CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

737 matches found

Packet Storm•added 2014/10/23 12:0 a.m.•24 views

WordPress CP Multi View Event Calendar 1.01 SQL Injection

Exploit Title : CP Multi View Event Calendar 1.01 SQL Injection Vulnerability Exploit Author : Claudio Viviani Software Link : https://downloads.wordpress.org/plugin/cp-multi-view-calendar.zip Date : 2014-10-23 Tested on : Windows 7 / Mozilla Firefox Windows 7 / sqlmap 0.8-1 Linux / Mozilla...

seebug.org•added 2014/10/20 12:0 a.m.•21 views

BIWEB开源CMS V5.86存在SQL注射

简要描述： 0.0 新手彩笔第一次么么哒详细说明： biweb/cases/include/index.inc.php 23行-50行 $arrWhere = array; $arrLink = array; $arrWhere = "pass='1'"; $typetitle = ''; if !empty$GET'typeid' $intTypeID = intval$GET'typeid'; $typeid = $intTypeID - 1; $typetitle = $arrMType$typeid'typetitle';...

0day.today•added 2014/10/14 12:0 a.m.•14 views

CMS Subkarma Cross Site Scripting / SQL Injection Vulnerabilities

CMS Subkarma suffers from cross site scripting and remote SQL injection vulnerabilities. Note that this finding houses site-specific data. Multiple SQL Injection & XSS on CMS SUBKARMA Risk: High CWE number: CWE-89,CWE-79 Date: 13/10/2014 Vendor: www.jttel.com.tw Author: Felipe " Renzi " Gabriel...

Packet Storm•added 2014/10/13 12:0 a.m.•21 views

Etiko CMS Cross Site Scripting / SQL Injection

SQL Injection & XSS on Etiko CMS. Risk: High CWE number: CWE-89,CWE-79 Date: 13/10/2014 Vendor: www.etikweb.com Version: All Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on: Windows 8 ; Chrome ; Sqlmap 1.0-dev-nongit-20140906 Vulnerables Files: /index.php & /loja/index.php...

Packet Storm•added 2014/10/13 12:0 a.m.•31 views

CMS Subkarma Cross Site Scripting / SQL Injection

Multiple SQL Injection & XSS on CMS SUBKARMA Risk: High CWE number: CWE-89,CWE-79 Date: 13/10/2014 Vendor: www.jttel.com.tw Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on: Linux Mint ; Firefox ; Sqlmap 1.0-dev-nongit-20140906 Vulnerables File: news.php ; product.php ;...

Packet Storm•added 2014/10/13 12:0 a.m.•15 views

MVO - Maquina Vendas Online SQL Injection

SQL Injection on MVO ? - M?quina Vendas Online Risk: High CWE number: CWE-89 Date: 13/10/2014 Vendor: adnweb.es Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on: Linux Mint ; Firefox ; Sqlmap 1.0-dev-nongit-20140906 Vulnerable File: product.php Exploits:...

seebug.org•added 2014/10/08 12:0 a.m.•14 views

TinyShop V1.0.2 电子商务系统 SQL注入（gpc开启）

简要描述： TinyShop最新版SQL注入一枚。简直被审核系统搞无语了，麻烦乌云加上时钟跟分钟好吗？不然早提交几小时几分钟的同学跟自动审核的人一起提交只有遭殃的份。重复重复，重复你妹啊！ ps：亲时间是通过审核的时间，请看漏洞ID区分先后顺序当前时间：2014.7.10 11.44 详细说明：上个漏洞厂商说不要一起发SQL注入了，下个版本会一起处理。现在来看看怎么处理的。 framework\lib\util\filterclass.php：文件定义了过滤机制： public static function sql$str if getmagicquotesgpc $str...

0day.today•added 2014/10/05 12:0 a.m.•39 views

Ultra Electronics SSL VPN 7.2.0.19 / 7.4.0.7 SQL Injection / Directory Creation

Ultra Electronics SSL VPN versions 7.2.0.19 and 7.4.0.7 suffer from directory creation and remote SQL injection vulnerabilities. Ultra Electronics / AEP Networks - SSL VPN Netilla / Series A / Ultra Protect Vulnerabilities http://www.osisecurity.com.au/advisories/ultra-aep-netilla-vulnerabilities...

seebug.org•added 2014/09/18 12:0 a.m.•20 views

Wordpress Like Dislike Counter 1.2.3 Plugin - SQL Injection Vulnerability

一、插件介绍是一个支持文章、页面和评论投票顶踩的插件，你可以将顶踩放在文章、页面评论的任意位置，还可以放在网站首页上。如果你有一定代码修改能里的话，可以将本插件集成到主题里。二、漏洞概述 Like Dislike Counter 1.2.3及其他版本存在多个SQL注入漏洞，成功利用后可使攻击者执行未授权数据库操作。三、漏洞描述 Like Dislike Counter 插件SQL注入漏洞存在于ajaxcounter.php文件中，主要原因是未对POST数据中的postid进行有效过滤，致使非法数据被数据库正常解析执行。四、漏洞分析...

