Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4693 matches found

0day.today
0day.todayadded 2014/11/10 12:0 a.m.78 views

ManageEngine OpManager / Social IT Plus / IT360 Multiple Vulnerabilities

ManageEngine OpManager, Social IT Plus, and IT360 suffer from code execution, remote shell upload, and remote SQL injection vulnerabilities. This time we have a file upload leading to remote code execution and a blind SQL injection in ManageEngine OpManager, Social IT Plus and IT360. ManageEngine...

7.5CVSS0.7AI score0.79759EPSS
Exploits11
Packet Storm
Packet Stormadded 2014/11/09 12:0 a.m.64 views

ManageEngine OpManager / Social IT Plus / IT360 File Upload / SQL Injection

Hi, This is the 8th part of the ManageOwnage series. For previous parts see 1. This time we have a file upload leading to remote code execution and a blind SQL injection in ManageEngine OpManager, Social IT Plus and IT360. ManageEngine have released an emergency fix, see details in the advisory...

7.5CVSS0.5AI score0.79759EPSS
Exploits11
exploitpack
exploitpackadded 2014/11/09 12:0 a.m.55 views

ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities

ManageEngine OpManager Social IT Plus IT360 - Multiple Vulnerabilities Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro [email protected], Agile Information Security ==========================================================================...

7.5CVSS6.5AI score0.79759EPSS
Exploits23
0day.today
0day.todayadded 2014/10/29 12:0 a.m.50 views

Enalean Tuleap 7.4.99.5 - Remote Command Execution / Blind SQL Injection Vulnerabilities

Enalean Tuleap versions 7.4.99.5 and below suffer from a remote command execution vulnerability and below suffer from a remote, authenticated blind SQL injection vulnerability Vulnerability title: Tuleap /usr/share/codendi/src/www/passwd.txt && "ozilla/5.0 Windows NT 6.1; WOW64; rv:31.0...

9.3CVSS0.4AI score0.05062EPSS
Exploits11
Packet Storm
Packet Stormadded 2014/10/28 12:0 a.m.44 views

Tuleap 7.4.99.5 Blind SQL Injection

Vulnerability title: Tuleap &globalfiltersubmit=Apply HTTP/1.1 Host: 192.168.56.108 User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64; rv:31.0 Gecko/20100101 Firefox/31.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, defla...

6.5CVSS0.1AI score0.022EPSS
Exploits6
Exploit DB
Exploit DBadded 2014/10/28 12:0 a.m.26 views

Tapatalk for vBulletin 4.x - Blind SQL Injection

!/usr/bin/env python -- coding: utf-8 -- ''' @author: tintinweb 0x721427D8 ''' import urllib2, urllib import xmlrpclib,re, urllib2,string,itertools,time from distutils.version import LooseVersion class Exploitobject: def initself, target, debug=0 : self.stopwatchstart=time.time self.target = targ...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2014/10/27 12:0 a.m.34 views

vBulletin 4.x Tapatalk Blind SQL Injection

!/usr/bin/env python -- coding: utf-8 -- ''' @author: tintinweb 0x721427D8 ''' import urllib2, urllib import xmlrpclib,re, urllib2,string,itertools,time from distutils.version import LooseVersion class Exploitobject: def initself, target, debug=0 : self.stopwatchstart=time.time self.target = targ...

0.1AI score0.04145EPSS
Exploits5
Exploit DB
Exploit DBadded 2014/10/14 12:0 a.m.27 views

YourMembers Plugin - Blind SQL Injection

Vulnerability title: Blind SQL Injection Vulnerability in YourMembers plugin CVE: N/A Vendor: YourMembers plugin Product: https://github.com/YourMembers/yourmembers/tree/master/ymtrunk Affected version: Version 3, 29 June 2007 https://github.com/YourMembers/yourmembers/blob/master/LICENSE Google...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2014/10/14 12:0 a.m.24 views

YourMembers Blind SQL Injection

Vulnerability title: Blind SQL Injection Vulnerability in YourMembers plugin CVE: N/A Vendor: YourMembers plugin Product: https://github.com/YourMembers/yourmembers/tree/master/ymtrunk Affected version: Version 3, 29 June 2007 https://github.com/YourMembers/yourmembers/blob/master/LICENSE Google...

