SQLite Browser 2.0b1 - Local DoS Vulnerability

No description provided by source. Exploit Title: SQLite Browser 2.0b1 Local DoS Vulnerability Author: Nishant Das Patnaik Tested on: Windows XP SP2/SP3 x86, Vista x86, Windows 7 x64 Code : A specially crafted SQL file query can cause the the application to freeze and finally crash. The bug is th...

GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities

No description provided by source. Title: ====== GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities Date: ===== 2012-04-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=538 VL-ID: ===== 538 Introduction: ============= GENU is a Content Management System written...

Hexorbase - Multiple Database Management and Audit Tool

HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL...

openSUSE Security Update : proftpd (openSUSE-2011-19)

Vulnerabilities were discovered for the proftpd packages in openSUSE version 12.1. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2011-19. The text description of this plugin is C SU...

openSUSE Security Update : dovecot12 (openSUSE-SU-2010:0923-1)

dovecot granted admin rights to all owner mailboxes CVE-2010-3706. When using multiple ACL entries for mailboxes the most specific one was not always applied CVE-2010-3707. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

openSUSE Security Update : mumble (openSUSE-2012-127)

remove read permissions for other users on local sqlite database as it may contain passwords bnc747833, CVE-2012-0863 - don't add built-in CA certificates bnc660784 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

openSUSE Security Update : dovecot20 (dovecot20-4610)

dovecot crash when parsing mail headers that contain NUL characters CVE-2011-1929 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update dovecot20-4610. The text description of this plugin is C SUSE...

MyBB Database Fingerprint

This module checks if MyBB is running behind an URL. Also uses a malformed query to force an error and fingerprint the backend database used by MyBB on version 1.6.12 and prior. This module requires Metasploit: https://metasploit.com/download Current source:...

Fedora 19 : php-5.5.12-1.fc19 (2014-5984)

Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 instead of 666. Check your configuration if php-fpm use UDS default configuration use a network socket. Upstream Changelog: 01 May 2014, PHP 5.5.12 Core : - Fixed bug 61019 Out of memory on comma...

Fedora 20 : php-5.5.12-1.fc20 (2014-5960)

Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 instead of 666. Check your configuration if php-fpm use UDS default configuration use a network socket. Upstream Changelog: 01 May 2014, PHP 5.5.12 Core : - Fixed bug 61019 Out of memory on comma...

Cells Blog 3.3 Cross Site Scripting / SQL Injection

Exploit: Cells v3.3 XSS Reflected & Blind SQLite Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + version: Cells Blog 3.3 + Vendor Homepage: http://cells.tw + 14/01/2014 vendor contacted + 17/01/2014 no response from vendor + 20/01/2014 no response from vendor +...

Cells Blog 3.3跨站脚本和SQL注入漏洞

No description provided by source. 1 Reflective XSS on 'msg=' PoC: http://localhost/cells-v3-3/errmsg.php?msg= %3C%2Fp%3E%3Cscript%3Ealert%28%27XSS%27%29%3B%3C%2Fscript%3E%3Cp%3E Vulnerable Code: + errmsg.php ? echo "img src='images/error.gif'"; if isset$GET"msg"$msg=$GET"msg";else$msg=""; if...

Cells Blog 3.3 - XSS Reflected & Blind SQLite Injection Vulnerabilities

Exploit for php platform in category web applications + Exploit: Cells v3.3 XSS Reflected & Blind SQLite Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + version: Cells Blog 3.3 + Vendor Homepage: http://cells.tw + 14/01/2014 vendor contacted + 17/01/2014 no response...

Cells Blog 3.3 - Reflected Cross-Site Scripting / Blind SQLite Injection

Exploit: Cells v3.3 XSS Reflected & Blind SQLite Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + version: Cells Blog 3.3 + Vendor Homepage: http://cells.tw + 14/01/2014 vendor contacted + 17/01/2014 no response from vendor + 20/01/2014 no response from vendor +...

Cells Blog 3.3 - Reflected Cross-Site Scripting Blind SQLite Injection

Cells Blog 3.3 - Reflected Cross-Site Scripting Blind SQLite Injection + Exploit: Cells v3.3 XSS Reflected & Blind SQLite Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + version: Cells Blog 3.3 + Vendor Homepage: http://cells.tw + 14/01/2014 vendor contacted +...

[Xplico 1.1.0] Open Source Network Forensic Analysis Tool (NFAT)

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...

[Ghost Phisher v1.5] GUI suite for phishing and penetration attacks

Ghost Phisher is an application of security which comes built-in with a fake DNS server ,DHCP server fake, fake HTTP Server and also has a space for the automatic capture and recording credentials HTTP method of the form to a database. The program could be used for on-demand service of DHCP, DNS,...

Song Exporter v2.1.1 RS iOS - File Include Vulnerabilities

Title: CVE-2013-6986 Insecure Data Storage in Subway Ordering for California ZippyYum 3.4 iOS mobile application Published: December 7, 2013 Reported to Vendor: May 2013 CVE Reference: CVE-2013-6986 https://vulners.com/cve/CVE-2013-6986 CVSS v2 Base Score: 4.9 CVSS v2 Vector...

[Avivore] The Twitter-searching Data Miner

Avivore is a Python-based tool that searches Twitter for keywords and then parses any tweets that are found. When parsing, it looks for the following sort of data: Phone numbers in NPA-NXX format ex: 604-555-1212 IPv4 addresses 127.0.0.1 Blackberry PINs ABCDEF12 It presently uses a SQLite backend...

CVE-2013-6986

The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by password elements...