The number of silver online the Struts command execution vulnerability, the total station the fall-vulnerability warning-the black bar safety net

Vulnerability Title: The number of silver online the Struts command execution vulnerability, the whole Station fall Vulnerability type: command execution Harm level: high Brief description: The number of silver online some address the presence of the Struts command execution vulnerability...

MySQL (Linux) - Database Privilege Escalation

use DBI; $|=1; =for comment MySQL privilege elevation Exploit This exploit adds a new admin user. By Kingcope Tested on Debian Lenny mysql-5.0.51a OpenSuSE 11.4 5.1.53-log How it works: This exploit makes use of several things: The attacker is in possession of a mysql user with 'file' privileges...

Authentication flaw

The default configuration of EMC Smarts Network Configuration Manager NCM before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session...

CVE-2012-4614

CVE-2012-4614 affects EMC Smarts Network Configuration Manager (NCM) prior to version 9.1. The default NCM configuration allows unauthenticated access to the NCM database, enabling remote attackers to interact via the network (impact described as complete confidentiality/integrity/availability). ...

Web Colinas Sql Injection Vulnerability

Exploit for php platform in category web applications '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Web Colinas Sql Injection Vulnerability Google Dork1: intext:"Web Colinas" inurl:".php?id=" Google Dork2: intext:"Web Colinas" inurl:".php?c=" Date: 16/11/2012 Author: Sys32 Email:...

Sql injection in AJAX post Search wordpress plugin

Exploit Title : SQl INJECTION AJAX Post Search --- wordpress plugin--- Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 10/12/12 version: 1.1 software link: http://wordpress.org/extend/plugins/cardoza-ajax-search/ AJAX Post Search wordpress plugin description This plugin will allow your...

VeriCentre web application SQL injection vulnerability

Overview The VeriCentre web application contains a SQL injection vulnerability. Description CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'The VeriCentre web application contains a SQL injection vulnerability within the TerminalId, ModelName, and...

ManageEngine Security Manager Plus <= 5.5 build 5505 Path Traversal

Exploit for multiple platform in category web applications !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Security Manager Plus 0x90.nl Software link :...

CVE-2012-5298

Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request...

Improper access control

Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request...

CVE-2012-5298

Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request...

IKware Sql Injection Vulnerability

Exploit for php platform in category web applications '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' IKware Sql Injection Vulnerability Google Dork: intext:"Desenvolvido por IKware" inurl:".php?id=" Date: 13/9/2012 Author: Sys32 Email: tha.Sys32atgmaildotcom Vendor:...

DELTAScripts PHP Links - Multiple SQL Injections

DELTAScripts PHP Links - Multiple SQL Injections source: https://www.securityfocus.com/bid/55478/info DeltaScripts PHP Links is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues cou...

CVE-2012-1607

The Command Line Interface CLI script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request...

TravianX Sql Injection Vulnerabilities

Exploit for php platform in category web applications 68b 6MMMMb\ Y89 6M' 9 MM / YM. MM M' 6MMMMb\ 6MMMMb 6MMMMb YMMMMb Mb d' MM' MM' Mb MM' Mb Mb YM. ,P YM. MM ,MM MM MM M YMMMMb .M9 ,MM' MM Mbd' Mb MMMM ,M' L ,M9 YMP L ,MM Mb ,M' MYMMMM9 M MYMMMM9 MM MMMMMMMM d' MM 8,P MM. ,M9 @PT YMM YMMMM9...

Joomla! Component com_niceajaxpoll 1.3.0 - SQL Injection

Joomla! Component comniceajaxpoll 1.3.0 - SQL Injection Title : Joomla comniceajaxpoll = 1.3.0 SQL Injection Vulnerability Author : Patrick de Brouwer - @knickz0r NLSecurity - www.nlsecurity.org Dork : inurl:"/index.php?option=comniceajaxpoll" Software : Joomla component Nice Ajax Poll = 1.3.0...

Moderate: Red Hat Security Advisory: perl-DBD-Pg security update

An updated perl-DBD-Pg package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

4XP Critical SQL Injection Vulnerability Exposed

zSecure team has recently discovered a critical SQL Injection Vulnerability in the web portal of 4XP, a leading online forex broker having more than 1 lakh customer base. Financial transactions are carried on the broker's paltform on daily basis including but not limited to Credit Card...

AutoFORM PDM Archive contains multiple vulnerabilities

Overview AutoFORM PDM Archive contains multiple vulnerabilities which could allow an attacker to execute arbitrary code with the privileges of the application. Description According to AutoFORM's website AutoFORM PDM Archive is a comprehensive output management solution that encompasses document...

Galette (picture.php) SQL Injection Vulnerability

Exploit for php platform in category web applications Source: http://www.securityfocus.com/bid/53463/info Galette is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker ...