204 matches found
SQL Injection in easy2map-photos wordpress plugin v1.09
Title: SQL Injection in easy2map-photos wordpress plugin v1.09 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map-photos Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.1.0 Vendor Contact:...
CVE-2014-3680
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM...
CVE-2014-3680
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading the DOM...
PT-2014-5449 · Cloudbees +1 · Jenkins
Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 1.583 Jenkins LTS versions prior to 1.565.3 Description: The issue allows remote authenticated users with the Job/READ permission to obtain the default value for the password field of a parameterized job by reading t...
Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities
No description provided by source. Exploit Title: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities Google Dork: intitle:"Powered by Pro Chat Rooms" Date: 5 August 2014 Exploit Author: Mike Manzotti @ Dionach Ltd Vendor Homepage: http://prochatrooms.com Software Link:...
Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities
Pro Chat Rooms 8.2.0 - Multiple Vulnerabilities Exploit Title: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities Google Dork: intitle:"Powered by Pro Chat Rooms" Date: 5 August 2014 Exploit Author: Mike Manzotti @ Dionach Ltd Vendor Homepage: http://prochatrooms.com Software Link:...
AlienVault OSSIM ws_data SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault OSSIM. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ossim-framework service. The issue lies in the handling of the wsdata parameter d...
Theeta CMS (Cross Site Scripting,SQL Injection) Multiple Vulnerabilities
No description provided by source. / \ / | | | \ / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ \ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,|\|,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ Theeta CMS Cross Site Scripting,SQL Injection Multiple Vulnerabilities...
Eclipse.org SQL Injection
Vulnerability: Eclipse.org Error Based SQL Injection Authors: Shahmeer Amir And Rafay Baloch Company: RHA INFOSEC Website: http://services.rafayhackingarticles.net Url...
Open redirect
Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter using the 1 redirect: or 2 redirectAction: prefix...
dede goods ten star rating plug-in vulnerability-vulnerability warning-the black bar safety net
First, explain that this vulnerability is not my discovery, found the original address here: Weaving dreams DEDE CMS somewhere injection vulnerability http://bbs.0xsafes.com/thread-238-1-1.html And I looked it up, looks like online like with this vulnerability of early warning, but looks like no...
XSS (reflected) in rankVMID parameter of GetRankPage.jspa
As per https://sdog.jira.com/browse/JSTDEV-2110 Targets:...
phpDealerLocator SQL Injection
Exploit Title: phpDealerLocator - Multiple SQL Injection vulnerabilities Date: 7/3/2011 Author: Robert Cooper adminatwebsiteauditing.org Software Link: phpdealerlocator.yourphppro.com Tested on: Linux/Windows 7 Vulnerable Parameters: record.php?DealerID= recordcountry.php?DealerID=...
Lessons Learned From the LizaMoon SQL Injection Attack
Last week, a large scale SQL Injection attack dubbed LizaMoon, referencing one of the domain names used in the attack, surfaced. This attack targets websites by injecting code that redirects visitors to a rogue anti-virus AV site. While on the AV site, visitors are presented with fake antivirus...
Kunena SQL Injection Vulnerability & Information Leakage
Vendor/Product: Kunena Vulnerable Versions: 1.5.14; 1.6.3 Vulnerability Type: SQL Injection & information leakage Risk level: High Vulnerability Details: Because parameterized queries were not used, and adequate input sanitization was not done on the catids parameter on the advanced search page, ...
Kunena 1.5.13 1.6.3 - SQL Injection
Kunena 1.5.13 1.6.3 - SQL Injection Vendor/Product: Kunena Vulnerable Versions: 1.5.14; 1.6.3 Vulnerability Type: SQL Injection & information leakage Risk level: High Vulnerability Details: Because parameterized queries were not used, and adequate input sanitization was not done on the catids...
Kunena < 1.5.13 / < 1.6.3 - SQL Injection
Vendor/Product: Kunena Vulnerable Versions: 1.5.14; 1.6.3 Vulnerability Type: SQL Injection & information leakage Risk level: High Vulnerability Details: Because parameterized queries were not used, and adequate input sanitization was not done on the catids parameter on the advanced search page, ...
Kunena SQL Injection
Vendor/Product: Kunena Vulnerable Versions: 1.5.14; 1.6.3 Vulnerability Type: SQL Injection & information leakage Risk level: High Vulnerability Details: Because parameterized queries were not used, and adequate input sanitization was not done on the catids parameter on the advanced search page, ...
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass SQL Injection Persistent Cross-Site Scripting on FrontPage
OpenClassifieds 1.7.0.3 - Chained: Captcha Bypass SQL Injection Persistent Cross-Site Scripting on FrontPage Author:Michael Brooks Rook Application:OpenClassifieds 1.7.0.3 download: http://open-classifieds.com/download/ Exploit chain:captcha bypass-sqliinsert-persistant xss on front page If...
Gekko CMS SQL Injection
/ \ / | | | \ / | | | | | | | | | | || | | | | | | | | '| | | | | | | | | | |/ \ / |/ / / | | | | || | || | || || | / || | | | / | | || / / |/ || ,|\|,| +-+-+-+-+ |C|r|e|w| +-+-+-+-+ Gekko CMS SQL Injection Vulnerability Discovered By 0iZy5 http://r00tDefaced.com Greetz: sHoKeD-bYte,...