Packet Storm•added 2014/09/07 12:0 a.m.•17 views

WordPress Spider Facebook 1.0.8 SQL Injection

Exploit Title : Wordpress Spider Facebook 1.0.8 Authenticated SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://web-dorado.com/ Software Link : http://downloads.wordpress.org/plugin/spider-facebook.1.0.8.zip Date : 2014-08-25 Tested on : Windows 7 / Mozilla Firefox Linux /...

myhack58•added 2014/09/07 12:0 a.m.•111 views

SqlMap of mysql udf.dll provide right-vulnerability warning-the black bar safety net

First upload the dll file to any directory, such as: D:/RECYCLER/libmysqludfsys.dll Import the dll,according to the version of the import to windows or the mysql plugin directorytypically executing a select @@plugindir can be seen in the plugin directory specific path select...

seebug.org•added 2014/09/04 12:0 a.m.•26 views

Wordpress Huge-IT Image Gallery 1.0.1 Authenticated SQL Injection

No description provided by source. Exploit Title : Wordpress Huge-IT Image Gallery 1.0.1 Authenticated SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://huge-it.com/ Software Link : http://downloads.wordpress.org/plugin/gallery-images.zip Mirror Link :...

Packet Storm•added 2014/09/02 12:0 a.m.•19 views

WordPress Huge IT Image Gallery 1.0.0 SQL Injection

Exploit Title : Wordpress Huge-IT Image Gallery 1.0.1 Authenticated SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://huge-it.com/ Software Link : http://downloads.wordpress.org/plugin/gallery-images.zip Mirror Link :...

seebug.org•added 2014/08/27 12:0 a.m.•21 views

TinyShop SQL注入

简要描述：未过滤，导致注入详细说明：问题出现在/protected/controllers/simple.php中： //捆绑商品数量 public function bundbuynum $id = Filter::intReq::args'id'; $num = Filter::intReq::args'num'; if$numwhere"id=$id"-find; if$bund//为了条件语句执行，$id要存在。 $goodsid = $bund'goodsid'; $products = $model-table"goods as go"-join"left join...

0day.today•added 2014/08/26 12:0 a.m.•17 views

vampir.mobi SQL injection Vulnerability (100k people)

SQL injection on site vampir.mobi with a lot of people about 100k. Usage Info Need sqlmap, registred account This is private exploit. You can buy it at https://0day.today...

0day.today•added 2014/08/22 12:0 a.m.•30 views

CMS Agencija O2 Cross Site Scripting / SQL Injection Vulnerabilities

CMS Agencija O2 suffers from cross site scripting and remote SQL injection vulnerabilities. SQL Injection & XSS on CMS Agencija O2 Risk: High CWE number: CWE-89,CWE-79 Date: 22/08/2014 Vendor: Agencija O2 Author: Felipe " Renzi " Gabriel Contact: email protected Tested on: Windows 8 pro & Linux...

Packet Storm•added 2014/08/22 12:0 a.m.•13 views

CMS Agencija O2 Cross Site Scripting / SQL Injection

SQL Injection & XSS on CMS Agencija O2 Risk: High CWE number: CWE-89,CWE-79 Date: 22/08/2014 Vendor: Agencija O2 Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on: Windows 8 pro & Linux Mint Vulnerable File: category.php Exploits: http://host/cms/category.php?qcatid=SQLI & X...

exploitpack•added 2014/08/11 12:0 a.m.•12 views

WordPress Plugin GB Gallery Slideshow - wp-adminadmin-ajax.php SQL Injection

WordPress Plugin GB Gallery Slideshow - wp-adminadmin-ajax.php SQL Injection source: https://www.securityfocus.com/bid/69181/info The GB Gallery Slideshow plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it i...

seebug.org•added 2014/07/29 12:0 a.m.•23 views

某投稿系统通用型SQL注射漏洞（影响众多企事业单位及学校）

简要描述：某投稿系统通用型SQL注射漏洞详细说明：南京杰诺瀚软件科技有限公司的投稿系统SQL注射漏洞 intitle:投稿系统技术支持：南京杰诺瀚软件科技有限公司 Web/Login.aspx 页面的 username 参数存在问题 DBA 权限注射 URL:...

0day.today•added 2014/07/24 12:0 a.m.•22 views

Wordpress Video Gallery Plugin 2.5 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title : Wordpress Video Gallery 2.5 SQL Injection and XSS Vulnerabilities Exploit Author : Claudio Viviani Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery Software Link :...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by