FineCMS 最新版sql注入一枚(无防御)

简要描述： FineCMS 最新版sql注入一枚 厂商不会又说6月份已经修复吧,我说了这只是一个开始.............................................................................................. 详细说明： 直接看代码： member/controllers/pm.php:lines：27-37： public function index if ISPOST if $this-input-post'action' == 'read' $this-pmmodel-setread$this-uid...

Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in Google Calendar Events WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrator of a WordPress website with vulnerable plugin. 1 Reflected Cross-Site Scripting XSS in Google Calend...

EGYWEB (Mantrac) <= Remote File Disclosure Exploit

database passwords can be drawn.. Usage Info python exploit.py http://TARGET.COM EGYWEB Mantrac Example and tested on; http://www.deltagroup.com.eg http://www.mantracvostok.ru http://www.mantracghana.com http://www.mantracnigeria.com http://www.mantrackenya.com http://www.mantractanzania.com...

[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.7.1-1.fc19

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities

Exploit Title: WooCommerce Store Exporter v1.7.5 Stored XSS Google Dork: inurl:"woocommerce-exporter" Date: 26/08/2014 Exploit Author: Mike Manzotti @ Dionach Vendor Homepage: http://www.visser.com.au/plugins/store-exporter/ Software Link:...

[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.7.1-1.fc20

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Reflected Cross-Site Scripting (XSS) in BlackCat CMS

High-Tech Bridge Security Research Lab discovered vulnerability in BlackCat CMS, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in BlackCat CMS: CVE-2014-5259 The vulnerability exists due to insufficient sanitization of the "msg" HTTP GET...

[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.6-1.fc19

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Linux Kernel <= 2.6.17.4 - (proc) Local Root Exploit

No description provided by source. / Author: h00lyshit Vulnerable: Linux 2.6 ALL Type of Vulnerability: Local Race Tested On : various distros Vendor Status: unknown Disclaimer: In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or sprea...

Mobius <= 1.4.4.1 (browse.php id) Remote SQL Injection Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl Mobius = 1.4.4.1 Remote SQL Injection Vulnerability Script: Mobius Web Publishing Software Script sit...

V-webmail 1.6.2 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/16706/info V-webmail is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script...

agXchange ESM 'ucschcancelproc.jsp' Open Redirection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38879/info agXchange ESM is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit may aid in phishing attacks; other attacks are possible...

TotalECommerce <= 1.0 (index.asp id) Remote SQL Injection Exploit

No description provided by source. Original advisory: http://www.nukedx.com/?viewdoc=18 Advisory by: nukedx Full PoC Explotation: GET - http://victim/dir/index.asp?secao=PageID&id=SQL EXAMPLE 1 -...

Joomla Component equotes 0.9.4 - Remote SQL injection Vulnerability

No description provided by source. /---------------------------------------------------------------\ \ / / Joomla Component equotes Remote SQL injection \ \ / ---------------------------------------------------------------/ Author : His0k4 ALGERIAN HaCkEr Dork : inurl:comeQuotes POC :...

K-Links - Link Directory Script SQL Injection Vulnerability

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-In The Name Of Allah The Mercifull-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Tybe: REMOTE SQL iNJECTioN Vendor: http://turn-k.net + Software: K-Links + author: R3d-D3v!L + TEAM: N0W... !AM W0RK!NG AL0NE ? contact:...

i-pos Storefront 1.3 - 'index.asp' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29471/info i-pos Storefront is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

phpArcadeScript <= 3.0RC2 (userid) SQL Injection Vulnerability

No description provided by source. phpArcadeScript all version Remote Sql Injection Exploit AUTHOR:SoSo H H Iraqi-Cracker Script Site: http://www.phparcadescript.com/ Price:$30.00 Tested on: Versions:1.0,2.0,3.0 RC1 &RC2 Dorks:Powered by phpArcadeScript v1.0 Powered by phpArcadeScript v2.0 Powere...

SAP Business Connector 4.6/4.7 adapter-index.dsp url Variable Arbitrary Site Redirect

No description provided by source. source: http://www.securityfocus.com/bid/16671/info SAP Business Connector is susceptible to an input-validation vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input. This issue allows remote attackers to execute...

p.mapper 3.2 beta3 plugins/export/mc_table.php _SESSION[PM_INCPHP] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/26614/info p.mapper is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and th...

Plague News System 0.7 CID Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14137/info Plague News System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script. An attacker may leverag...