235 matches found
CVE-2018-5709
An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. There is a variable "dbentry-nkeydata" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect...
CVE-2018-5709
An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. There is a variable "dbentry-nkeydata" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect...
CVE-2018-5709
An issue was discovered in MIT Kerberos 5 aka krb5 through 1.16. There is a variable "dbentry-nkeydata" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect...
eClinicalWorks healow@work SQL Injection Vulnerability
eClinicalWorks healow@work is a product for healthcare applications from eClinicalWorks, Inc. that provides a set of platforms for physicians to share health records. An SQL injection vulnerability exists in the EmployeePortalServlet page in eClinicalWorks healow@work version 8.0 build 8. An...
ok.ru: [insideok.ru] Database Dump
http://insideok.ru/db.sql Внутри - учётки админов на 2016 год. -- Хост: localhost -- Время создания: Сен 03 2016 г., 12:00 -- Версия сервера: 5.5.47-cll-lve -- Версия PHP: 5.4.45 Структура таблицы users CREATE TABLE IF NOT EXISTS users id int11 unsigned NOT NULL, █████ ███████ ███████ ██████████...
Pornhub: Unsecured DB instance
The researcher identified vulnerable OrientDB server instances on our infrastructure. The DB servers were found to be vulnerable to script based remote code execution leading to privilege escalation. Two servers running OrientDB were identified, with default login/password combinations. Upon...
Uber: SQL Injection on sctrack.email.uber.com.cn
Hi, Uber Security team I just traveled to China, when I call Uber in China. I received an advertisement mail from Uber and I found the unsubscribe link is different from the original unsubscribe link, and there is a SQL Injection under the unsubscribe link. You can see where to find the unsubscri...
WordPress Simple Backup 2.7.11 Plugin - Multiple Vulnerabilities
Exploit for php platform in category web applications Meta information Exploit Title: Wordpress plugin simple-backup - Multiple vulnerabilities Date: 2016-06-02 Exploit Author: PizzaHatHacker A gmail . com Vendor Homepage: DEAD LINK https://wordpress.org/plugins/simple-backup/ Software Link: DEAD...
LimeSurvey 2.05x < 2.06+ Multiple Vulnerabilities
LimeSurvey is prone to multiple vulnerabilities SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:limesurvey:limesurvey"; if...
Rig Exploit Kit Source Code Leaked
A spitting match between developers of the Rig Exploit Kit and one of its resellers resulted in a partial leak of the kit’s source code in a hacker forum. Rig is less than a year old and is spread primarily in malvertising campaigns, pushing Flash, Java and Microsoft Silverlight exploits; some...
建站之星Sitestar设计缺陷可dump数据库(有条件)
简要描述: 有条件的缺陷。 详细说明: 还是短文件名的问题,这种设计就是一个缺陷。 首先看下默认情况备份以后的文件名,每次备份会产生两个文件 一个为sql,一个是经过压缩的zip backup20140816134106v1.sql backup20140816134106v.zip 可以看到是 backup日期时间v 这样的结构 超过了9个字符,可以利用短文件名漏洞 只要管理员备份过文件,就可以利用 backup1.zip backup1.sql 漏洞证明:...
FengCMS的CSRF漏洞可导致数据库被dump
简要描述: 重要功能未进行csrf token验证导致可被脱裤 详细说明: 后台管理中的数据备份功能未进行csrf token验证。 攻击者制作内容如下的csrf.php并放到attacker.com下面: 随后将http://attacker.com/csrf.php这个URL发送给受害者(网站管理员)。如果管理员在打开该URL时处于登录状态就会以管理员的身份像目标服务器发送备份数据库的请求: ?controller=dbmanage&operate=save&type=0...
plexusCMS 0.5 - XSS Remote Shell Exploit & Credentials Leak
No description provided by source. Exploit Title: plexusCMS 0.5 XSS Remote Shell Exploit Google Dork: allinurl: plx-storage Date: 22.02.2013 Exploit Author: neglomaniac Vendor Homepage: http://plexus-cms.org/ Version: 0.5 --- FILES backdoor.php simple commend execute backdoor commands.txt list of...
plexusCMS 0.5 - Cross-Site Scripting / Remote Shell / Credentials Leak
Exploit Title: plexusCMS 0.5 XSS Remote Shell Exploit Google Dork: allinurl: plx-storage Date: 22.02.2013 Exploit Author: neglomaniac Vendor Homepage: http://plexus-cms.org/ Version: 0.5 --- FILES backdoor.php simple commend execute backdoor commands.txt list of useful commands for owning remote...
CVE-2013-5694 Blind SQL Injection in Ops View
CVE-2013-5694 Blind SQL Injection in Ops View Versions: Opsview pre 4.4.1 Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Blind SQL Injection in OpsView Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsview is a systems management software built on ope...
Opsview pre 4.4.1 - Blind SQL Injection
Opsview pre 4.4.1 - Blind SQL Injection CVE-2013-5694 Blind SQL Injection in Ops View Versions: Opsview pre 4.4.1 Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Blind SQL Injection in OpsView Date published: 2013-10-28 Vendor contacted: 2013-09-04 II. BACKGROUND Opsview is a...
Information disclosure
The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for 1 a configuration file, 2 a database dump, or 3 the Tomcat status context...
Backupbuddy 2.2.4 Sensitive Data Exposure
Backupbuddy - sensitive data exposure in importbuddy.php "the premiere WordPress backup plugin to backup, restore and move WordPress" http://ithemes.com/purchase/backupbuddy/ known versions affected: v1.3.4, v2.1.4, v2.2.25, v2.2.28, v2.2.4, likely other versions also impact: access to wordpress...
Hacker breach President of Sri Lanka website
Official website of President of Sri Lanka president.gov.lk breached by hacker going by name "Broken-Security", using Blind Sql Injection vulnerability. Vulnerability also posted by hacker on a pastebin note with database dump including table and column names. Dump include the Username and...
Hacker dump database from US Government and Military websites
Internet Activist and collective hacker group "NullCrew" released a huge dump of 7,000 names-passwords database from US Government websites and 2000 names-passwords database from Military websites. Hacker claimed to hack into five websites, including Montana's Official State Website, United...