PHP-Nuke Classifieds Module - 'Details' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27930/info The Classifieds module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an...

Wordpress plugin Ripe HD FLV Player SQL Injection Vulnerability

No description provided by source. ------------------------------------------------------------------- Wordpress plugins - ripe-hd-player FD/SQL Injection Vulnerability ------------------------------------------------------------------- Vendor: http://www.hitasoft.com/products.php Author = Zikou-...

DSCounter 1.2 Index.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17112/info DSCounter is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow...

Geeklog <= 1.5.2 - savepreferences()/*blocks[] SQL Injection Exploit

No description provided by source. ?php / Geeklog = 1.5.2 savepreferences/blocks remote sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.geeklog.net/ PHP and MySQL version independent vulnerability, see usersettings.php nea...

GotoCode Online Bookstore Multiple Vulnerabilities

No description provided by source. Exploit Title : GotoCode Online Bookstore Multiple Vulnerabilities Vulnerability : Privilege Escalation / Remote Database Download Date : 03/10/2011 Author : Nathaniel Carew Email : [email protected] Impact : High Software Link :...

deV!L`z Clanportal Witze Addon 0.9 - SQL Injection Vulnerability

No description provided by source. ======================================================================================== | Title : deV!Lz Clanportal Witze Addon Versions 0.9 SQL Injection Vulnerability | Author : Easy Laster | Download : http://dzcp-zone.de/downloads/?action=show&id=97 | Scrip...

PluggedOut CMS 0.4.8 admin.php XSS

No description provided by source. source: http://www.securityfocus.com/bid/14426/info PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data...

Crowd User Directory application password stored in plain text

Table: cwddirectoryattribute Column: attributevalue How to Verify in my environment: Connect to JIRA database using psql and run query: code select attributevalue from cwddirectoryattribute where attributename = 'application.password' code Note how the returned value is the plain text value of th...

云人才系统SQL注入，绕过WAF

简要描述： 云人才系统SQL注入，绕过WAF 详细说明： 云人才系统SQL注入，绕过了360的WAF 首先需要注册一个普通用户 比如官方演示站点： 然后来到 http://www.hr135.com/member/index.php?M=index&C=info 可以看到有某数字的WAF： 于是我们发现代码如下： function infoaction if$POST"submitBtn" $POST=$this-posttrim$POST; if$POST"name"=="" $this-obj-ACTmsg"index.php?C=info","��������Ϊ�գ�";...

Crime24 Stealer Panel 1.0 - Multiple Vulnerabilities

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | \ | | | \ | | | |/ | / | | | | |/ / \ | | | |/ | ' \ | || | | | \ \ || | Twitter @TheHackersBay Pentester / Underground hacker Exploit Title: Crime24 Stealer Panel &in=1&search=Search Example: http://i.imgur.com/zyIr5xv.png...

Jigowatt PHP Event Calendar &quot;year&quot; SQL注入漏洞

Jigowatt PHP Event Calendar是一款日历WEB应用程序。 Jigowatt PHP Event Calendar calendar/dayview.php不正确过滤"year"参数数据，允许远程攻击者利用漏洞提交特制的SQL查询，操作或获取数据库数据。 0 Jigowatt PHP Event Calendar 2.x 目前没有详细解决方案： http://codecanyon.net/item/php-event-calendar/47723...

CVE-2014-1986

The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application...

Jigowatt PHP Event Calendar - &#039;day_view.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/66923/info Jigowatt PHP Event Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, acces...

MobFox mAdserve SQL注入漏洞

Bugtraq ID:66661 MobFox mAdserve是一款基于WEB的广告服务应用。 MobFox mAdserve存在一个SQL注入漏洞，允许远程攻击者利用漏洞提交特制的SQL查询，操作或获取数据库数据。 0 MobFox mAdserve 2.0 目前没有详细解决方案： http://www.madserve.org/...

Procentia IntelliPen 1.1.12.1520 - &#039;data.aspx&#039; Blind SQL Injection

CVE: CVE-2014-2043 Vendor: Procentia Product: IntelliPen Affected version: 1.1.12.1520 Fixed version: 1.1.18.1658 Reported by: Jerzy Kramarz Details: SQL injection has been found and confirmed within the software as an authenticated user. A successful attack could allow an authenticated attacker ...

Multiple Vulnerabilities in Eventum

High-Tech Bridge Security Research Lab discovered vulnerability in Eventum, which can be exploited to reinstall and compromise vulnerable application. 1 Incorrect Default Permissions in Eventum: CVE-2014-1631 The vulnerability exists due to incorrect default permission set for installation script...

Etoshop B2B Vertical Marketplace Creator - Multiple SQL Injections

source: https://www.securityfocus.com/bid/64332/info B2B Vertical Marketplace Creator is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit these issues by manipulating the SQL quer...

Dynamic Biz Website Builder (QuickWeb) 1.0 - &#039;/apps/news-events/newdetail.asp?id&#039; SQL Injection

source: https://www.securityfocus.com/bid/64371/info EtoShop Dynamic Biz Website Builder QuickWeb is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit these issues by manipulating...

Eclipse.org SQL Injection

Vulnerability: Eclipse.org Error Based SQL Injection Authors: Shahmeer Amir And Rafay Baloch Company: RHA INFOSEC Website: http://services.rafayhackingarticles.net Url...

Project'Or RIA 3.4.0 SQL Injection

============================================= INTERNET SECURITY AUDITORS ALERT 2013-017 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 6.8/10 CVSSv2 Base Scored - CVE-ID: CVE-2013-6164...