12 matches found
Search & Replace < 3.2.2 - Admin+ SQL injection
Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network. 1. Go to the Tools parameter 2. Select Search & Replace 3. Click "Do Search & Replace" 4. Change the parameters...
Joomla! Component com_joomgalaxy 1.2.0.4 - Multiple Vulnerabilities
Exploit Title: Joomla joomgalaxy 1.2.0.4 Multiple Vulnerabilites dork: inurl:comjoomgalaxy Date: 01-08-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R site: http://poisonsecurity.wordpress.com/ Vendor: http://www.joomgalaxy.com/ Version: 1.2.0.4 last update on Jul 27, 2012 License:...
Webify Link Directory - SQL Injection
Exploit Title: Webify Link Directory / SQL Injection Date: 04/07/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Sofware web: http://webify.ws/index.php?page=getapp&id=10 Tested on: Linux Dork: allinurl: index.php?page=browse&id=...
SN News 1.2 - adminloger.php Authentication Bypass
SN News 1.2 - adminloger.php Authentication Bypass SN News Date: 06/06/2012 Version: 1.2 Software Link: http://phpbrasil.com/script/JHnpFRmSBqlf/sn-news ISRAEL Author will be not responsible for any damage. Vulnerable Code - /admin/logar.php 4-15: 4.$login = $POST"login"; 5.$senha = $POST"senha";...
NewsAdd 1.0 - 'lerNoticia.php?id' SQL Injection
NewsAdd Date: 31/05/2012 Version: 1.0 Software Link: http://phpbrasil.com/script/3tCyUs1JeL1M/newsadd--mysql ISRAEL Author will be not responsible for any damage. YOU SHOULD BE LOGGED IN | YOU SHOULD BE LOGGED IN Vulnerable Code - lerNoticia 15-22: 21.if $GET 22. 23. $id = $GET'id'; 24. 25. $quer...
Supernews <= 2.6.1 (noticias.php cat) SQL Injection
Exploit for php platform in category web applications Supernews Date: 31/05/2012 Version: 2.6.1 Software Link: http://phpbrasil.com/script/vT0FaOCySSH/supernews ISRAEL Author will be not responsible for any damage. Vulnerable Code - noticias.php 30-31: 30. $idcategoria = formatDados$GET'cat'; 31...
Supernews 2.6.1 - noticias.php?cat SQL Injection
Supernews 2.6.1 - noticias.php?cat SQL Injection Supernews Date: 31/05/2012 Version: 2.6.1 Software Link: http://phpbrasil.com/script/vT0FaOCySSH/supernews ISRAEL Author will be not responsible for any damage. Vulnerable Code - noticias.php 30-31: 30. $idcategoria = formatDados$GET'cat'; 31. $que...
Web2Project 2.3 - SQL Injection
------------------------------------------------------------------------ Software................Web2Project 2.3 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://forums.web2project.net/ Discovery Date..........4/21/2011 Tested...
enano CMS 1.1.7pl1 - Multiple Vulnerabilities
Vulnerability ID: HTB22709 Reference: http://www.htbridge.ch/advisory/sqlinjectioninenanocms.html Product: Enano CMS Vendor: enanocms.org http://enanocms.org/ Vulnerable Version: 1.1.7pl1 Vendor Notification: 16 November 2010 Vulnerability Type: SQL Injection Status: Fixed by Vendor Risk level:...
webERP 3.11.4 - Multiple Vulnerabilities
Title: webERP Multiple Vulnerabilities Author: ADEO Security Published: 30/06/2010 Version: 3.11.4 Possible all versions Vendor: http://www.weberp.org Description: "webERP is a complete web based accounting/ERP system that requires only a web-browser and pdf reader to use. It has a wide range of...
Mambo Component Hestar - SQL Injection
comhestar 1.0.0 Author : M3NW5 M3NW5athackermaildotcom Homepage : http://www.indonesiancoder.com Date : Monday, Semptember 07, 2009 ------------------------------------------------------------------------------------------------------- | |.-----..--| |.-----..-----..-----..-----.||.---.-..-----. ...
igwad.txt
Aria-Security Team Advisory Original Advisory : http://aria-security.net/advisory/igwad.txt ----------------------------------------------------------- Software: Image gallery with Access Database Method : SQL Injection PoC: http://target/path/dispimage.asp?id=SQL Injection...