Blog PixelMotion (index.php categorie) SQL Injection Vulnerability

No description provided by source. Blog Pixel Motion Sql Injection Vulnerability ------------------------------------------------------------------------------------------------- Author : parad0x Home : www.inso.host.sk Script : Blog PixelMotion Download : http://www.pixelmotion.org/zip/blog.zip...

PT-2008-2989 · Phpbp · Phpbp

Name of the Vulnerable Software and Affected Versions: phpBP version 2.204 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the id parameter in a "banner out" action. The vulnerable file is includes/functions/banners-external.php...

PHP-Nuke Sell Module - 'cid' SQL Injection

source: https://www.securityfocus.com/bid/27980/info The 'Sell' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application,...

Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 - 'Labels.asp?Term' SQL Injection

source: https://www.securityfocus.com/bid/27924/info Aeries Student Information System is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and an HTML-injection issue, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues...

Debian Security Advisory DSA 1169-1 (mysql-dfsg-4.1)

The remote host is missing an update to mysql-dfsg-4.1 announced via advisory DSA 1169-1. Several local vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-4226 Michal Prokopiuk discovered...

MTCMS <= 2.0 Remote SQL Injection Vulnerabilities

No description provided by source. ...:::::MTCMS =2.0 SQL Injection Vulnerbility ::::.... Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By :hadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all iranian hackerz greetz:to my best...

Default credentials

FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access...

CVE-2007-6635

FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access...

CVE-2007-6635

FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in cleartext in a database, which might allow context-dependent attackers to obtain the password via unspecified database access...

CVE-2007-6635

FAQMasterFlexPlus (likely Version 1.5 or 1.52) stores the admin password in cleartext in a database. The underlying issue is the insecure storage of credentials, enabling context-dependent attackers who gain access to the database to obtain the password. The documents do not specify additional af...

[HSC Security Group] Multiple CSRF in Joomla all versions - Complete compromise

HSC Multiple CSRF in Joomla all versions - Complete compromise Hackers Center Security Group http://www.hackerscenter.com Credit: Armando Romeo aka Zinho Class: CSRF Remote: Yes Risk: HIGH Product: Joomla Version: All 1.0.13 and 1.5 rc3 tested Vendor: http://www.joomla.com Patch: Joomla 1.5 RC4...

Buffer overflow

The Oracle database component in Sun Management Center Sun MC 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code...

CVE-2007-6480

The Oracle database component in Sun Management Center Sun MC 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code...

CVE-2007-6330

Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a 1 cleartext or 2 weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a...

CVE-2007-6330

Meridian Prolog Manager 2007 and earlier versions (including 7.5 and prior) transmit all usernames and passwords to the client in cleartext or weakly encrypted form to support client-side authentication. This can enable an attacker to capture credentials via network sniffing or a man-in-the-middl...

Beehive论坛post.php脚本远程SQL注入漏洞

BUGTRAQ ID: 26492 CVECAN ID: CVE-2007-6014 Beehive Forum是用PHP编写的开源Web论坛应用。 Beehive Forum实现上存输入验证漏洞，远程攻击者可能利用此漏洞执行SQL注入攻击，非授权操作数据库获取敏感信息。 Beehive论坛的post.php脚本没有正确地过滤用户对tdedupe变量的输入便将该变量的值包含在了SQL语句中并由@mysqlquery函数执行。这个函数经过了特别的设计禁止在单个调用中使用多个SQL语句以缓解SQL注入攻击的影响，但攻击者仍可以通过tdedupe变量操控SQL语句，从数据库获得任意数据。...

Wordpress Cookie Authentication Vulnerability

Wordpress Cookie Authentication Vulnerability Original release date: 2007-11-19 Last revised: 2007-11-19 Latest version: http://www.cl.cam.ac.uk/users/sjm217/advisories/wordpress-cookie-auth.txt CVE ID: pending Source: Steven J. Murdoch http://www.cl.cam.ac.uk/users/sjm217/ Systems Affected:...

myspaceclone-sql.txt

--==+================================================================================+==-- --==+ Myspace Clone Script SQL Injection Vulnerabilitys +==-- --==+================================================================================+==-- AUTHOR: t0pP8uZz & xprog SITE: datecomm.com DORK...

LedgerSMB < 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues

Severity: Critical Effect: Compromise of FInancial Data, deletion of audit trails, alteration of system settings, disclosure of confidential information possible in some setups. Affected products: LedgerSMB 1.0.0-1.2.7 , SQL-Ledger 2.x all versions. 1: SQL injection issue in invoice quantity fiel...

Administrators joke with administrator privileges upload vulnerability analysis-vulnerability warning-the black bar safety net

These two days are very boring, taking advantage of the holiday time ready to practice under their own invasion of technology, there is nothing the target is ready to test next week around the University site the security, the way to get the website to practice your hand. Most of the administrato...