64 matches found
EUVD-2006-1116
Malware in sbrugna...
EUVD-2006-1115
Malware in sbrugna...
SUSE CVE-2006-0200
Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages...
Privilege Escalation
OpenStack Compute nova launches and schedules large networks of virtual machines, creating a redundant and scalable cloud computing platform. Compute provides the software, control panels, and APIs required to orchestrate a cloud, including running virtual machine instances, managing networks, an...
CVE-2018-7251
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as "Too many connections" has occurred...
Razer US: SQL Injection on careers.razerzone.com within the Admin interface without any access credentials
The researcher discovered a SQL Injection vulnerability on our careers.razerzone.com host, which is used to list job openings for Razer worldwide and receive application submissions from potential hires. This vulnerability could have allowed the exfiltration of admin credentials as well as person...
APPCMS comment.php文件SQL注入
AppCMS 官网:http://www.appcms.cc/ 审计版本:2.0.101 下载连接:http://www.appcms.cc/download/appcms2.0.101.zip AppCMS comment.php SQL Injection 0x00 前言 一开始是在cnvd()上看到有人提交这个漏洞没有详情,去官网下载源码本地审计没有审计出来;一次偶然的机会看到@Thinking分享的文章,才知道服务器端获取的“HTTPCLIENTIP”值是http头中“CLIENT-IP”字段的值是可伪造的!看到这个就恍然大悟了 0x01 分析...
IP. Board <= 3.4.7 SQL Injection analysis-vulnerability warning-the black bar safety net
IPB stands for Invision Power Board is a PHP Development Forum program, foreign used more widely. In its 3. 4. 7 version and the previous presence of a SQL injection vulnerability, this article to its analysis. poc link http://seclists.org/fulldisclosure/2014/Nov/20 !/ usr/bin/env python Sunday,...
CMS Builder 2.07 SQL Injection
Affected software: CMS Builder v2.07 Type of vulnerability: sql injection URL: http://demo2.interactivetools.com/cmsbuilder2/bottom.php Discovered by: Provensec Website: http://www.provensec.com versionv2.07 Proof of concept...
Dimensions buy 4. 3 the latest version of the sql analysis-vulnerability warning-the black bar safety net
Haven't been on the forum, today sees the release of the top-dimensional buy 4. 3 the latest versionof sql injectionexploit tool Well, according to this primary information, plus before has been analyzed dimensions, soon locating to the \\app\source\goodslist.php 1. 2. //Buy classification 3...
Concrete5 5.6.2.1 (index.php, cID param) - SQL Injection
No description provided by source. Exploit Title: Concrete5 sql injection Date: 18/02/2014 Exploit Author: [email protected] Vendor Homepage: https://www.concrete5.org/ Software Link: http://www.concrete5.org/downloadfile/-/view/58379/8497/ Version: 5.6.2.1 stable Tested on: Virtualbox debian UR...
FileBox - File Hosting & Sharing Script 1.5 - SQL Injection Vulnerability
No description provided by source. Exploit Title: FileBox - File Hosting & Sharing Script 1.5 SQL Injection Google Dork: inurl:FileBox Date: 30/08/2011 Author: Scripts Apart Software Link: http://www.scriptsapart.com Version: 1.5 Tested on: Windows 7 , Ubuntu 11 CVE : Exploit Discovered :...
PBBoard 2.1.4 - Multiple SQL Injection Vulnerabilities
No description provided by source. Title: PBBoard v2.1.4 multiple SQLi Vulnerabilities Version: 2.1.4 Author/Found by: loneferret Software Site: http://www.pbboard.com/PBBoardv2.1.4.zip Other vulnerabilities: http://www.exploit-db.com/exploits/18937/ Date found: May 29th 2012 Tested on: Ubuntu...
UCenter Home 2.0 - SQL Injection Vulnerability
No description provided by source. --==UCenter Home 2.0 -0day Remote SQL Injection Vulnerability==-- / Author : KnocKout / Greatz : DaiMon,BARCOD3,RiskY and iranian hackers / Contact: [email protected] / Cyber-Warrior.org/CWKnocKout --==--==--==--==--==--==--==--==--==--== Script : UCenter Home...
PHPMyWind后台无条件获取webshell
简要描述: 当时我就惊呆了... 详细说明: 在/include/mysql.class.php487行有这样一段代码 //保存MySql错误日志 $userIP = GetIP; $getUrl = GetCurUrl; $getTime = GetDateTimetime; $logfile = dirnameFILE.'/../data/error/mysqlerrortrace.php'; $savemsg = ' Time: '.$getTime.'. || Page: '.$getUrl.' || IP: '.$userIP.' || Error: '.$msg."\r\n"...
mysql: unspecified vulnerability related to Error Handling DoS (CPU Jan 2014)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling...
mysql: unspecified vulnerability related to Error Handling DoS (CPU Jan 2014)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling...
vbBux / vbPlaza 4.0.3 SQL Injection
Exploit Title: vbBux and vbPlaza v4 SQLI Authors: n3tw0rk twiiter.com/n3tw0rkgod Contact: Mail:[email protected] Product: 4.0.3 and below Software Version x.x.x Product Download: http://www.vbulletin.org/forum/showthread.php?t=270271 Homepage: d4tabase.com The exploit is caused due to a...
PBBoard 2.1.4 - Multiple SQL Injections
PBBoard 2.1.4 - Multiple SQL Injections Title: PBBoard v2.1.4 multiple SQLi Vulnerabilities Version: 2.1.4 Author/Found by: loneferret Software Site: http://www.pbboard.com/PBBoardv2.1.4.zip Other vulnerabilities: http://www.exploit-db.com/exploits/18937/ Date found: May 29th 2012 Tested on: Ubun...
PBBoard 2.1.4 SQL Injection
Title: PBBoard v2.1.4 multiple SQLi Vulnerabilities Version: 2.1.4 Author/Found by: loneferret Software Site: http://www.pbboard.com/PBBoardv2.1.4.zip Other vulnerabilities: http://www.exploit-db.com/exploits/18937/ Date found: May 29th 2012 Tested on: Ubuntu Server 8.04 / PHP Version...