3894 matches found
[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3
CVE-2015-1517 Piwigo - SQL Injection in Version 2.7.3 ---------------------------------------------------------------- Product Information: Software: Piwigo Tested Version: 2.7.3, released on 9 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link: http://piwigo.org/basics/downloads...
Piwigo 2.7.3 - SQL Injection
Piwigo 2.7.3 - SQL Injection CVE-2015-1517 Piwigo - SQL Injection in Version 2.7.3 ---------------------------------------------------------------- Product Information: Software: Piwigo Tested Version: 2.7.3, released on 9 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link:...
Piwigo 2.7.3 SQL Injection
CVE-2015-1517 Piwigo - SQL Injection in Version 2.7.3 ---------------------------------------------------------------- Product Information: Software: Piwigo Tested Version: 2.7.3, released on 9 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link: http://piwigo.org/basics/downloads...
ManageEngine ServiceDesk Plus (SDP) Multiple Vulnerabilities (Feb 2015)
ManageEngine ServiceDesk Plus SDP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MantisBT < 1.2.19, 1.3.x < 1.3.0-beta.2 Multiple Vulnerabilities
MantisBT is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
WordPress Photo Gallery 1.2.8 SQL Injection
CVE-2015-1393 Photo Gallery Wordpress Plugin - SQL Injection in Version 1.2.8 ---------------------------------------------------------------- Product Information: Software: Photo Gallery Wordpress Plugin Tested Version: 1.2.8, released on 15.01.2015 and has over half a million downloads...
WordPress Plugin Photo Gallery 'wp-admin/admin-ajax.php' SQL Injection Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin Photo Gallery 'wp-admin/admin-ajax.php'. Due to the program...
Softbb.net SoftBB 'redir_last_post_list.php' SQL Injection Vulnerability
Softbb.net SoftBB is a WEB based application. Softbb.net SoftBB 'redirlastpostlist.php' suffers from a SQL injection vulnerability that allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...
Osclass 'alert' Parameter SQL Injection Vulnerability
OSClass is a PHP MySQL based development , used to create and manage classified ads website open source system . The Osclass 'alert' parameter suffers from a SQL injection vulnerability because it fails to adequately filter user-supplied data before using it in a SQL query. Allows an attacker to...
Humhub 0.10.0-rc.1 - SQL Injection
Exploit Title: Humhub condition is injected with the otherwise unsanitized $lastEntryId, which can be any SQL injection. Proof of Concept: Performing the following request index.php?r=notification/list/index&from=999 AND CASE WHEN 0x30SELECT substringpassword,1,1 FROM userpassword WHERE id = 1 TH...
WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download
WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download Exploit Title: Wordpress CodeArt Google MP3 Player plugin - File Disclosure Download Google Dork: inurl:/wp-content/plugins/google-mp3-audio-player/directdownload.php?file= Date: 02/12/2014 Exploit Author: QK14 Team Vendor...
WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download
Exploit Title: Wordpress CodeArt Google MP3 Player plugin - File Disclosure Download Google Dork: inurl:/wp-content/plugins/google-mp3-audio-player/directdownload.php?file= Date: 02/12/2014 Exploit Author: QK14 Team Vendor Homepage: https://wordpress.org/plugins/google-mp3-audio-player/ Software...
Greenbone OS SQL Injection Vulnerability
GreenboneOS is prone to a SQL injection vulnerability SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:greenbone:greenboneos";...
WordPress SP Client Document Manager 2.4.1 SQL Injection Vulnerability
WordPress SP Client Document Manager plugin version 2.4.1 suffers from multiple remote SQL injection vulnerabilities. Vulnerability title: Multiple SQL Injection in SP Client Document Manager plugin Plugin: SP Client Document Manager Vendor: http://smartypantsplugins.com Product:...
某通用型校园校务系统SQL注入之二
简要描述: boom!!! 详细说明: 厂商:南京苏亚星资讯科技开发有限公司 漏洞位于:/SM2005/jiaoshi/InfoSet/Left.asp?id= id参数没有过滤,导致注射。 直接访问http://www.sdwhys.com/SM2005/jiaoshi/InfoSet/ 有个越权报错,查看源代码可以拼接成注入链接 百度关键字:/SM2005 列举5个案例证明通用性: http://www.sdwhys.com/SM2005/jiaoshi/InfoSet/Left.asp?id=0 Place: GET Parameter: id Type: stacked...
CVE-2012-5243
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request...
Design/Logic Flaw
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account...
CVE-2014-6043
ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000...
CVE-2014-6043
CVE-2014-6043 affects ZOHO ManageEngine EventLog Analyzer (versions 9.0 build 9002 and 8.2 build 8020). The issue is improper restriction of access to the database browser, allowing remote authenticated users to access the database via a direct request to event/runQuery.do. Fixed in Build 10000. ...
CVE-2014-5504
SolarWinds Log and Event Manager before 6.0 uses "static" credentials, which makes it easier for remote attackers to obtain access to the database and execute arbitrary code via unspecified vectors, related to HyperSQL...