postgresql: SQL injection due unsanitized newline characters in object names

CRLF injection vulnerability in pgdump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQ...

CVE-2010-5004

SQL injection vulnerability in searchvote.php in 2daybiz Polls aka Advanced Poll Script allows remote attackers to execute arbitrary SQL commands via the category parameter...

CVE-2010-5033

SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter...

CVE-2010-5021

SQL injection vulnerability in viewgroup.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter...

CVE-2010-4954

SQL injection vulnerability in productreviewsinfo.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the productsid parameter...

CVE-2011-1686

Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data...

CVE-2011-0987

The PMABookmarkget function in libraries/bookmark.lib.php in phpMyAdmin 2.11.x before 2.11.11.3, and 3.3.x before 3.3.9.2, does not properly restrict bookmark queries, which makes it easier for remote authenticated users to trigger another user's execution of a SQL query by creating a bookmark...

KLINK SQL Injection

Andr�s G�mez Exploit Title : KLINK Sql Injection Vulnerability Date : 2010-12-31 Author : Andr�s G�mez Software Developed by : http://www.contacto.com Contact : [email protected] Dork : "allinurl:.php?txtCodiInfo=" An attacker may execute arbitrary SQL statements on the vulnerable system...

KLINK - SQL Injection

KLINK - SQL Injection Andr�s G�mez Exploit Title : KLINK Sql Injection Vulnerability Date : 2010-12-31 Author : Andr�s G�mez Software Developed by : http://www.contacto.com Contact : [email protected] Dork : "allinurl:.php?txtCodiInfo=" An attacker may execute arbitrary SQL statements on...

Phpcms2008 local file inclusion vulnerabilities and using: an arbitrary SQL statement execution-vulnerability warning-the black bar safety net

漏洞 文件 在 wap/index.php,contains the file limit is. inc.php the. Just contain a value to contain. formguide/admin/include/fields/datetime/fieldadd.inc.php EXP:error！！！！！！ Please see the following Laojun only to the POC Friends ask me, access to the poc on the jump, how the explosion password Becaus...

XMB 1.9.11 Cross Site Request Forgery

...

Sql injection

SQL injection vulnerability in ogpshow.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter...

Yxbbs Forum system Ver 3.1.0 multiple vulnerabilities-vulnerability warning-the black bar safety net

Yxbbs by the Y network developed a set of open source free Community Forum system program, using asp+Access SQL technical. Speed: the use of currently the more popular caching technology, which greatly accelerates the forum access speed Function: although the function can not be and dynamic netwo...

Apache OFBiz - Remote Execution (via SQL Execution)

/ Apache OFBiz SQL Remote Execution PoC Payload. CVE: CVE-2010-0432 By: Lucas Apa lucas -at- bonsai-sec.com . Bonsai Information Security http://www.bonsai-sec.com/ / var cmd = 'command'; var xmlhttp=false; try xmlhttp = new ActiveXObject"Msxml2.XMLHTTP"; catch e try xmlhttp = new...

AS3FlexDB Database Login Information Disclosure & Remote SQL Excution

Exploit for unknown platform in category web applications ===================================================================== AS3FlexDB Database Login Information Disclosure & Remote SQL Excution =====================================================================...

AS3FlexDB Login Information Disclosure / SQL Execution

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$ AS3FlexDB Database Login Information Disclosure & Remote SQL Excution $$$ $$$ || License: Free $$$ || Language: English $$$ AS3FlexDB || Cost: $0 $$$ || Platform: Flash...

Network fun online shopping system fashion version v9. 7 background to really get the shell-vulnerability warning-the black bar safety net

Under the latest 2 0 0 9-1 2-2 2 just came out of the see online are only injected, no real take the shell on! The study of the following Web fun contains Forum, the forum for YXBBS it! YxBBs 2.3 For Access version! yxbbs the original Station data on the backup is there, and the fun is removed! S...

PT-2010-1396 · Maxdev · Mforum

Name of the Vulnerable Software and Affected Versions: MDForum module versions 2.x through 2.07 for MAXdev MDPro Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the c parameter in the "index.php" endpoint. Recommendations: For MDFor...

Zabbix Server : Multiple remote vulnerabilities

From Wikipedia : "Zabbix is a network management system application ... designed to monitor and track the status of various network services, servers, and other network hardware." Zabbix Server : Remote command execution Impacted software : Zabbix Server Zabbix reference :...

Zabbix Server - Multiple Vulnerabilities

Zabbix Server : Multiple remote vulnerabilities From: Nicob Date: Sun, 13 Dec 2009 16:28:35 +0100 From Wikipedia : "Zabbix is a network management system application ... designed to monitor and track the status of various network services, servers, and other network hardware." Zabbix Server :...