Lucene search
K

1163 matches found

Exploit DB
Exploit DB
added 2007/02/20 12:0 a.m.39 views

PHP-Nuke 8.0 Final - 'INSERT' Blind SQL Injection (MySQL)

!/usr/bin/perl 0day exploit for PHP-nuke = 4.0.24, using 'brute force' Coded by:Maciej krasza [email protected] Screenshot: 0day exploit for PHP-nuke new; my $zadanie = HTTP::Request-newGET = $adres; my...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2006/11/22 12:0 a.m.29 views

ContentNow 1.39 (pageid) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w use IO::Socket; use strict; ContentNow "pageid" Sql Injection Version : 1.39 Url : http://www.contentnow.mf4k.de Author : Alfredo 'revenge' Pesoli Advisory : http://www.0xcafebabe.it/advisory/contentnow139sqlinjection.txt Description: The...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/07 12:0 a.m.22 views

PHP-Fusion 6.0.x - 'news.php' SQL Injection

source: https://www.securityfocus.com/bid/19908/info PHP-Fusion is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/05/27 12:0 a.m.40 views

XSS in Monster Top List | MTL 1.4

XSS in Monster Top List | MTL 1.4 --------------------------------- Software : Monster Top List --------------------------------- version : Monster Top List 1.4 --------------------------------- Exploit : www.site.com/index.phpusererrormessage=XSS-CODE --------------------------------- Discovery ...

2.7AI score
Exploits0
myhack58
myhack58
added 2006/01/10 12:0 a.m.28 views

Tricks of the trade of the invasion of Shaanxi, a University intranet-vulnerability warning-the black bar safety net

Recently black anti above there are many ways to invade College website to the article, mostly for the injection attack. Oh, in order to cater to the mass the trend, I also entered some of the University websites play a Play. Not, this time it found a Shaanxi College inside a site of injection...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/01/06 12:0 a.m.18 views

TheWebForum 1.2.1 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/16161/info TheWebForum is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could result in a compromise of t...

7.4AI score
Exploits0
CVE
CVE
added 2005/11/27 11:0 a.m.44 views

CVE-2005-3850

CVE-2005-3850 describes a cross-site scripting (XSS) vulnerability in the OKBSYS Lite Edition 1.0 search.asp page. The issue allows remote attackers to inject arbitrary script/HTML via hex-encoded values in the q parameter. The vulnerability is page/file/parameter specific (search.asp, q) and the...

4.3CVSS6AI score0.01177EPSS
Exploits0References5Affected Software1
securityvulns
securityvulns
added 2005/09/05 12:0 a.m.37 views

myBloggie "username" SQL Injection Vulnerability

Secunia Advisory: SA16699 Release Date: 2005-09-05 Critical: Moderately critical Impact: Security Bypass Manipulation of data Where: From remote Solution Status: Vendor Patch Software: myBloggie 2.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it...

1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/08/31 12:0 a.m.15 views

Simple Machines Forum < 1.0.7 Code Injection

Binary data 3198.prm...

5CVSS7.3AI score0.01721EPSS
Exploits2References2
OSV
OSV
added 2005/07/19 4:0 a.m.7 views

CVE-2005-2301

PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service failure to answer ldap questions and possibly conduct an LDAP injection attack...

6.8AI score
Exploits0References5
OSV
OSV
added 2005/07/05 4:0 a.m.11 views

DEBIAN-CVE-2005-2108

SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTPRAWPOSTDATA variable, which stores the data in an XML file...

7.5CVSS8.7AI score0.0932EPSS
Exploits1References1
exploitpack
exploitpack
added 2005/05/28 12:0 a.m.14 views

Hosting Controller 6.1 - resellerresources.asp?jresourceid SQL Injection

Hosting Controller 6.1 - resellerresources.asp?jresourceid SQL Injection source: https://www.securityfocus.com/bid/13806/info Hosting Controller is reported prone to multiple vulnerabilities. These issues can allow an attacker gain unauthorized access to data and carry out SQL injection attacks...

0.2AI score
Exploits0
Cvelist
Cvelist
added 2005/04/18 4:0 a.m.21 views

CVE-2005-1169

Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php...

7.6AI score0.01532EPSS
Exploits0References3
securityvulns
securityvulns
added 2005/04/16 12:0 a.m.27 views

myBloggie 2.1.1

myBloggie 2.1.1 Vendor: http://www.mywebland.com/ When the comments are posted there's no check for "script" tags allowing a script injection attack. Proof of Concept scriptalert"Hi world!";/script ..-= DominusVis =-.. Infektion Group Brazil...

Exploits0
exploitpack
exploitpack
added 2005/01/25 12:0 a.m.13 views

MercuryBoard 1.1 - Multiple Input Validation Vulnerabilities

MercuryBoard 1.1 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/12359/info Multiple input validation vulnerabilities affect MercuryBoard. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in...

0.1AI score
Exploits0
FreeBSD
FreeBSD
added 2005/01/19 12:0 a.m.23 views

konversation -- shell script command injection

Konversation comes with Perl scripts that do not properly escape shell characters on executing a script. This makes it possible to attack Konversation with shell script command injection...

7.5CVSS6.5AI score0.10321EPSS
Exploits0References1
securityvulns
securityvulns
added 2005/01/17 12:0 a.m.46 views

[EXPL] ITA Forum SQL Injection

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

8AI score
Exploits0
NVD
NVD
added 2005/01/10 5:0 a.m.27 views

CVE-2004-1158

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka t...

7.5CVSS6.6AI score0.0272EPSS
Exploits1References12
Gentoo Linux
Gentoo Linux
added 2004/08/23 12:0 a.m.42 views

Cacti: SQL injection vulnerability

Background Cacti is a complete web-based front end to rrdtool. Description Cacti is vulnerable to a SQL injection attack where an attacker may inject SQL into the Username field. Impact An attacker could compromise the Cacti service and potentially execute programs with the permissions of the use...

7.5CVSS3.9AI score0.02827EPSS
Exploits1
securityvulns
securityvulns
added 2004/07/13 12:0 a.m.32 views

Re: [Full-Disclosure] THE VULNERABILITY STILL WORKS AFTER TODAY&#39;S PATCH

Well it's not quite as easy as you make it sound I think you only took a look at http-equiv's example I posted to full disclosure and based your post on that. You see this: --snip-- iframe src="c:windowswebtip.htm" style="width:400px;height:200px;"/iframe textarea id="code" style="display:none;"...

7AI score
Exploits0
Rows per page
Query Builder