Symantec IM Manager Administrative Interface rdpageimlogic.aspx SQL Injection Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx page which is exposed through an IIS extension on the defau...

Cag CMS 0.2 - Cross-Site Scripting / Blind SQL Injection

----------------------------------------------------------------------------------------- Cag CMS Version 0.2 Beta = XSS && Blind SQL Injection Multiple Vulnerabilities ----------------------------------------------------------------------------------------- Author : Shamus Date : October, 05th...

Oracle MySQL 5.1.50 - Privilege Escalation

Oracle MySQL 5.1.50 - Privilege Escalation source: https://www.securityfocus.com/bid/43677/info MySQL is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to run arbitrary SQL statements with 'SUPER' privileges on the slave database system. This will allow t...

Oracle Database InterMedia Denial of Service

Oracle Database Server is an enterprise-level relational database application suite. In addition to common basic data types, such as INT or VARCHAR, Oracle uses specialized object types to store and manage complex data objects, such as images and audio/video data. Object types are conceptually...

INVOhost SQL Injection

Andrés Gómez Exploit Title : INVOhost SQL Injection Date : 2010-04-24 Author : Andrés Gómez Software Link : http://www.invohost.com/ Contact : [email protected] Dork : "Powered by INVOhost" An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the...

Oracle Database Server LT.ROLLBACKWORKSPACE SQL Injection (CVE-2009-0978)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e., procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...

Oracle Database sys.pbsde.init Procedure Buffer Overflow (CVE-2005-3438)

Stored procedures are a powerful feature of an Oracle database server. They are essentially a set of SQL statements that are stored server-side, which are called by name and optionally passed a set of parameters. Stored procedures provide improved performance, because only data specific to the...

Oracle Database Server ctxsys.driload Access Validation (CVE-2004-0637)

Stored procedures are a powerful feature of an Oracle database server. They are essentially a set of SQL statements that are stored server-side, which are called by name and optionally passed a set of parameters. Stored procedures provide improved performance, because only data specific to the...

Oracle Database Server MDSYS.SDO_LRS Package SQL Injection (CVE-2006-5340)

Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...

Ipswitch WhatsUp Web Interface SQL Injection (CVE-2005-1250)

WhatsUp Professional 2005 is a network monitoring and resource management solution. WhatsUp Professional uses a relational database to store the information about user accounts and network devices that are monitored by the application. The relational databases supported by WhatsUp Professional ar...

TGS CMS 0.x SQL Injection / XSS / Disclosure

| | | / | | / | | | \ / | | | / / | |/ \ / / |/ | |/| | | ' \ / | / / | | alertdocument.cookie The Risk: By exploiting this vulnerability, an attacker can inject malicious code in the script and can stole cookies. Fix the vulnerability: Encode output...

Use a low-privileged Oracle database accounts give the OS access permissions-bug warning-the black bar safety net

Author:Mickey These days look at the article called"Penetration: from application down to OS Oracle"of the document,feel quite interesting,the document probably means that is,if the ORACLE service is using the administrator account to start,as long as you have a have resource and connect privileg...

glFusion <= 1.1.2 COM_applyFilter()/cookies Blind SQL Injection Exploit

No description provided by source. ?php / glFusion = 1.1.2 COMapplyFilter/cookies remote blind sql injection exploit by Nine:Situations:Group::bookoo our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: "Page created in" "seconds by glFusion" +RSS Found...

GLSA-200903-27 : ProFTPD: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200903-27 ProFTPD: Multiple vulnerabilities The following vulnerabilities were reported: Percent characters in the username are not properly handled, which introduces a single quote character during variable substitution by modsql...

ProFTPD: Multiple vulnerabilities

Background ProFTPD is an advanced and very configurable FTP server. Description The following vulnerabilities were reported: Percent characters in the username are not properly handled, which introduces a single quote character during variable substitution by modsql CVE-2009-0542. Some invalid,...

SuSE Update for OpenOffice_org SUSE-SA:2007:067

Check for the Version of OpenOfficeorg OpenVAS Vulnerability Test $Id: gbsuse2007067.nasl 8050 2017-12-08 09:34:29Z santu $ SuSE Update for OpenOfficeorg SUSE-SA:2007:067 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is...

Gentoo Security Advisory GLSA 200812-20 (phpcollab)

The remote host is missing updates announced in advisory GLSA 200812-20. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200812-20 (phpcollab)

The remote host is missing updates announced in advisory GLSA 200812-20. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Openfire Server <= 3.6.0a (Auth Bypass/SQL/XSS) Multiple Vulnerability

Exploit for unknown platform in category web applications ======================================================================== Openfire Server = 3.6.0a Auth Bypass/SQL/XSS Multiple Vulnerabilities ======================================================================== Advisory: Openfire Serv...

The latest Discuz! NT2. 5 vulnerability to report! - Vulnerability warning-the black bar safety net

Title: the latest Discuz! NT2. 5 vulnerability to report! Author: hackest H. S. T. This article has been published in the hacker X-Files for 2 0 0 8 P 1 0 issue of the magazine on After the author published on the blog, such as reproduced please retain this information! Summer, passion in August,...