87 matches found
chCounter indirect SQL Injection and XSS Vulnerabilities
No description provided by source. Exploit Title: chCounter indirect SQL Injection and XSS Vulnerabilities Date: 29.04.2010 Author: Valentin Category: webapps/0day Version: 3.1.1 Tested on: Debian, Apache2, PHP5, MySQL5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1...
Flying Dog Software Powerslave 4.3 Portalmanager sql_id Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8659/info It has been reported that Powerslave Portalmanager is prone to an information disclosure issue that may allow remote attackers to gain access to sensitive information about the underlying database structure. The...
phpMyAdmin 3.4.x < 3.4.11.1 / 3.5.x < 3.5.2.2 Multiple XSS (PMASA-2012-4)
According to its self-identified version number, the phpMyAdmin install hosted on the remote web server is affected by multiple cross-site scripting vulnerabilities. Using a crafted table name, it's possible to produce the issue with the following pages / conditions : - The Database Structure pag...
DEBIAN-CVE-2012-4345
Multiple cross-site scripting XSS vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 a crafted table name during table creation, or a 2 Empty link or 3 Drop link...
CVE-2012-4345
Multiple cross-site scripting XSS vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 a crafted table name during table creation, or a 2 Empty link or 3 Drop link...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 a crafted table name during table creation, or a 2 Empty link or 3 Drop link...
CVE-2012-4345
Multiple cross-site scripting XSS vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via 1 a crafted table name during table creation, or a 2 Empty link or 3 Drop link...
FreeBSD : phpMyAdmin -- Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages (db1d3340-e83b-11e1-999b-e0cb4e266481)
The phpMyAdmin development team reports : Using a crafted table name, it was possible to produce a XSS : 1 On the Database Structure page, creating a new table with a crafted name 2 On the Database Structure page, using the Empty and Drop links of the crafted table name 3 On the Table Operations...
Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages.
PMASA-2012-4 Announcement-ID: PMASA-2012-4 Date: 2012-08-16 Summary Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages. Description Using a crafted table name, it was possible to produce a XSS : 1 On the Database Structure page, creating a new table with a...
phpMyAdmin -- Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages
The phpMyAdmin development team reports: Using a crafted table name, it was possible to produce a XSS : 1 On the Database Structure page, creating a new table with a crafted name 2 On the Database Structure page, using the Empty and Drop links of the crafted table name 3 On the Table Operations...
United States Census Bureau Hacked and Vulnerability Exposed
United States Census Bureau Hacked and Vulnerability Exposed A Group of Hackers from r00tw0rm found SQL injection Vulnerability on United States Census Bureau,0x3a,user\,0x3a,database\,4,5,groupconcat\tablename+from+informationschema.tables--+ and Hackers successfully exploit the Database and...
Open Source MySQL Injection: sqlsus
sqlsus is an open source MySQL injection and takeover tool, written in perl. Via a command line interface, you can retrieve the databases structure, inject your own SQL queries even complex ones, download files from the web server, crawl the website for writable directories, upload and control a...
Blizzard's Mobile Server Database Exposed by Warv0x (AKA Kaihoe)
Blizzard's Mobile Server Database Exposed byWarv0x AKA Kaihoe Warv0x AKA Kaihoe Hacker today expose the Database structure of one of the biggest Company "Blizzard Mobile ". The exposed data can be seen on a pastebin link. DATABASES EXPOSED LIST : admin egw glpi informationschema lost+found...
Information disclosure
DISPUTED Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web application is configured to use a DBMS, allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file. NOTE: the vendor disputes the significance of this issue because...
PT-2011-2597 · Adobe · Coldfusion
Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions 9.0.1 CHF1 and earlier Description: The issue allows remote attackers to obtain potentially sensitive information about the database structure via an id=- query to a .cfm file when a web application is configured to...
CGI Generic 2nd Order SQL Injection Detection (potential)
By calling discovered CGIs with previously gathered values, SQL error messages were induced. This could be a result of transient SQL failure : However, even if the application is not vulnerable to an injection, SQL error messages often reveal the structure of the database and query information...
chCounter - indirect SQL Injection Cross-Site Scripting
chCounter - indirect SQL Injection Cross-Site Scripting Exploit Title: chCounter indirect SQL Injection and XSS Vulnerabilities Date: 29.04.2010 Author: Valentin Category: webapps/0day Version: 3.1.1 Tested on: Debian, Apache2, PHP5, MySQL5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1...
PT-2009-29: Tribiq CMS Multiple Vulnerabilities
Tribiq CMS is a content management system CMS software, usually implemented as a Web application, for creating and managing HTML content. It is used to manage and control a large, dynamic collection of Web material HTML documents and their associated images. Vulnerability Description Positive...
CVE-2008-0191
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure...
Design/Logic Flaw
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure...