vBulletin forumrunner/includes/moderation.php SQL Injection Vulnerability

VBulletin is a powerful, flexible and fully customizable suite of forum programs. A SQL injection vulnerability exists in the forumrunner/includes/moderation.php file in versions of vBulletin prior to 4.2.2 Patch Level 5 and prior to 4.2.3 Patch Level 1. A remote attacker can exploit this...

PHPCollab CMS 2.5 - (emailusers.php) SQL Injection

Exploit for php platform in category web applications Document Title: =============== phpCollab v2.5 CMS - SQL Injection Vulnerability Product & Service Introduction: =============================== phpCollab is an open source internet-enabled system for use in projects that require collaboration...

Hi Technology & Services CMS SQL Injection Vulnerability

Hi Technology & Services CMS suffers from a SQL injection vulnerability that allows remote attackers to execute malicious sql commands to connect to dbms...

Negin Group CMS - (v) Multiple Web Vulnerabilities

Document Title: =============== Negin Group CMS - v Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1831 Release Date: ============= 2016-04-24 Vulnerability Laboratory ID VL-ID: ==================================== 1831 Comm...

WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection

Exploit Title: WordPress: cp-reservation-calendar 1.1.6 SQLi injection Date: 2015-09-15 Google Dork: Index of /wp-content/plugins/cp-reservation-calendar/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Software Link: https://downloads.wordpress.org/plugin/cp-reservation-calendar.z...

JSPMySQL Administrador CSRF & XSS Vulnerabilities

JSPMySQL Administrador，通过基于jsp技术的B/S模式来远程管理MySQL数据库。下载链接：https://sites.google.com/site/mfpledon/producao-de-software影响版本：JSPMySQL Administrador V.1漏洞类型：CSRF、XSS漏洞等级: 高危CVE-ID：N/A披露时间：供应商通知：2015年8月31日公开披露：2015年9月4日漏洞详情：1）允许远程攻击者在没有CSRF令牌的情况下，在MySQL数据库中执行任意的SQL命令。2）listabd2.jsp中存在XSS的切入点。请求方法：POST ...

WordPress Plugin Business Intelligence - SQL Injection (Metasploit)

Exploit Title : Wordpress Plugin 'Business Intelligence' Remote SQL Injection vulnerability Author : Jagriti Sahu AKA Incredible Vendor Link : https://www.wpbusinessintelligence.com Download Link : https://downloads.wordpress.org/plugin/wp-business-intelligence-lite.1.6.1.zip Date : 1/04/2015...

Cacti monitoring system injection vulnerability trigger the bloodshed-vulnerability warning-the black bar safety net

Preface: Security is a whole, any one of the short Board will cause Safety accident, from the border network to the IDC operation and maintenance of the network to the office network, are the whole of each of the network cannot be ignored. Enterprise in for security to do a multi-layer protection...

E-Journal CMS (ID) - Multiple Web Vulnerabilities

Document Title: =============== E-Journal CMS ID - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1380 Release Date: ============= 2014-12-17 Vulnerability Laboratory ID VL-ID: ==================================== 1380 Commo...

MyBB 1.8.X - Multiple Vulnerabilities

Latest MyBB forum software suffers on multiple vulnerabilities, including SQL Injection and Cross Site Scripting. Such bugs may allow attacker to perform remote sql queries against the database, and so on. Title: MyBB 1.8.X - Multiple Vulnerabilities Date: 13.11.2014 Tested on: Linux / Apache 2.2...

LoadedCommerce7 - Systemic Query Factory Vulnerability

No description provided by source. Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor...

LoadedCommerce7 - Systemic Query Factory Vulnerability

Loaded Commerce 7 shopping cart/online store suffers from a systemic vulnerability in its query factory, allowing attackers to circumvent user input sanitizing to perform remote SQL injection. Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory:...

LoadedCommerce7 - Systemic Query Factory

Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor notified - 29 July 2014 Vendor...

TomatoCart v1.x (latest-stable) Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-3978 - Remote SQL Injection Vulnerability CVE-2014-3830 - Reflected Cross Site Scripting - ------------------------------------------------------------------------------ Title: TomatoCart v1.x latest-stable Remote SQL Injection Vulnerability...

plugin WP-Forum 1.7.4 - Remote SQL Injection

The wpforum WordPress plugin was affected by a Remote SQL Injection security vulnerability...

plugin WP-Forum 1.7.8 - Remote SQL Injection

The wpforum WordPress plugin was affected by a Remote SQL Injection security vulnerability...

st_newsletter - Remote SQL Injection

The stnewsletter WordPress plugin was affected by a Remote SQL Injection security vulnerability...

PHP Webquest <= 2.5 (id_actividad) Remote SQL Injection Exploit

No description provided by source. / script name : phpwebquest script version : 2.5 script website : http://phpwebquest.org Bug Finder : D4realTeaM 'unkn0wnX','n3t-mapper','ToxiC350'; injected file : webquest/soportederechaw.php Variable : idactividad Contact : n3t-mapp3r At hotmail dot com,is14m...

Joomla Component RWCards <= 2.4.3 - Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl Script Name: Joomla Component RWCards = 2.4.3 Remote Blind SQL Injection Exploit Coded by : ajann Author : ajann Dork : index.php?option=comrwcards Contact : : S.Page : http://www.weberr.de $$ : Free .. : ajann,Turkey use IO::Socket; if@ARGV 1 pri...

Active Membership 2 - (Auth Bypass) Remote SQL Injection Vulnerability

No description provided by source. ----------------------------بسم الله الرحمن الرحيم------------------------------ Tybe:Auth Bypass Remote SQL Injection Vulnerability Vendor: www.activewebsoftwares.com Software: Active Membership v 2 author: я3d D3v!L Date: 28.11.2008 Home: www.ahacker.biz...