Symantec Web Gateway 5.0.3.18 - deptUploads_data.php?groupid Blind SQL Injection

Symantec Web Gateway 5.0.3.18 - deptUploadsdata.php?groupid Blind SQL Injection !/usr/bin/python @Kc57 Blind SQLi POC Dumps out the first available hash in the users table of spywalldb import urllib import time from time import sleep timing='2.5' checks = 0 def checkchari, pos: global timimg glob...

Symantec Web Gateway 5.0.3.18 (deptUploads_data.php) Blind SQL Injection Vulnerability

Exploit for php platform in category web applications !/usr/bin/python @Kc57 Blind SQLi POC Dumps out the first available hash in the users table of spywalldb import urllib import time from time import sleep timing='2.5' checks = 0 def checkchari, pos: global timimg global checks checks += 1 url ...

Symantec Web Gateway 5.0.2 - blocked.php?id Blind SQL Injection

Symantec Web Gateway 5.0.2 - blocked.php?id Blind SQL Injection !/usr/bin/python Exploit Title: Symantec Web Gateway 5.0.2 blocked.php id parameter Blind SQL Injection Date: Jul 23 2012 Author: muts Version: Symantec Web Gateway 5.0.2 Vendor URL: http://www.symantec.com Timeline: 29 May 2012:...

Symantec Web Gateway 5.0.2 (blocked.php id parameter) Blind SQL Injection

Exploit for linux platform in category web applications !/usr/bin/python Exploit Title: Symantec Web Gateway 5.0.2 blocked.php id parameter Blind SQL Injection Date: Jul 23 2012 Author: muts Version: Symantec Web Gateway 5.0.2 Vendor URL: http://www.symantec.com Timeline: 29 May 2012: Vulnerabili...

Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting Blind SQL Injection

Alienvault Open Source SIEM OSSIM 3.1 - Reflected Cross-Site Scripting Blind SQL Injection !/usr/bin/python ''' AlienVault has a reflected XSS vulnerability in the "url" parameter of "top.php". Proof of Concept: Enticing a logged in user to visit the following URL where an attacker is hosting an...

Symantec Web Gateway 5.0.2 Blind SQL Injection

!/usr/bin/python Exploit Title: Symantec Web Gateway 5.0.2 blocked.php id parameter Blind SQL Injection Date: Jul 23 2012 Author: muts Version: Symantec Web Gateway 5.0.2 Vendor URL: http://www.symantec.com Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012: Response received from...

Symantec Web Gateway 5.0.3.18 Blind SQL Injection

Exploit Title: Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers Date: Jul 23 2012 Author: muts Version: Symantec Web Gateway 5.0.3.18 Vendor URL: http://www.symantec.com Timeline: 12 Jun 2012: Vulnerability reported to CERT 22 Jun 2012: Response received from CERT with...

Symantec Web Gateway 5.0.3.18 - Blind SQL Injection Backdoor via MySQL Triggers

Exploit Title: Symantec Web Gateway 5.0.3.18 Blind SQLi Backdoor via MySQL Triggers Date: Jul 23 2012 Author: muts Version: Symantec Web Gateway 5.0.3.18 Vendor URL: http://www.symantec.com Timeline: 12 Jun 2012: Vulnerability reported to CERT 22 Jun 2012: Response received from CERT with...

Ipswitch WhatsUp Gold 15.02 Stored XSS - Blind SQLi - RCE

Exploit for asp platform in category web applications / Exploit Title: Ipswitch WhatsUp Gold 15.02 Stored XSS - Blind SQLi - RCE Date: Jul 22 2012 Author: muts Version: Ipswitch WhatsUp Gold 15.02 Vendor URL: http://www.ipswitch.com/ An attacker can modify their snmpd.conf file with malicious...

Alienvault Open Source SIEM (OSSIM) 3.1 - Reflected Cross-Site Scripting / Blind SQL Injection

!/usr/bin/python ''' AlienVault has a reflected XSS vulnerability in the "url" parameter of "top.php". Proof of Concept: Enticing a logged in user to visit the following URL where an attacker is hosting an cookie grabber will allow for the hijacking of the user session:...

ipswitch whatsup gold 15.02 - Persistent Cross-Site Scripting Blind SQL Injection Remote Code Execution

ipswitch whatsup gold 15.02 - Persistent Cross-Site Scripting Blind SQL Injection Remote Code Execution / Exploit Title: Ipswitch WhatsUp Gold 15.02 Stored XSS - Blind SQLi - RCE Date: Jul 22 2012 Author: muts Version: Ipswitch WhatsUp Gold 15.02 Vendor URL: http://www.ipswitch.com/ An attacker c...

ipswitch whatsup gold 15.02 - Persistent Cross-Site Scripting / Blind SQL Injection / Remote Code Execution

/ Exploit Title: Ipswitch WhatsUp Gold 15.02 Stored XSS - Blind SQLi - RCE Date: Jul 22 2012 Author: muts Version: Ipswitch WhatsUp Gold 15.02 Vendor URL: http://www.ipswitch.com/ An attacker can modify their snmpd.conf file with malicious JavaScript as follows: sysName alert124pt In addition,...

ClipBucket 2 Blind SQL Injection

=============================================================================== Vulnerable Software: ClipBucket v2 Official Site: http://clip-bucket.com/ ================================================================================ Exploited: In Wild...

Chyrp v2.1.2 <= (FU/BSQLi) Multiple Vulnerabilities

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

WordPress WP-Predict 1.0 Blind SQL Injection

Exploit Title: WordPress WP-Predict v1.0 Blind SQL Injection Date: 7/9/12 Exploit Author: Chris Kellum Vendor Homepage: http://www.pootlepress.co.uk/ Software Link: http://downloads.wordpress.org/plugin/wp-predict.zip Version: 1.0 ===================== Vulnerability Details =====================...

WordPress Plugin WP-Predict 1.0 - Blind SQL Injection

WordPress Plugin WP-Predict 1.0 - Blind SQL Injection Exploit Title: WordPress WP-Predict v1.0 Blind SQL Injection Date: 7/9/12 Exploit Author: Chris Kellum Vendor Homepage: http://www.pootlepress.co.uk/ Software Link: http://downloads.wordpress.org/plugin/wp-predict.zip Version: 1.0...

WordPress WP Predict Plugin 1.0 - Blind SQL Injection

WP Predict plugin is prone to a Blind SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

Wordpress Plugins - WP-Predict v1.0 Blind SQL Injection

Exploit for php platform in category web applications Exploit Title: WordPress WP-Predict v1.0 Blind SQL Injection Date: 7/9/12 Exploit Author: Chris Kellum Vendor Homepage: http://www.pootlepress.co.uk/ Software Link: http://downloads.wordpress.org/plugin/wp-predict.zip Version: 1.0...

WordPress Plugin WP-Predict 1.0 - Blind SQL Injection

Exploit Title: WordPress WP-Predict v1.0 Blind SQL Injection Date: 7/9/12 Exploit Author: Chris Kellum Vendor Homepage: http://www.pootlepress.co.uk/ Software Link: http://downloads.wordpress.org/plugin/wp-predict.zip Version: 1.0 ===================== Vulnerability Details =====================...

NGS00194 Patch Notification: Nagios XI Network Monitor Blind SQL Injection

High Risk Vulnerability in Nagios XI Network Monitor 2 July 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in Nagios XI Network Monitor Impact: Nagios XI Network Monitor Blind SQL Injection Versions affected: Nagios XI Network Monitor 2011R1.9 An updated version of the...