Dell SonicWALL Scrutinizer 9.0.1 SQL Injection

!/usr/bin/python Exploit Title: Dell SonicWALL Scrutinizer 9.0.1 statusFilter.php q parameter SQL Injection Date: Jul 22 2012 Author: muts Version: SonicWALL Scrutinizer 9.0.1 Vendor URL: http://www.sonicwall.com Special thanks to: Tal Zeltzer Timeline: 12 Jun 2012: Vulnerability reported to CERT...

SQL injection in Bigware shop software

The Bigware shop software prior to version 2.17 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'pollid' in the module mainbigware54.php. Proof of concept is at: http://files.dw-itsecurity.de/54.zip Time line: 01/23/2012: Vendor contacted...

Bigware Shop SQL Injection

The Bigware shop software prior to version 2.17 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'pollid' in the module mainbigware54.php. Proof of concept is at: http://files.dw-itsecurity.de/54.zip Time line: 01/23/2012: Vendor contacted...

Bigware Shop SQL Injection Vulnerability

Exploit for php platform in category web applications The Bigware shop software prior to version 2.17 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'pollid' in the module mainbigware54.php. Time line: 01/23/2012: Vendor contacted...

Baby Gekko CMS v1.1.5c Multiple Stored XSS Vulnerabilities

Exploit for php platform in category web applications Baby Gekko CMS v1.1.5c Multiple Stored Cross-Site Scripting Vulnerabilities Vendor: Baby Gekko, Inc. Product web page: http://www.babygekko.com Affected version: 1.1.5c Summary: BabyGekko strives to deliver high quality websites and other web...

OCIPasswordChange API leaks information of password hash (CVE-2012-0511)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory OCIPasswordChange API leaks information of password hash. Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2 10.2.0.4 and previous patchsets and 11gR1 11.1.0.7 and previous patchset...

phpList 2.10.17 - SQL Injection / Cross-Site Scripting

phpList 2.10.17 Remote SQL Injection and XSS Vulnerability Vendor: phpList Ltd Product web page: http://www.phplist.com Affected version: 2.10.17 Summary: phplist is the world's most popular open source email campaign manager. phplist is free to download, install and use, and is easy to integrate...

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities !-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zen...

Zend Server 5.6.0 Script Insertion

!-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zend Data Cache 4.0 Zend Job Queue 4.0 Zend Debugger 5.3 Zend Java Bridg...

SQL injection in Bigware shop software

The Bigware shop software prior to version 2.15 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'lastname' in the module mainbigware43.php. A user must be created before exploitation. Proof of concept is at...

vBSEO 3.6.0 - proc_deutf() Remote PHP Code Injection (Metasploit)

vBSEO 3.6.0 - procdeutf Remote PHP Code Injection Metasploit require 'msf/core' class Metasploit3 'vBSEO %q This module exploits a vulnerability in the 'procdeutf' function defined in /includes/functionsvbseocpabstract.php. User input passed through 'charrepl' POST parameter isn't properly...

Apache Patch released for Reverse proxy Bypass Vulnerability

Apache Patch released forReverse proxy Bypass Vulnerability Security experts at Context have discovered a hole in the Apache web server that allows remote attackers to access internal servers. Security experts are warning firms running the Apache web server to keep up to date with the latest...

Arbitrary File Upload in '1 Flash Gallery' Wordpress Plugin

====Vulnerability==== The '1 Flash Gallery' WordPress plugin http://wordpress.org/extend/plugins/1-flash-gallery/ is vulnerable to an arbitrary file upload vulnerability. This vulnerability is present from version 1.30 until version 1.5.7. The plugin has been downloaded an estimated 460,000 times...

ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities

ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT...

vBulletin 4.1.3 SQL Injection

Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on: relevant os CVE : urlhttp://members.vbulletin.com//url...

ISC BIND 9 RPZ zone named denial-of-service vulnerability

Overview ISC BIND 9 contains a remote crashing vulnerability when running with certain RPZ configurations. Description According to ISC:A defect in the affected versions of BIND could cause the "named" process to exit when queried, if the server has recursion enabled and was configured with an RP...

VLC Media Player XSPF Local File Integer Overflow

TITLE VLC Media Player XSPF Local File Integer overflow in XSPF playlist parser AFFECTED VERSIONS VLC media player 1.1.9 down to 0.8.5 VENDOR VideoLAN Organisation CLASS Denial of Service DoS RESOURCES http://www.videolan.org/security/sa1104.html PRODUCT DESCRIPTION VLC is a free and open source...

VideoLAN VLC Media Player 1.1.9 - XSPF Playlist Local File Integer Overflow

TITLE VLC Media Player XSPF Local File Integer overflow in XSPF playlist parser AFFECTED VERSIONS VLC media player 1.1.9 down to 0.8.5 VENDOR VideoLAN Organisation CLASS Denial of Service DoS RESOURCES http://www.videolan.org/security/sa1104.html PRODUCT DESCRIPTION VLC is a free and open source...

Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation

======================================================================= Vmware vSphere Management Assistant vMA - Local Privilege Escalation ======================================================================= Affected Software : Vmware vSphere Management Assistant vMA Severity : Medium...

Vmware vSphere Management Assistant (vMA) Privilege Escalation

======================================================================= Vmware vSphere Management Assistant vMA - Local Privilege Escalation ======================================================================= Affected Software : Vmware vSphere Management Assistant vMA Severity : Medium...