291 matches found
CVE-2015-3427
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ backslash in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422...
DamiCMS 2.2 /Web/Lib/Action/ApiAction.class.php SQL注入漏洞
/Web/Lib/Action/ApiAction.class.php$field =!empty$REQUEST'field'?injectcheck$REQUEST'field':''; $m=new Model$model,"",false; //如果使用了分页,缓存也不生效 if$page import"@.ORG.Page"; //这里改成你的Page类 $count=$m-where$where-count; $totalpage = ceil$count / $pagesize; $p = new Page$count,$pagesize; //如果使用了分页,num将不起...
mcms 3.1.0 /app/cms/list.php SQL注入漏洞
No description provided by source...
phpMyRecipes 1.2.2 /dosearch.php SQL注入漏洞
No description provided by source...
PHPok 4.2.024 /framework/engine/session_file.php SQL注入漏洞
No description provided by source...
DamiCMS 2.2 /Web/Lib/Action/MemberAction.class.php SQL注入漏洞
No description provided by source...
74CMS最新版绕过继续任意文件读取(通用性分析)到任意文件删除
简要描述: 74CMS最新版绕过继续任意文件读取通用性分析到任意文件删除 详细说明: 0x000 简介 写这个漏洞的时候很纠结,不知道到底要提交给谁,74cms,cncert,腾讯? 最后还是交给74cms吧,因为74cms的厂商看了还是挺负责的,交给cncert又不知道能不能让厂商知道并修复,交给腾讯肯定又是忽略的节奏! 这里主要那74cms的漏洞和phpyun之前的漏洞分析,然后找出共同的问题点,然后找到来源,都是因为开发者的安全意识薄弱,还有腾讯的带头大哥榜样惹的祸,暂且这么说吧! 作为厂商只是那现成的来用,太依赖第三方的东西,完全没有自己考虑到问题的产生。...
Ecmall 2.3.0 /member.app.php SQL注入漏洞
No description provided by source...
WordPress 2.1.2 - Authenticated XMLRPC SQL Injection
...
Startbbs 1.1.5.2 /themes/default/search.php SQL注入漏洞
No description provided by source...
asp autodealer (sql/dd) Multiple Vulnerabilities
No description provided by source. -----------------------------OffensiveTrack------------------------------ ---------------------------- Tunisia Muslim ------------------------------ found by : OffensiveTrack Author : AlpHaNiX website : www.offensivetrack.org contact : AlpHaATHACKERDOTBZ script ...
PHPBB 1.x/2.0.x Knowledge Base Module KB.PHP SQL Injection Vulnerability
No description provided by source...
Online Contact Manager 3.0 view.php id Parameter XSS
存在漏洞版本: =3.0 漏洞描述: Online Contact Manager 3.0 是一个web上的联系人管理系统应用。其存在由于用户的非正常输入导致的危险. 远程的用户可以注入 SQL 命令, 同时也能够执行跨站脚本攻击. 远程的用户也可以植入 html 来挂马 'view.php' 脚本没有正确的验证用户对于 ‘id’ 变量的输入。一个远程的用户可以创建一个特殊构造的 URL, 当目标用户加载此页面的时候, 将会造成目标用户的浏览器上的任意代码的执行.这个代码将会在 Online Contact Manager 中执行,会在整个网站的安全背景下运行。因此,...
phpscripte24 Preisschlacht Liveshop System SQL Injection (seite&aid) index.php
No description provided by source. ----------------------------Information------------------------------------------------ +Name : phpscripte24 Preisschlacht Liveshop System SQL Injection seite&aid index.php +Autor : Easy Laster +Date : 19.03.2010 +Script : phpscripte24 Preisschlacht Liveshop...
MyBB 1.0.2/1.0.3 Managegroup.PHP SQL Injection Vulnerability
No description provided by source...
Built2Go PHP Shopping SQL Injection Vulnerability
No description provided by source. Script Name: Built2Go PHP Shopping version = 1.7 Site: http://built2go.com/ Script Demo: http://demos.built2go.com/shopping/1/ Found: Br0ly Google Dork: Powered by Built2Go PHP Shopping p0c:...
deV!L`z Clanportal 1.5.5 Moviebase Addon Blind SQL Injection Vulnerability
No description provided by source. ======================================================================================== | Title : deV!Lz Clanportal 1.5.5 Moviebase Addon Blind SQL Injection Vulnerability | Author : Easy Laster | Download : http://www.modsbar.de/Addons/79/moviebase/ | Script :...
PhpMesFilms 1.8 - SQL Injection Vulnerability
No description provided by source...
XLineSoft ASPRunner 1.0/2.x Database Direct Request Information Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/10799/info ASPRunner is reported prone to multiple vulnerabilities. The reported issues include SQL injection, cross-site scripting, information disclosure and unauthorized access to database files. ASPRunner versions 2.4...
POSH /portal/addtoapplication.php rssurl Parameter SQL Injection
SQL injection vulnerability in portal/addtoapplication.php in POSH aka Posh portal or Portaneo 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...