Contrexx CMS egov Module 1.0.0 - SQL Injection

Contrexx CMS egov Module 1.0.0 - SQL Injection Exploit Title: Contrexx CMS:egov moudle SQL injection Google Dork: inurl:?section=egov Date: 12/9/2016 Exploit Author: hamidreza borghei Software Link: https://www.cloudrexx.com/de/index.php?section=downloads&cmd=7&category=8 Version: 1.0.0 Tested on...

Unsafe Query Generation Risk in Active Record

There is a vulnerability when Active Record is used in conjunction with JSON parameter parsing. This vulnerability is similar to CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155. Impact ------ Due to the way Active Record interprets parameters in combination with the way that JSON parameters are...

Nextcloud: Bookmarks: Delete all existing bookmarks of a user

A logical bug in the bookmark app makes it possible to delete all the existing bookmarks of the user. Here are the steps to reproduce: - Create couple of valid bookmarks - Import a bookmark.html file that contains the line Bookmark. All the bookmarks of the user is replaced with blank url and...

WordPress Ultimate Membership Pro 3.3 Plugin - SQL Injection

Exploit for php platform in category web applications Vendor Homepage: http://wpindeed.com/ Software Link: http://codecanyon.net/item/ultimate-membership-pro-wordpress-plugin/12159253 Version: 3.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Unauthenticated Blind SQLi, Unauthenticated Payment Bypass...

BigTree CMS 4.2.11 SQL Injection

ADVISORY INFORMATION ======================================== Title: BigTree CMS substr$page,1; else // It's an existing page $type = "EDIT"; $pending = false; $existingpage = BigTreeCMS::getPage$page; $existingpendingchange = sqlfetchsqlquery"SELECT id FROM bigtreependingchanges WHERE table =...

BigTree CMS 4.2.11 - SQL Injection

Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: BigTree CMS substr$page,1; else // It's an existing page $type = "EDIT"; $pending = false; $existingpage = BigTreeCMS::getPage$page; $existingpendingchange =...

BigTree CMS 4.2.11 - SQL Injection

ADVISORY INFORMATION ======================================== Title: BigTree CMS substr$page,1; else // It's an existing page $type = "EDIT"; $pending = false; $existingpage = BigTreeCMS::getPage$page; $existingpendingchange = sqlfetchsqlquery"SELECT id FROM bigtreependingchanges WHERE table =...

phpMyAdmin 4.5.x < 4.5.5.1 Multiple Vulnerabilities (PMASA-2016-10, PMASA-2016-13)

Binary data 9355.prm...

miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (SQL Execution)

miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery SQL Execution document.forms.csrfpoc.submit; select from user order by User asc limit 20 Host User % exploituser1 --...

miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (Execute SQL Query)

Exploit for php platform in category web applications document.forms.csrfpoc.submit; select from user order by User asc limit 20 Host User % exploituser1 -- 0day.today 2018-03-14...

miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (SQL Execution)

document.forms.csrfpoc.submit; select from user order by User asc limit 20 Host User % exploituser1 --...

miniMySQLAdmin 1.1.3 Cross Site Request Forgery

Exploit Title: miniMySQLAdmin 1.1.3 - CSRFExecute SQL Query Date: 2016-06-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://xdsoft.net/minimysqladmin.html Software Link: https://github.com/xdan/miniMySQLAdmin/archive/master.zip Version: v1.1.3 Tested on: Debian...

LogicalDoc Document Managment System CE: source code security analysis report

Several vulnerabilities were discovered in LogicalDOC 'LogicalDoc Document Managment System CE' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Отсутствие верификации цифровой подписи исполняемых файлов, полученных из...

phpMyAdmin Multiple XSS Vulnerabilities (PMASA-2016-11) - Windows

phpMyAdmin is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Delete Users from XenMobile Database

For XenMobile environment 10.4 and below, we do not have the option to delete the user from the console.You will have to delete the user from the database manually. Use the following SQL query to delete all rows associated to a single user within XenMobile Server. Important! Ensure to back up the...

Uber: Stored XSS in drive.uber.com WordPress admin panel

There is another bug in the All In One Event Calendar plugin used on drive.uber.com. An attacker can inject arbitrary JavaScript in the administrative Dashboard of WordPress. The script would be evaluated under administrator privileges as only logged-in administrators can view the Dashboard. Such...

DEBIAN-CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...