Oracle WebCenter (Fatwire) Improper Access Control

Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 = CVE: CVE-2017-10033 Category: Webapps Tested on: Kali linux...

Oracle WebCenter FatWire Content Server < 7 - Improper Access Control

Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 = CVE: CVE-2017-10033 Category: Webapps Tested on: Kali linux...

CVE-2018-10256

A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query...

The vulnerability of the NVBUTransferHistory Get request handler in the NetVault Backup software allows a attacker to execute arbitrary code.

The vulnerability of the NVBUTransferHistory Get request handler in the NetVault Backup software for data archiving and restoration is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the NVBUJobHistory Get request handler in the NetVault Backup software allows a attacker to execute arbitrary code.

The vulnerability of the NVBUJobHistory Get request handler in the NetVault Backup software for data archiving and restoration is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the NVBUBackup JobList processing component in the NetVault Backup software for data archiving and restoration allows a attacker to execute arbitrary code.

The vulnerability of the NVBUBackup JobList processing component in NetVault Backup software for data archiving and restoration is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the request handler of the NVBUSourceDeviceSet Get function in the software for data archiving and restoration by NetVault Backup allows a attacker to execute arbitrary code.

The vulnerability of the NVBUSourceDeviceSet Get request handler in software for data archiving and restoration in NetVault Backup is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

CVE-2017-17412

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method requests. The issue results from the lack o...

CVE-2017-17652

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup Count method requests. The issue results fr...

CVE-2017-17416

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus GetPlugins method requests. The issue...

SQL query report needed for licensing users

How to verify the amount of licenses you are using by XenMobile users...

[R1] SecurityCenter 5.6.0 Fixes One Vulnerability

SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection vulnerability that could be exploited by an authenticated user with sufficient privileges to run diagnostic scans. An attacker could exploit this vulnerability by entering a crafted SQL query into the password field of a...

WordPress Plugin Polls 1.2.4 - SQL Injection (PoC)

Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Vulnerable version:Download Link : https://downloads.wordpress.org/plugin/polls-widget.1.2.4.zip //////////////////////// /// Overview: //////////////////////// WordPress Polls plugin is a tool for creating polls and survey...

The vulnerability of the eonweb (logout.php) component of the support service program, designed for implementing the library process (ITIL), EyesOfNetwork, allows a hacker to circumvent access control rules.

The vulnerability of the eonweb logout.php component of the support service program, designed for implementing ITIL library processes, relates to the lack of protection for SQL query structures. Exploiting this vulnerability allows a malicious actor to bypass access restrictions and gain remote...

Joomla Patches Eight-Year-Old LDAP Injection Vulnerability

Joomla on Tuesday patched a critical vulnerability that had lingered in the content management system for eight years. It’s unknown whether the bug had been publicly exploited before it was privately reported in July, but an attacker could have leveraged the flaw to steal administrator login...

Joomla! < 3.8.0 Information Disclosure Vulnerability

Joomla is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

CVE-2017-14595

In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state...

CVE-2017-14595

In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state...

Information disclosure

In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state...

CVE-2017-14595

In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the disclosure of article intro texts when these articles are in the archived state...