SQLMap v1.4.9 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

Mail.ru: Ability to find out the name of the database table and its columns

Verbose errors were not disabled on api.iconjob.co An attacker can learn the name of a database table and its columns from an error message. This can help implement other SQL injection type attacks...

SQLMap v1.4 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

SQLMap v1.3.10 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

SQLMap v1.3.8 - Automatic SQL Injection And Database Takeover Tool

SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...

Pydio Cells Information Disclosure Vulnerability

Pydio Cells is a transitional application for managing files on a Pydio Cells 1.2.X server. An information disclosure vulnerability exists in versions of Pydio Cells prior to 1.5.0, which stems from Pydio Cells failing to properly handle a Name field that is not in the expected Unicode format and...

CVE-2019-0278

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration Messaging System, fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure...

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename...

CVE-2018-19970

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name...

CVE-2016-8611

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...

UBUNTU-CVE-2016-8611

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...

Design/Logic Flaw

A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 /images API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation...

CSV Import Export 1.1.0 - SQL Injection Cross-Site Scripting

CSV Import Export 1.1.0 - SQL Injection Cross-Site Scripting Exploit Title: CSV Import & Export v1.1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/csv-import-export/2110550...

WordPress BulletProof Security Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Software Foundation, which supports setting up personal blog sites on PHP and MySQL servers.BulletProof Security is one of the security plug-ins against brute-force cracking. A cross-site scripting vulnerability exists in the...

CVE-2016-4383

An immutability flaw was discovered in openstack-glance, where the glance-manage DB allows deleted image IDs to be reassigned. The flaw could be exploited to allow remote authenticated users to cause other users to boot into a malicious image without knowing it. Mitigation For this flaw to be...

Rockstar Games: Table and Column Exposure

In this report, the researcher found an error message on our Careers page that exposed database table names. If an injection vulnerability had also existed there, this information could have helped an attacker carry out attacks. In response, we cleaned up the error message so that it still gives...

CVE-2016-1317

Cisco Unified Communications Manager 11.50.98000.480 allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098...

CVE-2016-1317

Cisco Unified Communications Manager 11.50.98000.480 allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098...

CVE-2016-1317

Cisco Unified Communications Manager 11.50.98000.480 allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098...

WordPress Plugin User Meta Manager 3.4.6 - Information Disclosure

Exploit Title: WordPress User Meta Manager Plugin Information Disclosure Discovery Date: 2015-12-28 Public Disclosure Date: 2016-02-01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://jasonlau.biz/home/ Software Link:...