4 matches found
Mail.ru: [cfire.mail.ru] Time Based SQL Injection
Добрый день. Уязвимо кукис с названием cfiresid. Рабочий PoC GET /account/userbar/ HTTP/1.1 User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/537.36 KHTML, like Gecko Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.25 Host: cfire.mail.ru Accept: text/html, application/xml;q=0.9,...
PT-2014-9071 · Oracle +6 · Mysql Server +6
Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 5.5.40 and earlier Description: The issue allows remote authenticated users to affect availability via vectors related to Server: InnoDB: DDL: Foreign Key. Recommendations: For Oracle MySQL Server versions 5.5.40...
Oracle Linux 5 : mysql55-mysql (ELSA-2014-1859)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1859 advisory. 5.5.40-2 filter perlGD from Requires perl-gd is not available for RHEL5 Resolves: 1160514 5.5.40-1 - Rebase to 5.5.40 Also fixes: CVE-2014-4274...
帝国CMS5.0“/e/member/list/index.php”文件注射漏洞
帝国ECMS /e/member/list/index.php文件: if$sear $keyboard=RepPostVar2$GET'keyboard'; if$keyboard $add.=$where.$userusername." like '%$keyboard%'"; $search.="&sear=1&keyboard=$keyboard"; 判断sear参数是否存在,然后直接去keyboard的参数,然后再判断keyboard值是否为空,如果不为空就直接把keyboard带入查询产生注射漏洞. exp:...