OneCMS 2.4 (userreviews.php abc) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl OneCMS v2.4 Remote SQL Injection Exploit Description ----------- OneCMS contains a flaw that allows an attacker to carry out an SQL injection attack. The issue is due to the userreviews.php script not properly sanitizing user-supplied input to the...

ACG News 1.0 - aidcatid SQL Injection

ACG News 1.0 - aidcatid SQL Injection ACG News SQL Injection Software: ACG News 1.0 Vendor link: http://www.altercoder.com Vendor Demo link: http://acgnews.uw.hu/index.php Attack: SQL Injection Original Advisory: http://14house.blogspot.com/2007/08/acg-news-sql-injection.html Discovered by: David...

PHP-Nuke 8.0 Final - 'INSERT' Blind SQL Injection (MySQL)

!/usr/bin/perl 0day exploit for PHP-nuke = 4.0.24, using 'brute force' Coded by:Maciej krasza [email protected] Screenshot: 0day exploit for PHP-nuke new; my $zadanie = HTTP::Request-newGET = $adres; my...

ContentNow 1.39 (pageid) Remote SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w use IO::Socket; use strict; ContentNow "pageid" Sql Injection Version : 1.39 Url : http://www.contentnow.mf4k.de Author : Alfredo 'revenge' Pesoli Advisory : http://www.0xcafebabe.it/advisory/contentnow139sqlinjection.txt Description: The...

TheWebForum 1.2.1 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/16161/info TheWebForum is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could result in a compromise of t...

myBloggie "username" SQL Injection Vulnerability

Secunia Advisory: SA16699 Release Date: 2005-09-05 Critical: Moderately critical Impact: Security Bypass Manipulation of data Where: From remote Solution Status: Vendor Patch Software: myBloggie 2.x Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it...

Hosting Controller 6.1 - resellerresources.asp?jresourceid SQL Injection

Hosting Controller 6.1 - resellerresources.asp?jresourceid SQL Injection source: https://www.securityfocus.com/bid/13806/info Hosting Controller is reported prone to multiple vulnerabilities. These issues can allow an attacker gain unauthorized access to data and carry out SQL injection attacks...

MercuryBoard 1.1 - Multiple Input Validation Vulnerabilities

MercuryBoard 1.1 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/12359/info Multiple input validation vulnerabilities affect MercuryBoard. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in...

[EXPL] ITA Forum SQL Injection

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Cacti: SQL injection vulnerability

Background Cacti is a complete web-based front end to rrdtool. Description Cacti is vulnerable to a SQL injection attack where an attacker may inject SQL into the Username field. Impact An attacker could compromise the Cacti service and potentially execute programs with the permissions of the use...

memmansys21.txt

Title: Vulnerabilities in Member Management System 2.1 Software: Member Management System 2.1 Vendor: http://www.expinion.net/software/appmms.asp Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user and adm...

Expinion.net News Manager Lite 2.5 - category_news.asp?ID SQL Injection

Expinion.net News Manager Lite 2.5 - categorynews.asp?ID SQL Injection source: https://www.securityfocus.com/bid/9935/info Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out SQL injection, cross-site scripting, and account hijacking attacks. T...

MetaDot < 5.6.5.4b5 - Multiple Vulnerabilities

MetaDot Multiple Vulnerabilities Vendor: Metadot Corporation Product: MetaDot Version: = 5.6.5.4b5 Website: http://www.metadot.com/ BID: 9439 Description: Metadot is a popular open source portal software GPL recognized for its revolutionary ease-of-use. It provides content management like file,...

Mambo Open Source 4.0.14 Server - SQL Injection

Mambo Open Source 4.0.14 Server - SQL Injection source: https://www.securityfocus.com/bid/9196/info It has bee reported that Mambo Open Source 4.0.14 Server is prone to SQL injection attacks. The problem is said to occur due to insufficient sanitization of data passed to specific index.php...

Microsoft BizTalk Server Multiple Remote Vulnerabilities

The remote host seems to be running Microsoft BizTalk server. There are two flaws in this software that could allow an attacker to issue a SQL insertion attack or to execute arbitrary code on the remote host. Note that Nessus solely relied on the presence of a Biztalk DLL to issue this alert so i...

PHP-Nuke 6.5 (Multiple Downloads Module) - SQL Injection

source: https://www.securityfocus.com/bid/7588/info PHP-Nuke is reportedly prone to multiple SQL injection vulnerabilities in the Downloads module. Exploitation could allow for injection of malicious SQL syntax, resulting in modification of SQL query logic or other attacks...

vSignup 2.1 - SQL Injection

vSignup 2.1 - SQL Injection source: https://www.securityfocus.com/bid/6606/info A vulnerability has been discovered in vSignup. It has been reported that various PHP scripts used by vAuthenticate are prone to SQL injection attacks. This issue may be exploited by an unauthorized attacker to view...

PHPPass 2 - 'AccessControl.php' SQL Injection

source: https://www.securityfocus.com/bid/6594/info A problem with phpPass may allow an attacker to launch a SQL injection attack. The vulnerability exists in the accesscontrol.php script included with phpPass. Due to insufficient sanitization of user-supplied input, it is possible for a remote...

CVE-2002-0961

Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote attackers to conduct unauthorized operations as other users, e.g. by deleting clients via dltclnt.php, possibly in a SQL injection attack...

CVE-2002-0554

webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request...