4693 matches found
Symantec Endpoint Protection Manager < 12.1 RU6 Multiple Vulnerabilities (SYM15-005)
The version of Symantec Endpoint Protection Manager SEPM installed on the remote host is prior to 12.1 RU6. It is, therefore, affected by the following vulnerabilities : - A DLL injection vulnerability exists due to improper path restrictions when loading DLLs. An authenticated, local attacker ca...
Wordpess Simple Photo Gallery Blind SQLi Vulnerability
WordPress Simple Photo Gallery is prone to blind SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection
WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection Exploit Title: Wordpess Simple Photo Gallery Blind SQL Injection Date: 12-05-2015 Exploit Author: woodspeed Vendor Homepage: https://wordpress.org/plugins/simple-photo-gallery/ Version: 1.7.8 Tested on: Apache 2.2.22, PHP 5.3.10...
WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection
Exploit Title: Wordpess Simple Photo Gallery Blind SQL Injection Date: 12-05-2015 Exploit Author: woodspeed Vendor Homepage: https://wordpress.org/plugins/simple-photo-gallery/ Version: 1.7.8 Tested on: Apache 2.2.22, PHP 5.3.10 OSVDB ID : http://www.osvdb.org/show/osvdb/122374 WPVULNDB ID :...
Simple Photo Gallery 1.7.8 - Blind SQL Injection
MySQL = 5.0.12 AND time-based blind SELECT sql injection in the galleryid parameter. ./sqlmap.py --dbms=MYSQL --technique T -u http://www.example.com/wordpress/index.php/wppgphotogallery/wppgphotodetails/?galleryid=1&imageid=14...
Media File Manager Advanced <= 1.1.5 - Multiple Vulnerabilites
Media File Manager Advanced suffers from executing administrator actions by any authenticated user due to weak permissions checking. An attacker is able to delete/update posts, Creating/Removing/Listing Directories, Moving/Renaming/Deleting Files, Blind SQL Injection and Cross-Site Scripting. Pos...
Oracle blind injection combined with XXE vulnerability remote data acquisition-vulnerability warning-the black bar safety net
Presumably everyone onSQL injectionhas been familiar for XML entity injection, or XXE, is also. This paper mainly discussed the method in the presence of the ORACLE the blind the case of remote access to the data. In fact, and UTLHTTP Remote Access Method of the same, but the principle is...
Mail.ru: store-agent.mail.ru: stacked blind injection
store-agent.mail.ru purchases db admin auth bypass + blind sql injection...
WordPress Plugin Community Events 1.3.5 - SQL Injection
======================================================================= title: SQL Injection product: WordPress Community Events Plugin vulnerable version: 1.3.5 and probably below fixed version: 1.4 CVE number: CVE-2015-3313 impact: CVSS Base Score 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P homepage:...
u-Auctions - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: u-Auctions Multiple Vulnerabilities Google Dork: "Powered by u-Auctions ©" Date: 03 April 2015 Exploit Author: Don Vendor Homepage: https://www.u-auctions.com / Version: ALL Tested on: Debian 1. Blind SQL injection: This...
OrangeHRM Cross Site Scripting / SQL Injection
I. Overview ======================================================== OrangeHRM Opensource 3.2.1, Professional & Enterprise 4.11 are prone to a multiple Blind SQL injection & XSS vulnerabilities. These vulnerabilities allows an attacker to inject SQL commands to compromise the affected database...
WordPress SP Project & Document Manager 2.5.3 - Blind SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress SP Project & Document Manager 2.5.3 Blind SQL Injection Google Dork: inurl:wp-content/plugins/sp-client-document-manager Date: 2015-03-04 Exploit Author: catsecurity Vendor Homepage: http://smartypantsplugins.com...
Wordpress Traffic Analyzer Plugin 3.4.2 - Blind SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress plugin 'Traffic Analyzer' Blind SQL Injection Google Dork: inurl:/plugins/trafficanalyzer/js/ Date: 4/7/2015 Exploit Author: Dan King @fuzztester Vendor Homepage: http://wptrafficanalyzer.in/ Software Link:...
Balero CMS 0.7.2 - Multiple Blind SQL Injections
Balero CMS 0.7.2 - Multiple Blind SQL Injections Balero CMS v0.7.2 Multiple Blind SQL Injection Vulnerabilities Vendor: BaleroCMS Software Product web page: http://www.balerocms.com Affected version: 0.7.2 Summary: Balero CMS is an open source project that can help you manage the page of your...
WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title : WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability Exploit Author : Claudio Viviani Vendor Homepage : https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ Software Link :...
All In One WP Security & Firewall <= 3.9.0 - Blind SQL Injection
There are some pages which use the WordPress escsql function incorrectly. PoC http://www.example.com/wp-admin/admin.php?page=aiowpsec=tab3=userid,select from selectsleep30a=asc...
All In One WP Security & Firewall <= 3.9.0 - Blind SQL Injection
There are some pages which use the WordPress escsql function incorrectly. http://www.example.com/wp-admin/admin.php?page=aiowpsec&tab=tab3&orderby=userid,select from selectsleep30a&order=asc...
WordPress All In One WP Security And Firewall 3.9.0 SQL Injection
Exploit Title : WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability Exploit Author : Claudio Viviani Vendor Homepage : https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ Software Link :...
u-Auctions - Multiple Vulnerabilities
u-Auctions - Multiple Vulnerabilities Exploit Title: u-Auctions Multiple Vulnerabilities Google Dork: "Powered by u-Auctions ©" Date: 03 April 2015 Exploit Author: Don Vendor Homepage: https://www.u-auctions.com / Version: ALL Tested on: Debian 1. Blind SQL injection: This vulnerability affects...
u-Auctions - Multiple Vulnerabilities
Exploit Title: u-Auctions Multiple Vulnerabilities Google Dork: "Powered by u-Auctions ©" Date: 03 April 2015 Exploit Author: Don Vendor Homepage: https://www.u-auctions.com / Version: ALL Tested on: Debian 1. Blind SQL injection: This vulnerability affects /adsearch.php URL encoded POST input...