CVE-2015-4395

The CVE-2015-4395 affects the HybridAuth Social Login module for Drupal (7.x-2.x) prior to 7.x-2.10. The underlying issue is that when the option “Ask user for a password when registering” is enabled, passwords are stored in plaintext, allowing remote authenticated users with certain permissions ...

WordPress Users Ultra Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed in the PHP language that supports personal blog sites on servers running PHP and MySQL.Users Ultra is a plugin for creating user communities. The WordPress Users Ultra ratings module wp-admin/admin-ajax.php script fails to adequately filter the...

ISPConfig 'monitor/show_sys_state.php' SQL Injection Vulnerability

ISPConfig is a set of Linux-based open source hosting control panel, it can be used through the Web control panel to manage multiple servers, open a Web site, monitor server operating conditions and so on. The ISPConfig monitor/showsysstate.php script handles the 'server' parameter with a SQL...

Drupal Novalnet Payment Module SQL Injection Vulnerability

Drupal is a free and open source content management system developed in PHP.Novalnet Payment is a payment module. Drupal Novalnet Payment has a SQL injection vulnerability due to the program failing to adequately filter user-supplied input. The vulnerability allows remote attackers to submit...

IBM PowerVC Elevation of Privilege Vulnerability

IBM PowerVC is a suite of virtualization management solutions. The solution supports virtual system management, virtual image management and deployment, and virtual workload management. The IBM PowerVC ceilometer NoSQL database does not require authentication to be performed, and an elevation of...

SQL injection vulnerability in the sdate parameter in Ticketmaster ERP web-based ticketing system/Json_db/other_report.aspx?its=11&dfs=0&jq=0&sdate=.

Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...

SQL injection vulnerability in the id parameter in Ticketmaster ERP web-based ticketing system/Visa/gjqz_add.aspx?id=.

Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...

SQL injection vulnerability in the sd parameter in Ticketmaster ERP web-based ticketing system/Json_db/flight_zhekou.aspx?sd=.

Ltd. Ticketmaster ERP management system is a special ticket management system for air ticket agents, integrating online booking management, telephone recording screen, corporate travel management, order management in the same industry, membership management, points management, SMS sending, staff...

WordPress Plugin Landing Pages SQL Injection Vulnerability

WordPress is a set of blogging platform developed using the PHP language, support for setting up personal blog sites on PHP and MySQL servers.NewStatPress is a plugin for website access statistics management. A SQL injection vulnerability exists in the WordPress plugin Landing Pages. The...

Milw0rm Clone Script 'related.php' SQL Injection Vulnerability

The Milw0rm Clone Script is a script for sharing and managing vulnerability categorization in the Milw0rm website. A SQL injection vulnerability exists in Milw0rm Clone Script, which allows remote attackers to exploit the vulnerability to submit specially crafted SQL queries to manipulate or obta...

IBM Security SiteProtector System SQL Injection Vulnerability

The IBM Security SiteProtector System is a centralized management system that unifies the management and analysis of network, server and endpoint security agents and devices. A SQL injection vulnerability exists in IBM Security SiteProtector System, which allows remote attackers to exploit the...

Unspecified SQL Injection Vulnerability in WordPress Plugin FeedWordPress

WordPress is a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up personal blog site.FeedWordPress is a WordPress Atom/RSS aggregator. An unspecified SQL injection vulnerability exists in the WordPress plugin FeedWordPress. An attacker ca...

53KF某后台MySQL盲注(root)

简要描述： 53KF某后台MySQL盲注root 详细说明： 注射点： POST /check.php HTTP/1.1 Content-Length: 166 Content-Type: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Referer: http://hlm.53kf.com Host: hlm.53kf.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 iPhone; CP...

AlienVault OSSIM NBE Protocol SQL Injection Vulnerability

AlienVault OSSIM or Open Source Security Information Management is a popular open source security management system. AlienVault OSSIM handles the NBE protocol with an SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries ...

HybridAuth Social Login - Less Critical - Information Disclosure - SA-CONTRIB-2015-097

HybridAuth Social Login module enables you to allow visitors to authenticate or login to a Drupal site using their identities from social networks like Facebook or Twitter. The module may store user passwords in plain text. This vulnerability is mitigated by the fact that the option "Ask user for...

Dotproject SQL Injection Vulnerability

Dotproject is a set of Web-based project management and tracking tools. The tool provides modules for company management, project management and task progress tracking. A SQL injection vulnerability exists in Dotproject, which originates from the program failing to adequately filter user-submitte...

PHPKIT SQL Injection Vulnerability

PHPKIT is a Web-based content management system CMS. The system provides forums, message boards and other modules. A SQL injection vulnerability exists in the PHPKI b-day.php script, which originates from the program failing to adequately filter user-submitted input before constructing SQL query...

KLA10502 Multiple vulnerabilities in BACnet OPC Server

Multiple critical vulnerabilities have been found in BACnet OPC Server. Malicious users can exploit these vulnerabilities to execute arbitrary files and read&write local database. Below is a complete list of vulnerabilities 1. An unknwon vulnerabilities can be exploited remotely via unknown vecto...

BACnet OPC Server Authentication Vulnerability

BACnet OPC Server provides data access, alerts, and access to event and historical data between OPC clients and BACnet-compatible devices. BACnet OPC Server has a security vulnerability that can be exploited by an attacker to insert, read, and delete arbitrary items in the database...

ProjectSend r561 SQL Injection Vulnerability

ProjectSend is a WEB-based application. ProjectSend suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...