CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

737 matches found

Packet Storm•added 2015/06/21 12:0 a.m.•41 views

White Way Systems SQL Injection

========================================================= + Title :- White Way Systems CMS - SQL Injection Vulnerability + Date :- 19 - June - 2015 + Vendor Homepage: :- http://whitewaysystems.co.za/ + Version :- All Versions + Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows + Category :-...

7.4AI score

Exploits0

WPVulnDB•added 2015/06/08 12:0 a.m.•20 views

Easy2Map Photos <= 1.0.9 - SQL Injection

The code in Functions.php is vulnerable to SQL Injection because they are not parameterising or sanitising user input. PoC sqlmap -u 'http://www.example.com/wp-admin/admin-ajax.php' --data="mapID=11='+or+1%3D%3D1%3B=e2mimgsavemapname" --cookie=COOKIEHERE --level=5 --risk=3...

7.5CVSS2.5AI score0.00758EPSS

Exploits4References2Affected Software1

Exploit DB•added 2015/06/08 12:0 a.m.•30 views

Pasworld - 'detail.php' Blind SQL Injection

========================================================= + Title :- Pasworld detail.php Blind Sql Injection Vulnerability + Date :- 5 - June - 2015 + Vendor Homepage: :- http://main.pasworld.co.th/ + Version :- All Versions + Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows + Category :-...

7.4AI score

Exploits0

exploitpack•added 2015/06/08 12:0 a.m.•107 views

Pasworld - detail.php Blind SQL Injection

Pasworld - detail.php Blind SQL Injection ========================================================= + Title :- Pasworld detail.php Blind Sql Injection Vulnerability + Date :- 5 - June - 2015 + Vendor Homepage: :- http://main.pasworld.co.th/ + Version :- All Versions + Tested on :- Nginx/1.4.5,...

0.3AI score

Exploits0

Kitploit•added 2015/06/05 6:44 p.m.•55 views

SQLiPy - Plugin for Burp Suite that integrates SQLMap using the SQLMap API

SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API. SQLMap comes with a RESTful based server that will execute SQLMap scans. This plugin can start the API for you or connect to an already running API to perform a scan. Requirements Jython 2.7 beta, due to the use...

7.6AI score

Exploits0References1

0day.today•added 2015/06/02 12:0 a.m.•21 views

WordPress LeagueManager 3.9.11 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress LeagueManager SQLi Version: 3.9.11 Vendor: https://wordpress.org/plugins/leaguemanager Software Link: https://downloads.wordpress.org/plugin/leaguemanager.3.9.1.1.zip Author: javabudd Date: 06/01/2015 Tested on: Linux ...

7.1AI score

Exploits0

seebug.org•added 2015/05/27 12:0 a.m.•19 views

WordPress Booking Calendar Contact Form Plugin 1.0.2 /dex_bccf.php SQL注入漏洞

/dexbccf.phpfunction dexbccfcaculateprice$startday, $enddate, $calendar, $defaultprice ... //$calendar is not sanitized in sql query $codes = $wpdb-getresults 'SELECT FROM '.$wpdb-prefix.DEXBCCFSEASONPRICESTABLENAMENOPREFIX.' WHERE calid='.$calendar; $mode =...

7AI score

Exploits0

0day.today•added 2015/05/26 12:0 a.m.•27 views

WordPress GigPress 2.3.8 SQL Injection Vulnerability

WordPress GigPress plugin version 2.3.8 suffers from a remote SQL injection vulnerability. Title: SQLi vulnerabilities in WordPress plugin "GigPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/gigpress/ Active installs: 20,000+...

6.5CVSS0.3AI score0.02669EPSS

Exploits5

seebug.org•added 2015/05/25 12:0 a.m.•23 views

服务接口存在sql注射漏洞，泄漏全国渠道和用户信息

简要描述：服务接口存在sql注射漏洞，泄漏全国渠道和用户信息详细说明： 1、访问http://t.ufida.com.cn/，发现存在大量的开放接口，对其中的GetVerSionJSON进行测试，发现存在sql注射漏洞。 2、注入的请求内容如下： POST /Service.asmx HTTP/1.1 Host: t.ufida.com.cn Content-Type: text/xml; charset=utf-8 Content-Length: length SOAPAction: "http://tempuri.org/GetVerSionJSON" u8 执行 sqlmap ...

