EUVD-2005-4341

Malware in sbrugna...

U.S. Dept Of Defense: SQL injection located in `███` in POST param `████████`

Hey DoD security team! I was able to exploit an SQL injection 1 in one of your domains. Description An SQL injection 1 was discovered in domain https://████████/██████ in the parameter ██████████. The SQL injection was located in a WHERE statment fallowed by a INT value. The vulnerable parameter...

qdPM 9.1 - search_by_extrafields[] SQL Injection

qdPM 9.1 - searchbyextrafields SQL Injection =========================================================================================== Exploit Title: qdPM 9.1 - 'searchbyextrafields' SQL Injection Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...

NodAPS 4.0 - SQL injection Cross-Site Request Forgery

NodAPS 4.0 - SQL injection Cross-Site Request Forgery Exploit Title: Online Booking system - NodAPS 4.0 - 'search' SQL injection / Cross-Site Request Forgery Date: 2018-05-16 Exploit Author: Borna nematzadeh L0RD Vendor Homepage:...

通达oa2013又一奇葩注入DBA

简要描述： 无语了。。。 详细说明： 官网demo登录试用: http://www.day900.com/ 发现这个: http://www.day900.com/general/crm/apps/crm/include/search.php?ENTITY=crmmarketing&PAGESIZE=10&CURPAGE=&ORDERFIELD=&ORDERTYPE=&USERVIEW=1706 payload:ENTITY=crmmarketing' 返回这个: 请联系管理员 错误1064: You have an error in your SQL syntax; check the...

Localize: PHP PDOException and Full Path Disclosure

hi phrasekey , agian! in phraseChange action if set to array pdo quote show error! line 755 index.php Warning: PDO::quote expects parameter 1 to be string, array given in /srv/data/web/vhosts/www.localize.im/htdocs/classes/Database.php on line 30 Fatal error: Uncaught exception 'PDOException' wit...

ACC IMoveis 4.0 - SQL Injection Vulnerability

No description provided by source. Exploit Title : iMoveis SQL Injection Vulnerability Date : 26/10/2010 Author : EraGoN Software link : http://baixar7.com/download/acc-imoveis-script-php.rar/3d1e7bf4b9 Version : 1.1 Tested on : Linux / Windows XP Dork : inurl:imoveis.php?id= Error You have an...

ZeroCMS 1.0 SQL Injection Vulnerability

ZeroCMS version 1.0 suffers from a remote SQL injection vulnerability. ZeroCMS v1.0 SQL Injection Vulnerability zerotransactarticle.php articleid POST parameter Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms Affected version: 1.0 Severity: High CWE: 89 -...

Edimestre Plus 2.0 SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...

phxEventManager 2.0 Beta 5 SQL Injection

Exploit Title: phxEventManager 2.0 beta 5 search.php searchterms SQL Injection Vulnerability Date: 01/03/2012 Author: skysbsb Software Link: http://sourceforge.net/projects/phxeventmanager/ Version: Web Application Tested on: Apache/nix Dork: intext: "Powered by phxEventManager" Code : Exploited...

phpaaCMS V0. 3 the presence of injection oday vulnerability-vulnerability warning-the black bar safety net

Accidentally passing a php the station, due to the own very little of PHP with the Institute to sloppy looked at is phpaaCMS, not large-scale CMS, habitual later added a“'”, I did not expect the explosion wrong! You have an error in your SQL syntax; check the manual that corresponds to your MySQL...

phpaaCMS V0. 3 the presence of injection vulnerabilities-vulnerability warning-the black bar safety net

H4ckx7's Blog Accidentally passing a php the station, due to the own very little of PHP with the Institute to sloppy looked at is phpaaCMS, not large-scale CMS, habitual later added a“'”, I did not expect the explosion wrong! You have an error in your SQL syntax; check the manual that corresponds...

Billwerx RC 3.1 XSS / SQL Injection

Billwerx RC v3.1 Multiple Vulnerabilities Found By: mrme Download: http://www.billwerx.com/download.php Tested On: Windows Vista Note: For educational purposes only XSS POC: A regular employee can embed javascript code that could be executed within the context of the admin's browser. If the user...

Billwerx RC v3.1 Multiple Vulnerabilities

No description provided by source. Billwerx RC v3.1 Multiple Vulnerabilities Found By: mrme Download: http://www.billwerx.com/download.php Tested On: Windows Vista Note: For educational purposes only XSS POC: A regular employee can embed javascript code that could be executed within the context o...

CVE-2006-0727

CVE-2006-0727 describes a SQL injection in mstrack.php of MusOX DF MSAnalysis (DFMSA), used with CPG-Nuke Dragonfly CMS. An attacker can trigger path disclosure via a SQL syntax error and may be able to execute arbitrary SQL commands. The affected software is MusOX DF MSAnalysis as used in Dragon...

CVE-2005-4346

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was...

CVE-2005-4346

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was...

CVE-2005-4346

phpBB Blog 2.2.2 and earlier: A function in blog.php causes an invalid SQL query when the permalink parameter to index.php is cleansed to empty (non-digit chars stripped), leading to a SQL syntax error that leaks the full application pathname. This is not a true SQL injection in practice, but the...