1 User-Agent: Opera/9.80 Windows NT 6.1; WOW64 Presto/2.12.388 Version/12.17 Host: kb-test.informatica.com Accept-Language:...
Tiny Tiny RSS - Blind SQL Injection
Exploit for php platform in category web applications Exploit Title: Tiny Tiny RSS Blind SQL Injection Date: 15-02-2016 Software Link: http://tt-rss.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...
Tiny Tiny RSS Blind SQL Injection
Exploit Title: Tiny Tiny RSS Blind SQL Injection Date: 15-02-2016 Software Link: http://tt-rss.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description $itemid inside processcategoryorder is not properly...
WordPress User Meta Manager 3.4.6 Blind SQL Injection
Exploit Title: WordPress User Meta Manager Plugin Blind SQLI Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://jasonlau.biz/home/ Software Link:...
WordPress User Meta Manager Plugin 3.4.6 - Blind SQL Injection
Because of this vulnerability, arbitrary MySQL commands can be passed to "ummuser" GET parameter by a registered user. Solution Update the plugin...
WordPress Plugin User Meta Manager 3.4.6 - Blind SQL Injection
WordPress Plugin User Meta Manager 3.4.6 - Blind SQL Injection Exploit Title: WordPress User Meta Manager Plugin Blind SQLI Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...
WordPress User Meta Manager 3.4.6 Plugin - Blind SQL Injection
Exploit for php platform in category web applications Exploit Title: WordPress User Meta Manager Plugin Blind SQLI Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://jasonlau.biz/home/...
WordPress Plugin User Meta Manager 3.4.6 - Blind SQL Injection
Exploit Title: WordPress User Meta Manager Plugin Blind SQLI Discovery Date: 2015/12/28 Public Disclosure Date: 2016/02/04 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://jasonlau.biz/home/ Software Link:...
WordPress Formidable Forms Plugin <= 1.07.11 - Blind SQL Injection
Because of this vulnerability, remote authenticated users can execute arbitrary SQL commands. Solution Update the plugin...
Gongwalker API Manager 1.1 - Blind SQL Injection
Exploit for php platform in category web applications gongwalker API Manager v1.1 - Blind SQL Injection Exploit Title: gongwalker API Manager v1.1 - Blind SQL Injection Date: 2016-01-25 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage:...
Gongwalker API Manager 1.1 - Blind SQL Injection
gongwalker API Manager v1.1 - Blind SQL Injection Exploit Title: gongwalker API Manager v1.1 - Blind SQL Injection Date: 2016-01-25 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/gongwalker/ApiManager Software Link:...
kingdee办公系统的文件/kingdee/portal/portal_info.jsp存在Blind SQL注入漏洞
No description provided by source...
Exam Board 3.0.0 Blind SQL Injection
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : http://0day.today 0 1 + Support e-mail :...
Skybox Platform < 7.0.611 - Multiple Vulnerabilities
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Skybox Platform vulnerable version: =7.0.611 fixed version: 7.5.401 CVE number: impact: Critical homepage:...
WordPress Users Ultra Plugin 1.5.50 - Blind SQL injection
Because of this vulnerability, an attacker can change tag, type, description, photo or video name, category or unique id by setting POST parameters, such as "photodesc", "phototags" or "photo name", "videotype", "videoname", etc. Solution Update the plugin...
GoCodes <= 1.3.5 - Authenticated XSS & Blind SQL Injection
The gocodes WordPress plugin was affected by an Authenticated XSS & Blind SQL Injection security vulnerability...
WordPress GigPress Plugin <= 2.3.10 - Multiple Vulnerabilities
This plugin is prone to cross site scripting and blind SQL injection vulnerabilities. Attackers can inject arbitrary JavaScript or HTML code or execute arbitrary SQL commands. Solution Update the plugin...
WP-Stats-Dashboard <= 2.9.4 - Authenticated Blind SQL Injection
The wp-stats-dashboard WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability...
WP RSS Multi Importer <= 3.15 - Blind SQL Injection & Cross-Site Scripting (XSS)
The wp-rss-multi-importer WordPress plugin was affected by a Blind SQL Injection & Cross-Site Scripting XSS security vulnerability...
AlegroCart 1.2.8 - Multiple SQL Injections
AlegroCart 1.2.8 - Multiple SQL Injections Security Advisory - Curesec Research Team 1. Introduction Affected Product: AlegroCart 1.2.8 Fixed in: Patch AC128fix17102015 Path Link: http://forum.alegrocart.com/download/file.php?id=1040 Vendor Website: http://alegrocart.com/ Vulnerability Type: SQL...