UBUNTU-CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

CVE-2016-2560

The CVE-2016-2560 issue affects phpMyAdmin series: 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1. The vulnerability consists of multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML through several vectors (crafted H...

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

CVE-2016-2560

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...

phpmyadmin -- multiple XSS and a man-in-the-middle vulnerability

The phpMyAdmin development team reports: XSS vulnerability in SQL parser. Using a crafted SQL query, it is possible to trigger an XSS attack through the SQL query page. We consider this vulnerability to be non-critical. Multiple XSS vulnerabilities. By sending a specially crafted URL as part of t...

ManageEngine Firewall Analyzer 8.5 SQL Injection

================================================================ ManageEngine Firewall Analyzer 8.5 SQL Query Execution Vulnerability ================================================================ Description : Vulnerability Type : ManageEngine Firewall Analyzer 8.5 SQL Query Execution...

CVE-2016-2045

Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...

SQL Injection in TestLink

High-Tech Bridge Security Research Lab discovered high-risk SQL injection vulnerability in TestLink Open Source Test Management. The vulnerability can be exploited to alter the present SQL query and gain access to potentially sensitive information or even to completely compromise the vulnerable w...

PHPIPAM 1.1.010 - Multiple Vulnerabilities

Exploit Title: PHPIPAM v1.1.010 Multiple Vulnerabilities Date: 04/01/2016 Author: Mickael Dorigny @ Synetis Vendor or Software Link: http://phpipam.net/ Version: 1.1.010 Category: Multiple Vulnerabilities Tested on : 1.1.010 PHPIPAM description :...

The vulnerability of the Cisco Secure Access Control System’s access control system allows a perpetrator to execute arbitrary SQL commands.

The vulnerability of the Solution Engine component of the Cisco Secure Access Control System relates to the lack of protection for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands using a specially crafted URL...

通达OA集团最新版一处盲注漏洞demo测试（需登录）

简要描述： 集团OA最新版，未过滤'，然后再绕过过滤函数，root权限 详细说明： 厂商官网：http://.../ 集团demo地址：.../ SQL漏洞地址： .../general/document/index.php/send/sendlist/sendfor/?tid=&title=1 参数title可注入 这个点竟然没有过滤单引号' 爆SQL语句： 提交： .../general/document/index.php/send/sendlist/sendfor/?tid=&title=1%' and 1=2 union select 返回： 不安全的SQL语句：联合查询...

ZOHO ManageEngine OpManager Security Restriction Bypass Vulnerability

ZOHO ManageEngine OpManager is network performance management software. A security vulnerability exists in PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5 and earlier versions. An attacker can exploit this vulnerability to bypass sql query restrictions...

校无忧学校网站系统 TeachView.asp SQL注入漏洞

关键字简介有了。。 然后随便找一些网站 http://www.hainanez.com/TeachView.asp?id=33 http://www.lcztxx.com/TeachView.asp?id=1 http://www.yrenedu.com/TeachView.asp?id=37 http://www.tajx.com/TeachView.asp?id=25 http://nongxue.nyjj.net.cn/TeachView.asp?id=13 http://tuanwei.web.sdutcm.edu.cn/TeachView.asp?id=21...

Authentication flaw

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT//INTO."...

CVE-2015-7766

CVE-2015-7766 affects Zoho ManageEngine OpManager 11.6, 11.5 and earlier. The issue in PGSQL:SubmitQuery.do lets remote admins bypass SQL query restrictions by inserting a comment into requests to api/json/admin/SubmitQuery (e.g., "INSERT/**/INTO"). Public references describe this as a SQL query ...

ManageEngine EventLog Analyzer Remote Code Execution Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine EventLog Analyzer Remote Code Execution', 'Description' = %q...

ManageEngine EventLog Analyzer - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine EventLog Analyzer Remote Code Execution', 'Description' = %q This module exploits a SQL query functionality in...

Mango Automation 2.6.0 SQL Query Cross Site Request Forgery

Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution Vendor: Infinite Automation Systems Inc. Product web page: http://www.infiniteautomation.com/ Affected version: 2.5.2 and 2.6.0 beta build 327 Summary: Mango Automation is a flexible SCADA, HMI And Automation software application that allo...

ManageEngine EventLog Analyzer Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine EventLog Analyzer Remote Code Execution', 'Description' = %q This module exploits a SQL query functionality in...

Mango Automation 2.6.0 CSRF Arbitrary SQL Query Execution

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application allows users ...