91 matches found
CVE-2017-14990
WordPress 4.8.2 stores cleartext wpsignups.activationkey values but stores the analogous wpusers.useractivationkey values as hashes, which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access such as access gained through an unspecified...
Cory Support - (pr) Parameter SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit : Cory Support pr SQL Injection Vulnerability Author : v3n0m Contact : v3n0matoutlookdotcom Date : September, 06-2017 GMT +7:00 Jakarta, Indonesia Developer : Cory App Software : Cory Support App Link : http://coryapp.com/?product&inde...
Cory Support - pr SQL Injection
Cory Support - pr SQL Injection Exploit : Cory Support pr SQL Injection Vulnerability Author : v3n0m Contact : v3n0matoutlookdotcom Date : September, 06-2017 GMT +7:00 Jakarta, Indonesia Developer : Cory App Software : Cory Support App Link : http://coryapp.com/?product&index Demo :...
DEBIAN-CVE-2017-9432
Document Liberation Project libstaroffice before 2017-04-07 has an out-of-bounds write caused by a stack-based buffer overflow related to the DatabaseName::read function in lib/StarWriterStruct.cxx...
WordPress Plugin Wow Viral Signups 2.1 - SQL Injection
WordPress Plugin Wow Viral Signups 2.1 - SQL Injection Exploit Title: Wow Viral Signups v2.1 WordPress Plugin SQL Injection Date: 29/03/2017 Exploit Author: TAD GROUP Vendor Homepage: http://wow-company.com/ Software Link: https://wordpress.org/plugins/mwp-viral-signup/ Version: 2.1 Contact:...
Friends in War Make or Break 1.7 - 'imgid' SQL Injection
Exploit : Make or Break 1.7 imgid SQL Injection Vulnerability Author : v3n0m Contact : v3n0matoutlookdotcom Date : January, 09-2017 GMT +7:00 Jakarta, Indonesia Software : Make or Break Version : 1.7 Lower versions may also be affected License : Free Download :...
Design/Logic Flaw
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656...
CVE-2015-4305
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656...
Joomla com_memorix component - SQL Injection vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla commemorix component SQL Injection vulnerability Date: 13-08-2015 Software Link: N/A Exploit Author: Omar AbuHassan Contact: https://www.linkedin.com/pub/omar-abu-hassan/bb/600/960 CVE: N/A Category: webapps Version: All...
CVE-2012-1670
admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action...
CVE-2012-1670
The CVE describes an unauthenticated SQL database export vulnerability in PHP Grade Book (admin/index.php) present in versions before 1.9.5 BETA. The flaw allows an attacker to read/export the entire application database via the SaveSQL action, due to session handling that enables privileged acce...