1303 matches found
PHPRunner 4.2 - 'SearchOption' Blind SQL Injection
www.BugReport.ir AmnPardaz Security Research Team Title: PHPRunner SQL Injection Vendor: http://www.xlinesoft.com Vulnerable Version: 4.2 prior versions also may be affected Exploitation: Remote with browser Original Advisory: http://www.bugreport.ir/index63.htm Fix: N/A - Description: PHPRunner...
ManageEngine Firewall Analyzer 5 - Cross-Site Request Forgery / Cross-Site Scripting
Written By Michael Brooks Special thanks to str0ke! Product: ManageEngine Firewall Analyzer 5 - XSRF and XSS Vulerable version: Build Version : 5.0.0 Build Number : 5000 Build Date : Apr25 homepage: http://fwanalyzer.com/ This is live exploit code against the online demo. Go ahead, run it! With...
glpi -- SQL Injection
The GLPI project reports: Input passed via unspecified parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulateSQL queries by injecting arbitrary SQL code...
MySQL < 5.0.37 Single Row Subselect Remote DoS Vulnerability
MySQL is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2008 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mysql:mysql";...
WeBid 0.5.4 Multiple Remote Vulnerabilities
No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . ================================ ========================== ==================== |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ ...
WeBid 0.5.4 Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications =========================================== WeBid 0.5.4 Multiple Remote Vulnerabilities =========================================== Application :: WeBid v0.5.4 Multi Exploit Groups : inj3ct0r Download ::...
webid 0.5.4 - Multiple Vulnerabilities
webid 0.5.4 - Multiple Vulnerabilities || || | || o,7 || . o7 || 4||| ow, : / / . ================================ ========================== ==================== |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /...
webid 0.5.4 - Multiple Vulnerabilities
|| || | || o,7 || . o7 || 4||| ow, : / / . ================================ ========================== ==================== |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ Kings...
SebracCMS 0.4 - Multiple SQL Injections
SebracCMS 0.4 - Multiple SQL Injections Name: SebracCMS Webiste: http://www.sebrac.netsons.org/cms/ Vulnerability type: SQL Injection Author: shinmai, 2008-06-28 Description: SebracCMS contains two major SQL injection vulnerabilities: Unsanitazed POST-variables in SQL queries when logging users i...
PHPMyCart 1.3 - 'cat' SQL Injection
PHPMyCart Injection Vulnerability Bug by: h0yt3r Script suffers from a not correctly verified category id variable which is used in SQL Querys. An Attacker can easily get sensitive information from the database by injecting unexpected SQL Querys. We dont get any SQL Errors when the Injection Quer...
cpg-sql.txt
toHex$sql . ', ' . $this-toHex'bazik' . ' LIMIT 1,1/'; $b1 = 'bazik'; $a2 = $sql; $b2 = 'bazik'; $arr = array$a1 = $b1, $a2 = $b2; return $this-GLOBALS'prefix' . 'albpw=' . rawurlencodeserialize$arr; function toHex$str for $i=0; $i GLOBALS'host', 80, $errno, $errstr, 30; if!$fp die"- Can't connec...
Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : postgresql vulnerabilities (USN-568-1)
Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. CVE-2007-3278, CVE-2007-6601 It was discovered that the TCL regular expression parser used by...
exoops-sql.txt
E-xoops multiple variable/scripts SQL injection vendor url: http://www.e-xoops.com Advisore: http://lostmon.blogspot.com/2007/12/ e-xoops-multiple-variablescripts-sql.html vendor notify:NO exploits available: YES E-xoops is content-community management system written in PHP-MySQL. E-xoops contain...
kvaliitti-sql.txt
Found by: Jaakko "Chrysalid" Hartikainen 1. Info Kvaliitti WebDoc 3.0 CMS is a proprietary Finnish-made content management system developed by Kvaliitti Oy http://www.kvaliitti.fi. It is driven by MS SQL Server and ASP. 2. Abstract WebDoc 3.0 suffers from a flaw in input validation, which allows...
drupal -- SQL injection vulnerability
The Drupal Project reports: The function taxonomyselectnodes directly injects variables into SQL queries instead of using placeholders. While taxonomy module itself validates the input passed to taxonomyselectnodes, this is a weakness in Drupal core. Several contributed modules, such as...
Irola My-Time 3.5 Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ==================================================== Irola My-Time 3.5 Remote SQL Injection Vulnerability ==================================================== ----------------------------- Vendor: http://www.irola.com Username/Password...
Irola My-Time 3.5 - SQL Injection
Aria-Security Team http://Aria-Security.Net ----------------------------- Original Advisory @ http://aria-security.net/forum/showthread.php?p=1106 Vendor: http://www.irola.com Username/Password Fields can run SQL Queries. Therefore: We get the Tables: UserInfo.UserID UserInfo.Login...
Insanely simple blog - Multiple vulnerabilities
Insanely simple blog version 0.5 and below http://sourceforge.net/projects/insanelysimple2 ISB contains multple vulnerabilities including both XSS, and SQL injection. First off, the search action fails to strip user content for html allowing a user to input tags. Next, anonymous blog entries can...
FreeBSD : wordpress -- XMLRPC SQL Injection (0838733d-1698-11dc-a197-0011098b2f36)
Secunia reports : Slappter has discovered a vulnerability in WordPress, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the 'wp.suggestCategories' method in xmlrpc.php is not properly sanitised before being used in SQL queries. This can be exploited to...
CVE-2007-3278
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library dblink is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1...