SQL Injection in vtiger CRM

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in vtiger CRM, which can be exploited to execute arbitrary SQL commands in application's database. 1 SQL Injection in vtiger CRM: CVE-2013-5091 The vulnerability exists due to insufficient validation of "onlyforuser" HT...

McAfee ePO Extension for McAfee Agent Multiple Blind SQL Injection (SB10043)

According to its self-reported version number, the version of ePO Extension for McAfee Agent installed on the remote host has multiple blind SQL injection vulnerabilities. A remote, authenticated user could exploit this to execute arbitrary SQL queries, resulting in arbitrary code execution with...

phpEventCalendar 0.2.3 - Multiple Vulnerabilities

phpEventCalendar 0.2.3 - Multiple Vulnerabilities phpEventCalendar v.0.2.3 Multiple Vulnerabilities ==================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:...

TESO Web 2.0 SQL Injection

============================================ TESO web 2.0 SQLInjection/ Blind SQLInjection ============================================= I. VULNERABILITY ------------------------- Title: TESO SQLInjection/ Blind SQLInjection Vendor:http://www.tesoweb.com Author:Juan Carlos García @secnight Follow...

Habbomobile / Sulake Blind SQL Injection

============================================ Habbomobile-SULAKE- Social Network Blind SQLInjection ============================================= I. VULNERABILITY ------------------------- Habbomobile.com/sulake.com Blind SQLInjection Author:Juan Carlos García Affected items /careers/ /press/award...

AVE.CMS 2.09 - index.php?module Blind SQL Injection

AVE.CMS 2.09 - index.php?module Blind SQL Injection !/usr/bin/env python import urllib, sys, time Exploit Title: AVE.CMS " if url:7 != "http://": url = "http://" + url + "/index.php?module=" else: url = url + "/index.php?module=" database = options = 'Version':'VERSION', 'User':'CURRENTUSER',...

AVE.CMS 2.09 Blind SQL Injection Vulnerability

AVE.CMS versions less than 2.09 suffer from a remote blind SQL injection vulnerability in the "module" parameter. This is a proof of concept exploit. This issue is addressed in later versions. !/usr/bin/env python import urllib, sys, time Exploit Title: AVE.CMS " if url:7 != "http://": url =...

AVE.CMS 2.09 Blind SQL Injection

!/usr/bin/env python import urllib, sys, time Exploit Title: AVE.CMS " if url:7 != "http://": url = "http://" + url + "/index.php?module=" else: url = url + "/index.php?module=" database = options = 'Version':'VERSION', 'User':'CURRENTUSER', 'Database':'DATABASE' sys.stdout.write"+ Checking...

Joomla DJ Classifieds Extension 2.0 - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications $$$$$$\ $$\ $$\ $$$$$$\ $$ $$\ $$ | $$ | $$ $$\ $$ / | $$ | $$ | $$ / | $$ |$$$$\ $$$$$$$$ | $$$$$$\ $$ |$$ | $$ $$ | $$\ $$ | $$ | $$ | $$ | $$\ $$ | $$$$$$ |$$\ $$ | $$ |$$\$$$$$$ | / || ||/ Exploit Title: Joomla - DJ Classifieds...

Webid 1.0.6 - Multiple Vulnerabilities

WeBid is an open-source auction script package. Although still in beta stages WeBid is one of the best open-source solutions for getting an auction site up and running quickly and cheaply. Written in the popular scripting language PHP and with a large collection of highly customisable features...

Webid 1.0.6 File Disclosure / SQL Injection

Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability Google Dork: intext:"Powered by WeBid" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Vendor: http://www.webidsupport.com/ Software Link:...

Joomla! Component dj-classifieds 2.0 - Blind SQL Injection

Joomla! Component dj-classifieds 2.0 - Blind SQL Injection $$$$$$\ $$\ $$\ $$$$$$\ $$ $$\ $$ | $$ | $$ $$\ $$ / | $$ | $$ | $$ / | $$ |$$$$\ $$$$$$$$ | $$$$$$\ $$ |$$ | $$ $$ | $$\ $$ | $$ | $$ | $$ | $$\ $$ | $$$$$$ |$$\ $$ | $$ |$$\$$$$$$ | / || ||/ Exploit Title: Joomla - DJ...

WeBid 1.0.6 - Multiple Vulnerabilities

Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability Google Dork: intext:"Powered by WeBid" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Vendor: http://www.webidsupport.com/ Software Link:...

Joomla! Component dj-classifieds 2.0 - Blind SQL Injection

$$$$$$\ $$\ $$\ $$$$$$\ $$ $$\ $$ | $$ | $$ $$\ $$ / | $$ | $$ | $$ / | $$ |$$$$\ $$$$$$$$ | $$$$$$\ $$ |$$ | $$ $$ | $$\ $$ | $$ | $$ | $$ | $$\ $$ | $$$$$$ |$$\ $$ | $$ |$$\$$$$$$ | / || ||/ Exploit Title: Joomla - DJ Classifieds - Time-Based Blind SQL Injection Google Dork:...

Webid Blind SQL Injection / Local File Disclosure Vulnerability

Exploit for php platform in category web applications Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability Google Dork: intext:"Powered by WeBid" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Vendor: http://www.webidsupport.com/ Software Link:...

Yahoo! Blind SQL Injection could lead to data leakage

It seems that 2013 is the "Data Leakage Year"! Many customers' information and confidential data have been published on the internet coming from government institutions, famous vendors, and companies too. Ebrahim Hegazy@Zigoo0 an Egyptian information security advisor who found a high severity...

Simple HRM System 2.3 - Multiple Vulnerabilities

Simple HRM System 2.3 - Multiple Vulnerabilities Exploit Title: Multiple Vulnerabilities in Simple HRM system v2.3 and below Date: 12/04/2013 Exploit Author: Doraemon Vendor Homepage: http://www.simplehrm.com/ Software Link: http://sourceforge.net/projects/simplehrm/ Version: 2.2/2.3 Tested on: 2...

PsychoStats 3.2.2b - 'awards.php' Blind SQL Injection

Exploit Title : PsychoStats awards.php blind SQL Injection ============== Date: 27/03/2013 00:50 ===== Author: Mohamed from ALG ====== Vendor or Software Link:http://psychostats.us/ ======================= Version: 3.2.2b ======== Category: webapps ========= Google Keywords: "Powered by PsychoSta...

PsychoStats 3.2.2b Blind SQL Injection

Exploit Title : PsychoStats awards.php blind SQL Injection ============== Date: 27/03/2013 00:50 ===== Author: Mohamed from ALG ====== Vendor or Software Link:http://psychostats.us/ ======================= Version: 3.2.2b ======== Category: webapps ========= Google Keywords: "Powered by PsychoSta...

PsychoStats 3.2.2b - awards.php Blind SQL Injection

PsychoStats 3.2.2b - awards.php Blind SQL Injection Exploit Title : PsychoStats awards.php blind SQL Injection ============== Date: 27/03/2013 00:50 ===== Author: Mohamed from ALG ====== Vendor or Software Link:http://psychostats.us/ ======================= Version: 3.2.2b ======== Category:...