We-Com OpenData CMS 2.0 SQL Injection

Exploit Title: We-com OpenData CMS 2.0 Authentication Bypass / SQL Injection Google Dork:N/A Date: 2020-04-17 Exploit Author: @ThelastVvV Vendor Homepage: https://www.we-com.it/ Version: 2.0 Tested on: 5.5.0-kali1-amd64 --------------------------------------------------------- Vendor contact...

MGASA-2019-0357 Updated phpmyadmin packages fix security vulnerability

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/ table name can be used to trigger a SQL injection attack through the designer feature CVE-2019-18622...

CVE-2018-3884

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The sortby and start parameter can be used to perform an SQL injection attack. An attacker can use a browser to...

CVE-2018-1096

An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database...

CVE-2018-1096

An input sanitization flaw was found in the id field in the dashboard controller of Foreman before 1.16.1. A user could use this flaw to perform an SQL injection attack on the back end database...

GHSA-X457-CW4H-HQ5F JSON gem has Improper Input Validation vulnerability

The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...

AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q This module exploits object injection, authentication bypass an...

WordPress Private Messages 1.0.1 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WP Email Users – 1.4.1 – Plugin WordPress – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/wp-email-users/ Software Link: https://wordpress.org/plugins/wp-email-users/ Contact:...

Debian DLA-215-1 : libjson-ruby security update

The JSON gem for Ruby allowed remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL...

DLA-215-1 libjson-ruby - security update

Bulletin has no description...

WordPress Plugin Tune Library 1.5.4 - SQL Injection

WordPress Plugin Tune Library 1.5.4 - SQL Injection ======================================================================= title: SQL Injection product: WordPress Tune Library Plugin vulnerable version: 1.5.4 and probably below fixed version: 1.5.5 CVE number: CVE-2015-3314 impact: CVSS Base Sco...

WordPress Tune Library 1.5.4 SQL Injection

======================================================================= title: SQL Injection product: WordPress Tune Library Plugin vulnerable version: 1.5.4 and probably below fixed version: 1.5.5 CVE number: CVE-2015-3314 impact: CVSS Base Score 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P homepage:...

CVE-2014-3482 rubygem-activerecord: SQL injection vulnerability in 'bitstring' quoting

SQL injection vulnerability in activerecord/lib/activerecord/connectionadapters/postgresqladapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. It was...

e107 1.0.2 - CSRF Resulting in SQL Injection

No description provided by source. Exploit Title: e107 v1.0.2 Administrator CSRF Resulting in SQL Injection Google Dork: intext:This site is powered by e107 Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

PHP-Ultimate Webboard 2.0 'admindel.php' Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/30822/info PHP-Ultimate Webboard is prone multiple-input validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Successful exploits will allow unauthorized attackers to dele...

McAfee Asset Manager 6.6 - Multiple Vulnerabilities

No description provided by source. Cloud SSO is vuln to unauthed XSS in the authentication audit form: https://twitter.com/BrandonPrry/status/445969380656943104 McAfee Asset Manager v6.6 multiple vulnerabilities http://www.mcafee.com/us/products/asset-manager.aspx Authenticated arbitrary file rea...

AlienVault Authenticated SQL Injection Arbitrary File Read

AlienVault 4.6.1 and below is susceptible to an authenticated SQL injection attack against newpolicyform.php, using the 'insertinto' parameter. This module exploits the vulnerability to read an arbitrary file from the file system. Any authenticated user is able to exploit this, as administrator...

mySeatXT 0.2134 SQL注入漏洞

No description provided by source. 1 Sql Injection PoC: http://localhost/mySeatXT/web/ajax/autocompleteres.php?term=99' 'SQL INJECT' Vulnerable Code: + autocompleteres.php $sql = "SELECT FROM reservations WHERE reservationguestname LIKE '".$GET'term'."%' GROUP BY reservationguestname "; $fetch =...

Hacker stole $100,000 from Users of California based ISP using SQL Injection

In 2013 we have seen a dramatic increase in the number of hack attacks attempted against banks, credit unions and utility companies using various techniques including DDoS attack, SQL injection, DNS Hijacking and Zero-Day Flaws. SQL Injection is one of the most common security vulnerabilities on...

PhpVibe 3.1 Cross Site Scripting / SQL Injection

Exploit Title: PhpVibe 3.1 - Multiples Vulnerabilites Product: PhpVibe Official site: http://phprevolution.com/ Risk Level: High Exploit Author: Esac Demo : http://playviralvideos.com Last Checked: 13/08/2013 +----------+ | OVERVIEW | +----------+ PhpVibe is a Premium video sharing cms with or...