22 matches found
EUVD-2007-1773
Malware in sbrugna...
SUSE CVE-2009-2942
The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysqlrealescapestring function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...
Directory Traversal
librenms/librenms is vulnerable to directory traversal. The usage of mysqlrealescapestring to sanitize untrusted user supplied data that is subsequently passed to the include function as a file path in csv.php, is insecure. An attacker could potentially include arbitrary files on the server using...
Student Information System (SIS) 0.1 - Authentication Bypass
Exploit Title............... Student Information System SIS Auth Bypass Google Dork................. N/A Date........................ 14/10/2016 Exploit Author.............. lahilote Vendor Homepage............. http://www.sourcecodester.com/php/10902/student-information-system-sis.html Software...
Learning Management System 0.1 - Authentication Bypass
Learning Management System 0.1 - Authentication Bypass Exploit Title.............. Learning Management System Auth Bypass Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage...
Health Record System 0.1 - Authentication Bypass
Health Record System 0.1 - Authentication Bypass Exploit Title.............. Health Record System Auth Bypass Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/node/10430 Software...
WordPress Plugin Google Document Embedder 2.5.16 - mysql_real_escpae_string Bypass SQL Injection
WordPress Plugin Google Document Embedder 2.5.16 - mysqlrealescpaestring Bypass SQL Injection Exploit Title : Google Document Embedder 2.5.16 mysqlrealescpaestring bypass SQL Injection Data : 2014 – 12 -03 Exploit Author : Securely Yoo Hee man Plugin : google-document-embedder Fixed version : N/A...
WordPress Plugin Google Document Embedder 2.5.16 - 'mysql_real_escpae_string' Bypass SQL Injection
Exploit Title : Google Document Embedder 2.5.16 mysqlrealescpaestring bypass SQL Injection Data : 2014 – 12 -03 Exploit Author : Securely Yoo Hee man Plugin : google-document-embedder Fixed version : N/A Software Link : https://downloads.wordpress.org/plugin/google-document-embedder.2.5.16.zip 1...
RootPanel SQL Injection
============================================================ RootPanel All versions SQL injection/Account takeover. Discovery: AkaStep and CAMOUFL4G3 Vendor: http://www.rootpanel.ru/ ============================================================ What is RootPanel ? RootPanel is professional hosting...
Traidnt up 2.0 (report.php trtext) Blind SQL Injection Vulnerability
Traidnt up is a php online upload script assignmessage,charset$errors."انتظر سوف يتم تحويلك للملف مرة أخري".""; $traidnt-display"message.tpl"; else $ip = getenv'REMOTEADDR'; $reportquery = $db-query" INSERT INTO report reportkey ,reportwhy ,reportip VALUES '$fileid', '$trtext', '$ip';";...
sqlinjection bug in nova cms
Exploit Title: XRayCMS 1.1.1 SQL Injection Vulnerability Date: 2/12/2012 Author: Dr.web Software Link: http://sourceforge.net/projects/xraycms/files/latest/download Version: 1.1.1 Tested on: Ubuntu XRay CMS is vulnerable to a SQL Injection attack which allows authentication bypass into the admins...
XRayCMS 1.1.1 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: XRayCMS 1.1.1 SQL Injection Vulnerability Date: 2/5/2012 Author: chap0 Software Link: http://sourceforge.net/projects/xraycms/files/latest/download Version: 1.1.1 Tested on: Ubuntu XRay CMS is vulnerable to a SQL Injection attac...
XRayCMS 1.1.1 - SQL Injection
XRayCMS 1.1.1 - SQL Injection Exploit Title: XRayCMS 1.1.1 SQL Injection Vulnerability Date: 2/5/2012 Author: chap0 Software Link: http://sourceforge.net/projects/xraycms/files/latest/download Version: 1.1.1 Tested on: Ubuntu XRay CMS is vulnerable to a SQL Injection attack which allows...
XRayCMS 1.1.1 - SQL Injection
Exploit Title: XRayCMS 1.1.1 SQL Injection Vulnerability Date: 2/5/2012 Author: chap0 Software Link: http://sourceforge.net/projects/xraycms/files/latest/download Version: 1.1.1 Tested on: Ubuntu XRay CMS is vulnerable to a SQL Injection attack which allows authentication bypass into the admins...
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass SQL Injection Persistent Cross-Site Scripting on FrontPage
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass SQL Injection Persistent Cross-Site Scripting on FrontPage Author:Michael Brooks Rook Application:OpenClassifieds 1.7.0.3 download: http://open-classifieds.com/download/ Exploit chain:captcha bypass-sqliinsert-persistant xss on front page If...
CVE-2009-2942
The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysqlrealescapestring function, which might allow remote attackers to leverage escaping issues involving multibyte character encodings...
Mandrake Security Advisory MDVSA-2009:279 (ocaml-mysql)
The remote host is missing an update to ocaml-mysql announced via advisory MDVSA-2009:279. OpenVAS Vulnerability Test $Id: mdksa2009279.nasl 6587 2017-07-07 06:35:35Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:279 ocaml-mysql Authors: Thomas Reinke Copyright: Copyright c 2009...
Sql injection
SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysqlrealescapestring function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings...
Trellis Desk v1.0 XSS Vulnerability
This problem has been reported to the author but no action taken to resolve the issue. The search box does not sanitise data and is open to simple XSS SQL injection. file sources/article.php find around line 519 $searchstring = $this-ifthd-input'keywords'; Needs to have the following line added...
social-sql.txt
HACKATTACK Advisory 2008-11-20Social Engine 2.7 CRLF Injection + SQL injection Details Product: Social Engine Security-Risk: moderate Remote-Exploit: yes Vendor-URL: http://www.socialengine.net/ Vendor-Status: informed Advisory-Status: published Credits Discovered by: David Vieira-Kurz of...