77 matches found
PT-2024-22967 · Sportsnet · Sportsnet
Name of the Vulnerable Software and Affected Versions: SportsNET version 4.0.1 Description: The issue concerns SQL injection vulnerabilities that could allow an attacker to retrieve, update, and delete all information in the database by sending a specially crafted SQL query to the API endpoint:...
CVE-2024-25917 WordPress WP Setup Wizard plugin <= 1.0.8.1 - Auth. Full Database Download Vulnerability
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1...
Webkil QloApps SQL注入漏洞
Webkil QloApps is free open source hotel booking and online reservation system. A security vulnerability exists in Webkul QloApps version 1.6.0, which stems from a SQL injection vulnerability in the GET parameter. An attacker can exploit the vulnerability to bypass the authentication and...
CVE-2022-36962
SolarWinds Platform was susceptible to Command Injection. This vulnerability allows a remote adversary with complete control over the SolarWinds database to execute arbitrary commands...
PT-2022-15494 · Carlo Gavazzi · Carlo Gavazzi Uwp3.0
Name of the Vulnerable Software and Affected Versions: Carlo Gavazzi UWP3.0 affected versions not specified CPY Car Park Server version 2.8.3 Description: An unauthenticated remote attacker could utilize a SQL-Injection issue to gain full database access, modify users, and stop services...
CVE-2022-26959
There are two full read/write Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp pag...
Open Solutions For Education OpenSis-Classic SQL注入漏洞
openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in openSIS version 8.0. The vulnerability stems from a lack of validation of input data for the $GET'usrid' and $GET'profid' parameters in PasswordCheck.php. An attacker can...
Automattic: SQL Injection Union Based
Summary: Hello, I have found a SQL Injection Union Based on https://intensedebate.com/commenthistory/$YourSiteId The $YourSiteId into the url is vulnerable to SQL Injection. Steps to reproduce 1. Logging into https://intensedebate.com 2. After create your own site on...
CVE-2020-24315
Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database...
Zomato: [www.zomato.com] Blind SQL Injection in /php/geto2banner
Hi Team! Our team discovered a Blind SQL Injection by Abusing LocalParams resid in /php/geto2banner We are working to create a full PDF Report as an WriteUp ; Here is a Temporal Exploit based on the Vulnerable request: POST /php/geto2banner HTTP/1.1 Host: www.zomato.com Connection: close...
The vulnerability of the Data Store component of the Oracle Berkeley DB database management system allows a hacker to gain full control over the DBMS.
The vulnerability of the Data Store component of the Oracle Berkeley DB database management system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain full control over the DBMS...
The vulnerability of the Core RDBMS component of the database management system Oracle Database Server allows a hacker to gain full control over the DBMS.
The vulnerability of the Core RDBMS component of the database management system Oracle Database Server is related to insufficient access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the DBMS using Oracle Net...
SynConnect SQL Injection
Title: ==== SynConnect - SQL Injection vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== Date: ==== 01-03-2013 CRD: ==== CRD-2013-01 Vendor: ====== Synchroweb Technology is a provider of application...
Open Upload <== Full DataBase Buckup Vulnerability
Exploit for php platform in category web applications Exploit Title: Open Upload == Full Multiple Vulnerabilites Author: email protected Vendor or Software Link: http://openupload.sourceforge.net/ Google dork: "Open Upload - Created by Alessandro Briosi 2009" Tested on: Xp SP 2 Poc : 1 -...
phpDEV5 Remote Default Insecure Users Vuln
No description provided by source. ------------------------------------------------------------------------ PHPDev5 Remote Insecure Default Users & Passwords vuln. By : Ali7 e-mail : [email protected] date : 09-03-2k5 greetz : all my friends ; AlkaeN ; s4a.cc boyz ; Target : PHPDev 5 URL :...
phpDEV5 - Remote Default Insecure Users
------------------------------------------------------------------------ PHPDev5 Remote Insecure Default Users & Passwords vuln. By : Ali7 e-mail : [email protected] date : 09-03-2k5 greetz : all my friends ; AlkaeN ; s4a.cc boyz ; Target : PHPDev 5 URL : www.firepages.com.au -...
Borland/Inprise Interbase 4.0/5.0/6.0 - Backdoor Password
source: https://www.securityfocus.com/bid/2192/info Interbase is an open source relational database offered by Borland Inprise Corporation. Interbase contains a backdoor user account and password called "LOCKSMITH". When accessed this account will eliminate all implemented security allowing full...