Liberum Help Desk 0.97.3 - SQL Injection / File Disclosure

Liberum Help Desk SQL/DD Multiple Remote Vulnerabilities author : Cold z3ro, www.hackteach.org Dork : "Liberum Help Desk, Copyright C 2001 Doug Luxem" ============== SQL Injection http://www.site.com/path/forgotpass.asp In uid insert SQL command's = SCMD == ' or '1=1 SCMD == ' or 'update tblusers...

FaScript FaUpload - SQL Injection

FaScript FaUpload - SQL Injection !!..:: ZAC003 ::..!! -+ Vive int Iranian WhiteHat Nomads Group +- ------------------------------------------------------------------------------------------- Reporter : ZAC003 From Aria-Security.Net Script Download :...

Sql injection

SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter...

Gentoo Security Advisory GLSA 200506-02 (mailutils)

The remote host is missing updates announced in advisory GLSA 200506-02. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Multiple Vulnerabilities: LedgerSMB < 1.2.15

Multiple vulnerabilities: LedgerSMB Synopsis: Two vulnerabilities announced in LedgerSMB for versions prior to 1.2.15 Status: Corrected in version 1.2.15 and later vendor fix available. Impact: Resource exhaustion on server, arbitrary SQL command execution. Other software affected: SQL-Ledger, al...

DSA-1633-1 slash - multiple vulnerabilities

Bulletin has no description...

phpnukeplatinum-exec.txt

Date: 02/07/08 Note I modified a bit phpsploit for this exploit, because PHP Nuke plays with REQUESTURI var ... Requirements registerglobals=On phpreter phpreter is really easy to use: You can change mode using "mode=", with = sql, php or cmd If you want to understand how it work ... read the cod...

TutorialCMS 1.02 (userName) Remote SQL Injection Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = 'SSV-7841' vul ID version = '1' author = 'hh' vulDate = '2008-01-12' createDate =...

osData 2.08 Modules Php121 - Local File Inclusion

========================================================================= osData = 2.08 Modules Php121 Local File Include Vulnerability ========================================================================= Found by : Cold z3ro , http://www.Hackteach.org/cc/...

[Full-disclosure] HP Mercury Quality Center Any SQL execution

Vendor: HP Product: Mercury Quality Center Version: 9.0 build 9.1.0.4352 Vendor Informed: No HP Mercury Quality Center is test management product for companys to do software testing and quality insurance. HP Mercury Quality Center has additional guest command on server which allows any user who...

Sql injection

SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter...

FrontBase Database server buffer overflow

Buffer overflow in 'CREATE PROCEDURE' SQL command...

Moderate: Red Hat Security Advisory: postgresql security update

Updated postgresql packages that fix two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system DBMS. A flaw...

CVE-2007-0233

wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tbid parameter. NOTE: it could b...

CVE-2007-0233

wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tbid parameter. NOTE: it could b...

CVE-2006-6160

SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2006-3860

IBM Informix Dynamic Server IDS before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the 1 "SET DEBUG FILE" SQL command, and the 2 startonpload and 3 dbexp functions...

Sql injection

SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter...

Sql injection

Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the 1 username or 2 password fields...

CVE-2006-0146

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PHPOpenChat, 7 MAXdev MD-Pro, and 8 MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via...