21 matches found
Achievo <= 1.3.4 - SQL Injection
No description provided by source. Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL:...
Apache OFBiz - SQL Remote Execution PoC Payload
No description provided by source. / Apache OFBiz SQL Remote Execution PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var cmd = 'command'; var xmlhttp=false; try xmlhttp = new ActiveXObjectMsxml2.XMLHTTP; catch e...
Apache OFBiz - FULLADMIN Creator PoC Payload
No description provided by source. / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes =...
TornadoStore 1.4.3 SQL Injection
Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple SQL Injection in TornadoStore 1.4.3 1. Advisory Information Title: Multiple SQL Injection in TornadoStore 1.4.3 Advisory ID: BONSAI-2010-0106 Advisory URL:...
Cacti 0.8.7e - SQL Injection
Cacti 0.8.7e - SQL Injection CVSSv2 Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C A Vulnerability has been discovered in Cacti, which can be exploited by any user to conduct SQL Injection attacks. Input passed via the “exportitemid” parameter to “templatesexport.php” script is not properly sanitized before...
Cacti 0.8.7e - SQL Injection
CVSSv2 Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C A Vulnerability has been discovered in Cacti, which can be exploited by any user to conduct SQL Injection attacks. Input passed via the “exportitemid” parameter to “templatesexport.php” script is not properly sanitized before being used in a SQL query...
Cacti 0.8.7e - OS Command Injection
CVSSv2 Score: 9 AV:N/AC:L/Au:S/C:C/I:C/A:C Cacti is prone to a remote command execution vulnerability because the software fails to adequately sanitize user-suplied input. Successful attacks can compromise the affected software and possibly the operating system running Cacti. The vulnerability ca...
Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities
Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Apache OFBiz 1. Advisory Information Title: Multiple XSS in Apache OFBiz Advisory ID: BONSAI-2010-0103 Advisory URL:...
Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities
Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Apache OFBiz 1. Advisory Information Title: Multiple XSS in Apache OFBiz Advisory ID: BONSAI-2010-0103 Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php Date...
Apache OFBiz - Remote Execution (via SQL Execution)
Apache OFBiz - Remote Execution via SQL Execution / Apache OFBiz SQL Remote Execution PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var cmd = 'command'; var xmlhttp=false; try xmlhttp = new...
Apache OFBiz FULLADMIN Creator PoC Payload
Exploit for multiple platform in category remote exploits ========================================== Apache OFBiz FULLADMIN Creator PoC Payload ========================================== / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com...
Apache OFBiz SQL Remote Execution PoC Payload
Exploit for multiple platform in category remote exploits ============================================= Apache OFBiz SQL Remote Execution PoC Payload ============================================= / Apache OFBiz SQL Remote Execution PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at-...
Apache OFBiz - Remote Execution (via SQL Execution)
/ Apache OFBiz SQL Remote Execution PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var cmd = 'command'; var xmlhttp=false; try xmlhttp = new ActiveXObject"Msxml2.XMLHTTP"; catch e try xmlhttp = new...
Apache OFBiz - Admin Creator
/ Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes = document.getElementsByClassName'fieldWidth300'; for var i=0;...
Apache OFBiz - Admin Creator
Apache OFBiz - Admin Creator / Apache OFBiz FULLADMIN Creator PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var username = 'bonsaiUser'; var password = 'bonsaiPass'; var nodes =...
Achievo 1.3.4 - Cross-Site Scripting
Achievo 1.3.4 - Cross-Site Scripting Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Achievo 1. Advisory Information Title: Multiple XSS in Achievo Advisory ID: BONSAI-2009-0101 Advisory URL:...
Achievo <= 1.3.4 SQL Injection
No description provided by source. Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL:...
Achievo SQL Injection
Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt Date published:...
Achievo <= 1.3.4 xss
No description provided by source. Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ Multiple XSS in Achievo 1. Advisory Information Title: Multiple XSS in Achievo Advisory ID: BONSAI-2009-0101 Advisory URL:...
Achievo 1.3.4 - SQL Injection
Bonsai Information Security - Advisory http://www.bonsai-sec.com/research/ SQL Injection in Achievo 1. Advisory Information Title: SQL Injection in Achievo Advisory ID: BONSAI-2009-0102 Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/achievo-sql-injection-0102.txt Date published:...