EUVD-2018-3445

Malware in sbrugna...

Tokheim Profleet DiaLOG Fuel Management System 11.005.02 SQLi / Code Execution Vulnerabilities

Tokheim Profleet DiaLOG Fuel Management System version 11.005.02 suffers from a remote SQL injection vulnerability that can allow for remote code execution. Exploit Title: Tokheim Profleet DiaLOG Fuel Management System 11.005.02 - SQLi Unauthenticated Exploit Author: golem445 Vendor Homepage:...

CVE-2010-4177

mysql-gui-tools mysql-query-browser and mysql-admin before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes...

Sql injection

An issue was discovered in BearAdmin 0.5. There is admin/adminlog/index.html?userid= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly...

CVE-2018-11414

BearAdmin 0.5 is affected by a SQL injection in the admin/admin_log/index.html?user_id= parameter. The root cause is improper construction of a MySQL query in admin\controller\AdminLog.php. CNVD-2018-10336 documents a remote attacker being able to exploit this by supplying the user_id parameter t...

Simple Blog PHP 2.0 - SQL Injection

Simple Blog PHP 2.0 - SQL Injection ===================================================== Simple Blog PHP 2.0 - SQL Injection ===================================================== Vendor Homepage: http://simpleblogphp.com/ Date: 13 Oct 2016 Demo Link : http://simpleblogphp.com/blog/admin.php...

WordPress User Meta Manager 3.4.6 Plugin - Information Disclosure

Exploit for php platform in category web applications Exploit Title: WordPress User Meta Manager Plugin Information Disclosure Discovery Date: 2015-12-28 Public Disclosure Date: 2016-02-01 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage:...

Cart66 Lite <= 1.5.3 - SQL Injection

The QSA named ‘q’ for the ‘promotionProductSearch’ AJAX call is not being sanitized, which allows for MySQL injection utilizing a UNION. The user must be logged in for this to be applicable. The output is JSON encoded, however is a pure representation of the data returned from a MySQL query...

RobotStats 1.0 - HTML Injection

Title : RobotStats v1.0 HTML Injection Vulnerability Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Date : 22.11.2014 Demo : http://alpesoiseaux.free.fr/robotstats/ Download :...

RobotStats 1.0 SQL Injection

Title : RobotStats v1.0 robot param SQL Injection Vulnerability Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Date : 22.11.2014 Demo : http://alpesoiseaux.free.fr/robotstats/ Download :...

WordPress IP-Logger Plugin <= 3.0 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress IP-Logger plugin = 3.0 SQL Injection Vulnerability Date: 2011-08-16 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/ip-logger.3.0.zip Version: 3.0 tested --- PoC ---...

friendsinwar FAQ Manager (view_faq.php, question param) SQL Injection Vulnerability

No description provided by source. Exploit Title: friendsinwar FAQ Manager SQL Injection URL Vulnerability Date: 16.11 2012 Exploit Author: unsuprise Vendor Homepage: http://www.friendsinwar.com Software Link:http://www.friendsinwar.com/scriptdemo/thefaqmanager/ Tested on: Windows 7, Xampp Blog :...

PizzaInn_Project - SQL Injection

No description provided by source. + Exploit: PizzaInnProject - SQL Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/restaurantmis/ 1 Sql Injection Time Based Blind PoC: http://127.0.0.1/reserve-exec.php?id=1' SQL...

PostNuke 0.6 Unauthenticated User Login Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3435/info PostNuke, successor to PHPNuke, is a content management system written in PHP. PostNuke versions 0.62 to 0.64 suffer from a vulnerability that allows a remote user to log-in as any user with known username and I...

Entertainment Directory <= 1.1 - SQL Injection Vulnerability

No description provided by source. --==+================================================================================+==-- --==+ Entertainment Directory = 1.1 SQL Injection Vulnerbility +==-- --==+================================================================================+==-- Discovered...

Mole Group Hotel Script 1.0 - Remote SQL Injection Vulnerability

No description provided by source. -+================================================================================+- -+ Mole Group Hotel Script 1.0 Remote SQL Injection Vulnerability +- -+================================================================================+- Discovered By: t0pP8uZz...

flashlight free edition (lfi/sql) Multiple Vulnerabilities

No description provided by source. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Flashlight Free Edition - LFI/SQL Multiple Remote Vul XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX RATM: All hell can't stop us now! XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX...

Web Calendar <= 4.1 - Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl use strict; use LWP::Simple; print -+-- Web Calendar = 4.1 Blind SQL Injection Exploit --+-\n; print -+-- --+-\n; print -+-- Discovered && Coded By t0pP8uZz --+-\n; print -+-- Discovered On: 24 April 2008 --+-\n; print -+-- --+-\n; print -+-- Web...

WordPress Plugin My Category Order <= 2.8 - SQL Injection Vulnerability

No description provided by source. Source: WordPress Plugin: My Category Order = 2.8 mycategoryorder.php / SQL Injection Vulnerability Download: http://wordpress.org/extend/plugins/my-category-order/ No Dork Author: ManhLuat93 at hcegroupdotnet Errors appears only when you have admin control Open...

Battle.net Clan Script for PHP 1.5.1 - Remote SQL Injection Vulnerability

No description provided by source. script : Battle.net Clan Script 1.5 file : login.php attack : injection sql auteur : h a c k e r X code : ------------------------------------------------------------------------------------------ line 9 -- $user = $POST'user'; line 10-- $pass = $POST'pass';...