3898 matches found
CVE-2018-1000558
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted...
UBUNTU-CVE-2018-1000558
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted...
CVE-2018-1000558
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted...
CVE-2018-1000558
CVE-2018-1000558 affects OCS Inventory NG, specifically the ocsreports component in versions 2.4 and 2.3.1. The vulnerability is a SQL Injection in the web search functionality that, when exploited by an authenticated attacker, can result in full access to data stored in the database. The vulnera...
CVE-2018-1000558
OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted...
Joomla! com_regionalm Icta Regional Museum SQL Injection Vulnerability
Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A SQL injection vulnerability exists in Joomla! comregionalm Icta Regional Museum, which can be exploited by attackers to obtain sensitive information from the database...
Unauthenticated Privileged Directory Traversal in IPConfigure Orchid Core VMS(CVE-2018-10956)
Affected Software: IPConfigure Orchid Core VMS All versions 2.0.6, tested on Linux and Windows Vulnerability: Unauthenticated Privileged Directory Traversal CVE: CVE-2018-10956 Impact: Arbitrary File Read Access Metasploit module:...
CVE-2018-12335
Incorrect access control in ECOS System Management Appliance aka SMA 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment...
CVE-2018-12335
Incorrect access control in ECOS System Management Appliance aka SMA 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment...
CVE-2018-12335
CVE-2018-12335 affects ECOS System Management Appliance (SMA) 5.2.68. Root cause: improper access control allowing unrestricted database access during Easy Enrollment. Consequence: an attacker could compromise authentication keys and access/manipulate security-related configurations. Public detai...
WordPress Plugin Google Map 4.0.4 - SQL Injection
WordPress Plugin Google Map 4.0.4 - SQL Injection Title: WordPress Google Map Plugin getresults Vulnerable Variable: $GET'order' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin.php?page=wpgmpmanagelocation&orderby=locationaddress&order=asc PROCEDURE...
WordPress Plugin Ultimate Form Builder Lite < 1.3.7 - SQL Injection
Title: WordPress Ultimate Form Builder Lite Plugin getrow Vulnerable Variable: $POST'entryid' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php Vulnerable POST body: entryid=ExploitCodeHere&wpnonce=xxx&action=ufblgetentrydetailaction Disclosure Timeline 2018/06/01 Vulnerabilities...
WordPress Plugin Google Map < 4.0.4 - SQL Injection
Title: WordPress Google Map Plugin getresults Vulnerable Variable: $GET'order' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin.php?page=wpgmpmanagelocation&orderby=locationaddress&order=asc PROCEDURE ANALYSEEXTRACTVALUE4242,CONCAT0x42,BENCHMARK42000000,MD50x42424242,42 SQL injection...
SQL Injection Vulnerability in Website Building System of Guangdong Shunde Deyun Network Technology Co.
Guangdong Shunde Deyun Network Technology Co., Ltd. is a marketing company relying on the Internet, focusing on practical Internet planning and in-depth marketing. There is a SQL injection vulnerability in the website building system of Guangdong Shunde Deyun Network Technology Co. Attackers can...
WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Vulnerability
Exploit for php platform in category web applications Title: WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Author: Neven Biruski Software: WordPress Contact Form Maker plugin Software link: https://wordpress.org/plugins/contact-form-maker/ Version: 1.12.20 and below The easiest way ...
Feedy RSS News Ticker 'cat' SQL Injection Vulnerability
Feedy is a news courier for websites that are responsive to their users. An SQL injection vulnerability exists in Feedy RSS News Ticker 'cat'. An attacker can exploit the vulnerability to gain access to sensitive database information...
NewsBee CMS 'download.php' SQL Injection Vulnerability
NewsBee CMS is a news website CMS Content Management System. A SQL injection vulnerability exists in NewsBee CMS 'download.php'. An attacker can exploit the vulnerability to obtain sensitive information from the database...
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection Title: WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Date: 2018-06-07 Author: Neven Biruski Software: WordPress Contact Form Maker plugin Software link: https://wordpress.org/plugins/contact-form-maker/ Version: 1.12.20 and...
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection
Title: WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Date: 2018-06-07 Author: Neven Biruski Software: WordPress Contact Form Maker plugin Software link: https://wordpress.org/plugins/contact-form-maker/ Version: 1.12.20 and below The easiest way to reproduce the SQL injection...
WordPress Plugin Form Maker 1.12.24 - SQL Injection
Title: WordPress Form Maker Plugin 1.12.24 - SQL Injection Date: 2018-06-07 Author: Neven Biruski Software: WordPress Form Maker plugin https://wordpress.org/plugins/form-maker/ Version: 1.12.24 and below Vendor Status: Vendor contacted, update released The easiest way to reproduce the SQL...