0.4AI score
Exploits0
exploitpack
exploitpackadded 2014/10/14 12:0 a.m.29 views

YourMembers Plugin - Blind SQL Injection

YourMembers Plugin - Blind SQL Injection Vulnerability title: Blind SQL Injection Vulnerability in YourMembers plugin CVE: N/A Vendor: YourMembers plugin Product: https://github.com/YourMembers/yourmembers/tree/master/ymtrunk Affected version: Version 3, 29 June 2007...

0.6AI score
Exploits0
Packet Storm
Packet Stormadded 2014/10/02 12:0 a.m.23 views

AllMyVisitors 0.5.0 SQL Injection

AllMyVisitors0.5.0 Blind SQL Injection Vulnerability ==================================================== Author : indoushka Vondor : http://www.php-resource.net/ Dork: Copyright c 2004 by voice of web ========================== SQL injection is a vulnerability that allows an attacker to alter...

0.4AI score
Exploits0
Exploit DB
Exploit DBadded 2014/09/25 12:0 a.m.44 views

Cart Engine 3.0 - Multiple Vulnerabilities

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...

7AI score
Exploits0
Packet Storm
Packet Stormadded 2014/09/16 12:0 a.m.36 views

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...

0.3AI score
Exploits0
exploitpack
exploitpackadded 2014/08/20 12:0 a.m.62 views

ManageEngine Password Manager Pro ManageEngine IT360 - SQL Injection

ManageEngine Password Manager Pro ManageEngine IT360 - SQL Injection source: https://www.securityfocus.com/bid/69303/info ManageEngine Password Manager Pro and ManageEngine IT360 are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using ...

7.5CVSS0.4AI score0.35547EPSS
Exploits13
Exploit DB
Exploit DBadded 2014/08/20 12:0 a.m.64 views

ManageEngine Password Manager Pro / ManageEngine IT360 - SQL Injection

source: https://www.securityfocus.com/bid/69303/info ManageEngine Password Manager Pro and ManageEngine IT360 are prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

7.5CVSS6.4AI score0.35547EPSS
Exploits13
Hacker One
Hacker Oneadded 2014/08/08 11:46 a.m.118 views

Square: Blind SQL injection in www.bookfresh.com

The resource at /reservations doesn't properly sanitise the "client" variable before putting it into a MySQL statement. This results in a Blind SQL Injection vulnerability. We can demonstrate the vulnerability by making the SQL server wait for a while before responding. PoC wait a while:...

7.8AI score
Exploits0
WPVulnDB
WPVulnDBadded 2014/08/01 10:59 a.m.10 views

IndiaNIC FAQs Manager 1.0 - Blind SQL Injection

The faqs-manager WordPress plugin was affected by a Blind SQL Injection security vulnerability...

3.1AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDBadded 2014/08/01 10:58 a.m.5 views

SendIt <= 1.5.9 - Blind SQL Injection

The Sendit WP Newsletter WordPress plugin was affected by a Blind SQL Injection security vulnerability...

1.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDBadded 2014/08/01 10:58 a.m.8 views

NextGEN Smooth Gallery - Blind SQL Injection

The nextgen-smooth-gallery WordPress plugin was affected by a Blind SQL Injection security vulnerability...

2.6AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDBadded 2014/08/01 10:58 a.m.9 views

UPM-POLLS 1.0.4 - BLIND SQL injection

The upm-polls WordPress plugin was affected by a BLIND SQL injection security vulnerability...

2.3AI score
Exploits0References1Affected Software1
Rows per page
Query Builder