7AI score

Exploits0

Packet Storm•added 2015/05/25 12:0 a.m.•37 views

WordPress GigPress 2.3.8 SQL Injection

Title: SQLi vulnerabilities in WordPress plugin "GigPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/gigpress/ Active installs: 20,000+ Vulnerable version: 2.3.8 Fixed version: 2.3.9 CVE: CVE-2015-4066 Vulnerabilities 2...

6.5CVSS0.6AI score0.02669EPSS

Exploits5

0day.today•added 2015/05/20 12:0 a.m.•20 views

WordPress FeedWordPress Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SQLi in FeedWordPress WordPress plugin Date: 2015-05-19 Exploit Author: Adrián M. F. Vendor Homepage: https://wordpress.org/plugins/feedwordpress/ Vulnerable version: 2015.0426 Fixed version: 2015.0514 CVE : CVE-2015-4018 1...

7.1AI score0.0251EPSS

Exploits6

exploitpack•added 2015/05/20 12:0 a.m.•23 views

WordPress Plugin FeedWordPress 2015.0426 - SQL Injection

WordPress Plugin FeedWordPress 2015.0426 - SQL Injection Exploit Title: SQLi in FeedWordPress WordPress plugin Date: 2015-05-19 Exploit Author: Adrián M. F. Vendor Homepage: https://wordpress.org/plugins/feedwordpress/ Vulnerable version: 2015.0426 Fixed version: 2015.0514 CVE : CVE-2015-4018 1...

6.5CVSS0.6AI score0.0251EPSS

Exploits6

Exploit DB•added 2015/05/20 12:0 a.m.•35 views

WordPress Plugin FeedWordPress 2015.0426 - SQL Injection

Exploit Title: SQLi in FeedWordPress WordPress plugin Date: 2015-05-19 Exploit Author: Adrián M. F. Vendor Homepage: https://wordpress.org/plugins/feedwordpress/ Vulnerable version: 2015.0426 Fixed version: 2015.0514 CVE : CVE-2015-4018 1 Authenticated SQLi CWE-89 -------------------------------...

6.5CVSS6.7AI score0.0251EPSS

Exploits6

Packet Storm•added 2015/05/19 12:0 a.m.•31 views

Milw0rm Clone Script 1.0 SQL Injection

0.2AI score

Exploits0

Vulnerability Lab•added 2015/05/17 12:0 a.m.•31 views

CRUCMS Crucial Networking - SQL Injection Vulnerability

Document Title: =============== CRUCMS Crucial Networking - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1497 Release Date: ============= 2015-05-17 Vulnerability Laboratory ID VL-ID: ==================================== 14...

7.4AI score

Exploits0

Vulnerability Lab•added 2015/05/12 12:0 a.m.•36 views

Web India Solutions CMS 2015 - SQL Injection Vulnerability

Document Title: =============== Web India Solutions CMS 2015 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1495 Release Date: ============= 2015-05-12 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score

Exploits0

seebug.org•added 2015/05/07 12:0 a.m.•18 views

用友某金融站点存在sql注射漏洞

简要描述：不求礼物，但求rank。详细说明：站点为：https://www.yonyoufinancial.com 存在PHPcmsV9 referer 注入漏洞使用exp获取管理员帐号密码：然后觉得能拿到的东西太少，丢sqlmap跑了一下：可惜不是root权限，要不直接写shell了～ exp链接（来自独自等待大牛博客）： http://www.waitalone.cn/phpcmsv9-posterclick-injection-exp.html 漏洞证明：如上...

7.1AI score

Exploits0

seebug.org•added 2015/04/21 12:0 a.m.•52 views

Coremail官网SQL注入可读全库

简要描述： coremail官网存在注入，有防护，可绕过。详细说明：漏洞地址：http://www.coremail.cn/gjzc2/list117.aspx?lcid=412 漏洞证明：有防护，直接用sqlmap加个tamper=chardoubleencode.py可以跑出来。这个是sqlmap用的payload： Place: GET Parameter: lcid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: lcid=412 AND...

7.5AI score

Exploits0

Exploit DB•added 2015/04/21 12:0 a.m.•29 views

WordPress Plugin Community Events 1.3.5 - SQL Injection

======================================================================= title: SQL Injection product: WordPress Community Events Plugin vulnerable version: 1.3.5 and probably below fixed version: 1.4 CVE number: CVE-2015-3313 impact: CVSS Base Score 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P homepage:...

9.8CVSS9.8AI score0.18463EPSS

Exploits5

Packet Storm•added 2015/04/20 12:0 a.m.•20 views

WordPress Community Events 1.3.5 SQL Injection

6.5CVSS0.18463EPSS

Exploits5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by