LinPHA <= 1.3.1 (new_images.php) Remote Blind SQL Injection Exploit

No description provided by source. ?php / LinPHA = 1.3.1 newimages.php Remote Blind SQL Injection Hash Fishing Exploit / BENCHMARK method author...: EgiX mail.....: n0b0d1esathotmaildotcom link.....: http://linpha.sourceforge.net/ dork.....: LinPHA Version 1.3.x or The LinPHA developers vulnerabl...

Pandora FMS <= 3.1 - Blind SQL Injection

No description provided by source. + Introduction Pandora FMS for Pandora Flexible Monitoring System is a software solution for monitoring computer networks. It allows monitoring in a visual way the status and performance of several parameters from different operating systems, servers, applicatio...

Pub-Me CMS Blind SQL Injection Vulnerability

No description provided by source. | | | | |.' | | | | | ||| |||| Pub-Me CMS Blind SQL Injection Vulnerability Name: Pub-Me CMS Vendor: http://www.pub-me.com/ Versions Affected: //unknown, all current affected - devel. homepage & 33 clients web pages Software Link: Not aviable, Demo can be...

falt4 cms rc4 10.9.2007 Multiple Vulnerabilities

No description provided by source. H - Security Labs Falt4 CMS RC4 10.9.2007 Security Report /Advisory ID : HSEC20071012 General Information -------------------------- Name : Falt4Extreme CMS RC4 10.9.2007 Vendor HomePage :http://sourceforge.net/projects/falt4/ Platforms : PHP && MySQL...

WahmShoppes eStore Cross Site Scripting / SQL Injection Vulnerabilities

WahmShoppes eStore suffers from cross site scripting, information disclosure, and remote SQL injection vulnerabilities. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : multiple Vulnerability in "WahmShoppes eStore" Author : alieye vendor : http://www.wahmshoppes.com/ Contact :...

Maccms 最新注入一枚。

简要描述： 看到maccms又更新了 果断下来看看。 本来可以Sql的地方还挺多。。 但是由于自带的360防注入脚本。。我没办法绕过。 还是找到了一处, 如果没这防注入的话可以直接利用这注入登录后台。。 可是。。 老老实实盲注把。 详细说明： maccms 基本上都是调用be函数来代替$POST之类的。 都做了addslashes。 在admin/adminconn.php中 function chkLogin global $db; $mid = getCookie'adminid'; $mname = getCookie'adminname'; $mcheck =...

SQL Servers Blind SQL Injection

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

Synology DSM4 Blind SQL Injection

Title: Synology DSM Blind SQL Injection Version affected: = 4.3-3827 Vendor: Synology Discovered by: Michael Wisniewski Status: Patched The file "/photo/include/blog/article.php" contains a Blind SQL Injection Vulnerability in the 'value' variable in the URL. The vendor was contacted approximatel...

PrestaShop 1.6.0 Blind SQL Injection

PrestaShop V1.6.0 Blind Sql Vulnerability 0-Day =============================================== Author : indoushka vendor : http://www.prestashop.com/fr/telechargement Dork : No 4 noob http://swift-strike.com/ajax/getSimilarManufacturer.php?idmanufacturer=3 inject her Login : path/admin Cross sit...

CMS HINTWEB Cross Site Scripting / SQL Injection

Cross Site Scripting on CMS HINTWEB + Date: 04/05/2014 + Risk: LOW + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.hintweb.com.br/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable File: index.php + Exploit : http://host//index.php?txtMSG=XSS + PoC...

Multiple Vulnerabilities in MODX Revolution &lt; = MODX 2.2.13-pl

Product description: ============ MODX originally MODx is a free, open source content management system and web application framework for publishing content on the world wide web and intranets. ============ MODX Revolution Blind SQL Injection CVE-2014-2736 ============ The application is vulnerab...

SQL Injection in Orbit Open Ad Server

Advisory ID: HTB23208 Product: Orbit Open Ad Server Vendor: OrbitScripts, LLC Vulnerable Versions: 1.1.0 and probably prior Tested Version: 1.1.0 Advisory Publication: March 19, 2014 without technical details Vendor Notification: March 19, 2014 Vendor Patch: March 21, 2014 Public Disclosure: Apri...

Blind SQL Injection Vulnerability in KnowledgeTree &lt;= 3.7.0.2

Product description: ============ KnowledgeTree is document management system that makes it easy to secure, share, track and manage the documents and records. ============ KnowledgeTree Blind SQL Injection CVE-2014-2737 ============ The application is vulnerable to blind SQL injection which is...

GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection

GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection Exploit Title: GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection Official site: http://geodesicsolutions.com Risk Level: High Vendor : http://geodesicsolutions.com Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 25/04/2014...

IBM Server RAID Manager Browser Edition Blind SQL Injection

Exploit Title: IBM Server RAID Manager Browser Edition Blind SQL Injection Bypassing Authentication Google Dork: None Date: 22/04/2014 Exploit Author: JoeV Vendor Homepage: https://www.adaptec.com/ Software Link: https://www.adaptec.com/en-us/speed/raid/storagemanager/smbewin2k3xp2kv12exe.htm...

MODx Blind SQL Injection Vulnerability

MODx versions prior to 2.2.14 suffer from multiple remote blind SQL injection vulnerabilities. Product description: ============ MODX originally MODx is a free, open source content management system and web application framework for publishing content on the world wide web and intranets...

Orbit Open Ad Server 1.1.0 SQL Injection Vulnerability

Orbit Open Ad Server version 1.1.0 suffers from a remote SQL injection vulnerability. Product: Orbit Open Ad Server Vendor: OrbitScripts, LLC Vulnerable Versions: 1.1.0 and probably prior Tested Version: 1.1.0 Advisory Publication: March 19, 2014 without technical details Vendor Notification: Mar...

Tag3 Blind SQL Injection

Blind Sql Injection on Tag3 + Date: 01/04/2014 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.tag3.com.br/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable File: popvideo.php + Exploit : http://host/popvideo.php?id=Blind SQL Injection...

Chat2 Cross Site Scripting / SQL Injection

Exploit Title: Chat2 Blind SQL Injection Chat2 Cross site scripting Date: 2014 18 March Author: Dr.3v1l Tested on: Windows Category: webapps Google Dork: inurl:"/chatrooms.php" + Exploit SQL: http:///Chat2/jumpin.php URL encoded POST input userid was set to :...

OpenSupports 2.0 - Blind SQL Injection

Exploit for php platform in category web applications This vulnerability affects /support/login.php emailcorreoelectronico=select0fromselectsleep0v/'%2bselect0fromselectsleep0v%2b'%22%2bselect0fromselectsleep0v%2b%22/&pass=g00dPa%24%24w0rD&Submit2=Login This vulnerability affects...