254 matches found
ViArt Shop <= 3.5 (category_id) Remote SQL Injection Vulnerability
No description provided by source. GulfTech Security Research July 28, 2008 Vendor : ViArt, Ltd URL : http://www.viart.com/ Version : ViArt Shop = 3.5 Risk : SQL Injection Description: ViArt Shop is a full featured online ecommerce solution written in php. There is a high risk SQL Injection in...
Piwigo 2.0.6 - Multiple Vulnerabilities
No description provided by source. Piwigo v2.0.6 Multiple Vulnerabilities Found By: mrme Download: http://piwigo.org/ Tested On: Windows Vista Note: For educational purposes only Vulnerabilities: XSS, CSRF, SQL Injection Author contact date: 13/12/09 Note: There is possibly many other...
Collabtive 1.2 - SQL Injection
Collabtive 1.2 - SQL Injection Vulnerability title: SQL Injection / SQL Error message in Collabtive application CVE-2014-3246 CVE: CVE-2014-3246 cordinated with Vendor: Collabtive Product: Collabtive Open Source Project Management Software Affected version: 1.12 Fixed version: 2.0 Reported by:...
Crime24 Stealer Panel 1.0 - Multiple Vulnerabilities
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | \ | | | \ | | | |/ | / | | | | |/ / \ | | | |/ | ' \ | || | | | \ \ || | Twitter @TheHackersBay Pentester / Underground hacker Exploit Title: Crime24 Stealer Panel &in=1&search=Search Example: http://i.imgur.com/zyIr5xv.png...
Crime24 Stealer Panel 1.0 - Multiple Vulnerabilities
Crime24 Stealer Panel 1.0 - Multiple Vulnerabilities =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | \ | | | \ | | | |/ | / | | | | |/ / \ | | | |/ | ' \ | || | | | \ \ || | Twitter @TheHackersBay Pentester / Underground hacker Exploit Title: Crime24 Stealer Panel...
Xerox DocuShare SQL Injection
The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...
Xerox DocuShare - SQL Injection
Xerox DocuShare - SQL Injection The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...
CVE-2014-1840
Cross-site scripting XSS vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a dosearch action, which is not properly handled in a forced SQL error message...
Cross site scripting
Cross-site scripting XSS vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a dosearch action, which is not properly handled in a forced SQL error message...
CVE-2014-1840
Cross-site scripting XSS vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a dosearch action, which is not properly handled in a forced SQL error message...
SynConnect Pms - index.php?loginid SQL Injection
SynConnect Pms - index.php?loginid SQL Injection Title: ==== SynConnect - SQL Injection vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== Date: ==== 01-03-2013 CRD: ==== CRD-2013-01 Vendor: ======...
WordPress IndiaNIC FAQs Manager Plugin 1.0 - Blind SQL Injection
The "order" and "orderby" parameter is vulnerable for SQL Injection Example URL: http://127.0.0.1:9001/wordpress/wp-admin/admin.php?page=3Din= icfaq&orderby=3D PoC take some time to finish 15min on my Testsystem. I could speed it up with Multithreading but I'm to lazy right now Vulnerable code pa...
debliteckservices SQL Injection vulnerability
Exploit for php platform in category web applications Exploit Title: debliteckservices / SQL Injection vulnerability Date: 02/02/2013 Exploit Author: DiegoAsencio || r4z0rbl4ck Twitter: @r4z0rbl4ck Blog: http://r4z0rbl4ck.wordpress.com/ Vendor Homepage: http://www.debliteckservices.com/ Tested on...
MyBB HM My Country Flags - SQL Injection
MyBB HM My Country Flags - SQL Injection Exploit title: HM My Country Flags SQL Injection Author: JoinSe7en Contact: join7 +at+ riseup.net Tested on: Linux Category: Web Applications Software link: http://mods.mybb.com/view/hm-my-country-flags HM My Country Flags has a SQL Injection vulnerability...
IBM Rational ClearQuest 7.1.x < 7.1.2.9 / 8.0.0.x < 8.0.0.5 Multiple Vulnerabilities (credentialed check)
The remote host has a version of IBM Rational ClearQuest 7.1.x prior to 7.1.2.9 / 8.0.0.x prior to 8.0.0.5 installed. It is, therefore, affected by the following vulnerabilities : - An unspecified input validation error exists related to the Open Services for Lifecycle Collaboration OSLC system...
Information disclosure
The Web Client aka CQ Web in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message...
CVE-2012-5765
The Web Client aka CQ Web in IBM Rational ClearQuest 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a SQL error message...
CVE-2012-5765
IBM Rational ClearQuest Web (CQ Web) is affected in 7.1.2.x before 7.1.2.9 and 8.0.0.x before 8.0.0.5. The vulnerability allows remote attackers to disclose sensitive information via SQL error messages (SQL Error Message Attack). Affected component is the ClearQuest Web client; desktop/CLI is not...
CVE-2012-2748
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error."...
Information disclosure
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote attackers to obtain sensitive information via vectors related to "Inadequate filtering" and a "SQL error."...