129 matches found
CVE-2017-11355
Multiple cross-site scripting XSS vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to the main page; the 2 beanReference parameter to the JavaBean viewer page; or the 3 pyTableName to the System database schema...
PEGA Platform 7.2 ML0 - Missing Access Control Cross-Site Scripting
PEGA Platform 7.2 ML0 - Missing Access Control Cross-Site Scripting Summary ======= 1. Missing access control CVE-2017-11356 2. Multiple cross-site scripting CVE-2017-11355 Vendor ====== "Pegasystems Inc. is the leader in software for customer engagement and operational excellence. Pega’s adaptiv...
Personify360 7.5.2/7.6.1 - Improper Database Schema Access Restrictions
Exploit Title: Discover all tables and columns in database when creating new customer role Date: 3/29/2017 Exploit Author: Pesach Zirkind Vendor Homepage: https://personifycorp.com/ Version: 7.5.2 - 7.6.1 Tested on: Windows all versions CVE : CVE-2017-7314 Category: webapps 1. Description Any...
[SECURITY] Fedora 22 Update: mirrormanager-1.4.4-5.fc22
MirrorManager tracks all the content provided on a master mirror server, and that of all public and private mirrors of that content. This package contains the application server, database schema and hosted tools...
[SECURITY] Fedora 24 Update: mirrormanager-1.4.4-5.fc24
MirrorManager tracks all the content provided on a master mirror server, and that of all public and private mirrors of that content. This package contains the application server, database schema and hosted tools...
citrix xencenterweb (xss/sql/rce) Multiple Vulnerabilities
No description provided by source. Secure Network - Security Research Advisory Vuln name: Citrix XenCenterWeb Multiple Vulnerabilities Systems affected: Citrix XenCenterWeb Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL: http://www.citrix.com Authors: Alberto Trivero...
Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database
SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database. Functions SQL Injection Operation System Function Dump Database Extract Database Schema Search Columns Name Read File read only Create File read only Brute Table & Column Download Simple SQLi Dumper v5....
Rarlab.com SQL Injection
MurderSkillz rarlab.com Home of winrar! = Here is your sql injection =P exposes tableschema - tablename - columnname I am NOT responsible for any stupidity or damage! Learn skiddies! = Fix your shit winrar...
CVE-2006-3610
index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to obtain sensitive information partial database schema via a modified pagename parameter, which reflects portions of an SQL query in the result. NOTE: it is not clear whether the information is target-specific. If not, then this...