EUVD-2014-4232

Malware in sbrugna...

SQL Buddy 1.3.3 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: SQL Buddy 1.3.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 08/18/2015 Disclosed to public: 10/07/2015 Release...

SQL Buddy 1.3.3 Cross Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: SQL Buddy 1.3.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 08/18/2015 Disclosed to public: 10/07/2015 Release...

SQL Buddy /sqlbuddy/ page parameter remote directory traversal vulnerability

SQL Buddy is a nice lightweight ajax database management tool. SQL Buddy fails to properly filter user input, allowing remote attackers to exploit a vulnerability to access arbitrary files via the 'page' parameter...

SQLBuddy 1.3.3 - Path Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Path traversal vulnerability Google Dork: intitle:path traversal Date: 05-08-2015 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: http://www.sqlbuddy.com Software Link:...

SQLBuddy 1.3.3 - Directory Traversal

Exploit Title: Path traversal vulnerability Google Dork: intitle:path traversal Date: 05-08-2015 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: http://www.sqlbuddy.com Software Link: http://www.sqlbuddy.com Version: 1.3.3 Tested on: windows 7 Category:...

Sqlbuddy Path Traversal Vulnerability

Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: www.sqlbuddy.com Version: 1.3.3 SQL Buddy is an open source web based MySQL administration application. Advisory Information: ================== sqlbuddy suffers from directory traversal whereby a user can mov...

SQLBuddy 1.3.3 - Directory Traversal

SQLBuddy 1.3.3 - Directory Traversal Exploit Title: Path traversal vulnerability Google Dork: intitle:path traversal Date: 05-08-2015 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: http://www.sqlbuddy.com Software Link: http://www.sqlbuddy.com Version: 1.3...

SQL Buddy Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: SQL Buddy Remote Code Execution Date: November 29 2014 Exploit Author: Fady Osman @fadyosman Youtube Channel : https://www.youtube.com/user/cutehack3r Vendor Homepage: http://sqlbuddy.com/ Software Link:...

SQL Buddy 1.3.3 Remote Code Execution

Exploit Title: SQL Buddy Remote Code Execution Date: November 29 2014 Exploit Author: Fady Osman @fadyosman Youtube Channel : https://www.youtube.com/user/cutehack3r Vendor Homepage: http://sqlbuddy.com/ Software Link: https://github.com/calvinlough/sqlbuddy/raw/gh-pages/sqlbuddy.zip Version: SQL...

SQL Buddy 1.3.3 - Remote Code Execution

Exploit Title: SQL Buddy Remote Code Execution Date: November 29 2014 Exploit Author: Fady Osman @fadyosman Youtube Channel : https://www.youtube.com/user/cutehack3r Vendor Homepage: http://sqlbuddy.com/ Software Link: https://github.com/calvinlough/sqlbuddy/raw/gh-pages/sqlbuddy.zip Version: SQL...

SQL Buddy 1.3.3 - Remote Code Execution

SQL Buddy 1.3.3 - Remote Code Execution Exploit Title: SQL Buddy Remote Code Execution Date: November 29 2014 Exploit Author: Fady Osman @fadyosman Youtube Channel : https://www.youtube.com/user/cutehack3r Vendor Homepage: http://sqlbuddy.com/ Software Link:...

CVE-2014-4304

Cross-site scripting XSS vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter...

CVE-2014-4304

Cross-site scripting XSS vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter...

CVE-2014-4304

CVE-2014-4304 describes a cross-site scripting (XSS) flaw in SQL Buddy ≤1.3.3, specifically in browse.php where the table parameter can be exploited to inject arbitrary web script or HTML. The vulnerability arises from improper handling of the table parameter, enabling remote attackers to execute...

SQL Buddy 1.3.3 Cross Site Scripting

SQL Buddy 1.3.3 GET/POST Multiple Remote Cross-Site Scripting Vulnerabilities function xssdocument.forms"xss".submit; function xss2document.forms"xss2".submit; alert1' / input t...

SQL Buddy 1.3.3 (GET/POST) Multiple Remote Cross-Site Scripting Vulnerabilities

Summary SQL Buddy is an open source web based MySQL administration application. Description SQL Buddy suffers from a XSS vulnerability when parsing user input to the 'DATABASE', 'HOST' and 'USER' parameters via POST method in 'login.php', and the 'db' parameter in 'dboverview.php' via GET method...