SQL Injection Vulnerability in SERVER Variables of Tongda OA Education Edition

Tongda OA Education Edition is a set of digital campus software for the education industry developed on the basis of Tongda OA2013 Enhanced Edition, whose distinctive feature is that it integrates school website, collaborative office, instant messaging, cyberspace and mobile office. There is a SQ...

PHPOK V4.5.031 SQL Injection Vulnerability in $_SERVER Variable

PHPOK is a website building system to achieve highly customized open source free website building system. PHPOK V4.5.031 SQL injection vulnerability exists in the $SERVER variable. Allows attackers to exploit the vulnerability to obtain sensitive database information...

frcms 注入一枚 。

简要描述： 无视gpc。 详细说明： 在plus/count/count.php中 if$ccome=='' $ccome="网址输入或收藏夹打开"; $cpage=$SERVER"HTTPREFERER"; $cyear=date'Y';$cmonth=date'm';$cday=date'd';$chour=date'H'; $ctime=date'Y-m-d H:i:s';$cweek=date'w'; $cwhere=trimgetipfrom$cip; $date=date"Y-m-d"; $rss = $db-getone"SELECT cip FROM...

SquirrelMail: Multiple cross site scripting issues

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail before 1.4.18 and NaSMail before 1.7 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 certain encrypted strings in e-mail headers, related to contrib/decryptheaders.php; 2 PHPSELF; and 3 the que...

kvaliitti-sql.txt

Found by: Jaakko "Chrysalid" Hartikainen 1. Info Kvaliitti WebDoc 3.0 CMS is a proprietary Finnish-made content management system developed by Kvaliitti Oy http://www.kvaliitti.fi. It is driven by MS SQL Server and ASP. 2. Abstract WebDoc 3.0 suffers from a flaw in input validation, which allows...

Remote IIS 5.x and IIS 6.0 Server Name Spoof

Remote IIS 5.x and IIS 6.0 Server Name Spoof It is possible to remotely spoof the "SERVERNAME" Microsoft® Internet Information Server® 5.0, 5.1 and 6.0 server variable by doing a modified HTTP request. Thus potentially revealing sensitive ASP code through the IIS 500-100.asp error page, the spoof...

asp-server-var.passwds.txt

Date: Wed, 12 Aug 1998 19:26:27 +0800 From: VINCENT LOK Subject: obtain domain users password via asp server variable Dear all, Just noticed that with basic authentication on IIS, one can obtain password of users accessing the ASP page via the server variable AUTHPASSWORD. The line in an asp file...