WP Ultimate CSV Importer <= 3.6.74 - Database Table Export

Due to lack of verification of a visitors permissions, it is possible to execute the ‘export.php’ script included in the default installation of this plugin, and retrieve the full contents of the user table in the WordPress installation. This results in full disclosure of usernames, hashed...

PHPFox Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CNA primary MITRE Corporation cve-assign \NOSPAM\ mitre \NOSPAM\ org Software Vendors http://moxi9.com/phpfox Product: PhpFox Version: ALL Research Wesley Henrique Leite wesleyhenrique \NOSPAM gmail \NOSPAM// com + INFORMATION Vendor Notified :...

PHPFox - Persistent Cross-Site Scripting

Exploit Title: PHPFox XSS AdminCP Date: 2014-10-22 Exploit Author: Wesley Henrique Leite aka "spyk2r" Vendor Homepage: http://www.moxi9.com Version: All version CVE : CVE-2014-8469 Response Vendor: fixed 2014-10-23 to v4 Beta + DESCRIPTION The system stores all urls accessed in a database table,...

MGASA-2014-0420 Updated phpmyadmin package fixes security vulnerability

In phpMyAdmin before 4.1.14.6, with a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries CVE-2014-8326...

ThinkSNS某操作泄露数据库表前缀

简要描述： ThinkSNS某操作提交地址直接返回执行的SQL语句可获得数据库表前缀（影响不大） 详细说明： http://demo.thinksns.com/t3/index.php?app=public&mod=Account&act=doSaveProfile 个人设置的标签设置和基本信息 此提交地址 每次提交数据 返回时都将DB层SQL语句返回 可知网站数据表前缀 漏洞证明： http://demo.thinksns.com/t3/index.php?app=public&mod=Account&act=doSaveProfile...

IBM DB2 10.1 < Fix Pack 3 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 10.1 running on the remote host is affected by the following vulnerabilities : - A stack-based buffer overflow error exists related to input validation in the Audit facility and could lead to privilege escalation and denial of service attacks...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Logging. NOTE: the previous information is from the July 2013 CPU. Oracl...

CVE-2013-3749

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors related to Logging. NOTE: the previous information is from the July 2013 CPU. Oracl...

One dedecms variable coverage holes of the wretched use of the method-vulnerability warning-the black bar safety net

The most recent dedecms variable coverage holes, and finally can control the global variables, but can not completely control $GLOBALS$v1 .= $v2; Note that there is a sliding scale, is in an initialized global variable content on a sliding scale the content. It has now been disclosed the exploit...

hiweb cms background more permissions bypass-vulnerability warning-the black bar safety net

HIWEB is an entire Station management system, many schools in use this to take the station. But this cms background the presence of many of the permissions to bypass the problem. 1. http://xxxx/hiwebcms/system/USER/ You can directly see all the background user information 2...

Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities

Exploit for php platform in category web applications +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Drupal CMS 7.12 latest stable release Multiple Vulnerabilities Date :...

CVE-2011-3265

popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter...

Parliament Of Botswana hacked by V0iD

Parliament Of Botswana hacked by V0iD V0iD hacker again strike with Parliament Of Botswana . Hacker Releases the database table information and Admin users login details at . Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post...

Wind noise 4. 0 registered page exploit-vulnerability warning-the black bar safety net

Keywords: inurl:User/Regservice. asp The wind noise the registration page... Vulnerability page:/user/SetNextOptions. asp Use method: Constructor injection user/SetNextOptions. asp? sType=1&EquValue=aaaa&SelectName=aaa&ReqSql=select+1,adminname,3,4,5,6,7,8++from+FSMFAdmin “adminname” admin user...

MyHobbySite 1.01 SQL Injection / Authentication Bypass Vulnerability

Exploit for php platform in category web applications ==================================================================== MyHobbySite 1.01 SQL Injection / Authentication Bypass Vulnerability ==================================================================== Exploit Title: MyHobbySite 1.01 SQL...

Billwerx RC 3.1 XSS / SQL Injection

Billwerx RC v3.1 Multiple Vulnerabilities Found By: mrme Download: http://www.billwerx.com/download.php Tested On: Windows Vista Note: For educational purposes only XSS POC: A regular employee can embed javascript code that could be executed within the context of the admin's browser. If the user...

Billwerx RC v3.1 Multiple Vulnerabilities

No description provided by source. Billwerx RC v3.1 Multiple Vulnerabilities Found By: mrme Download: http://www.billwerx.com/download.php Tested On: Windows Vista Note: For educational purposes only XSS POC: A regular employee can embed javascript code that could be executed within the context o...

Billwerx RC 3.1 - Multiple Vulnerabilities

Billwerx RC v3.1 Multiple Vulnerabilities Found By: mrme Download: http://www.billwerx.com/download.php Tested On: Windows Vista Note: For educational purposes only XSS POC: A regular employee can embed javascript code that could be executed within the context of the admin's browser. If the user...

Billwerx RC 3.1 - Multiple Vulnerabilities

Billwerx RC 3.1 - Multiple Vulnerabilities Billwerx RC v3.1 Multiple Vulnerabilities Found By: mrme Download: http://www.billwerx.com/download.php Tested On: Windows Vista Note: For educational purposes only XSS POC: A regular employee can embed javascript code that could be executed within the...

CVE-2008-7186

Coppermine Photo Gallery CPG 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504...