nuevoMailer version 6.0 and earlier time-based SQL Injection

Description: SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter. PoC: https://vulnerablesite.com/inc/rdr.php?r=69387c602c1056c556time based SQL INJ...

nuevoMailer 6.0 SQL Injection

Exploit Title: nuevoMailer version 6.0 and earlier time-based SQL Injection Exploit Author: ALEH BOITSAU Google Dork: inurl:/inc/rdr.php? Date: 2017-06-09 Vendor Homepage: https://www.nuevomailer.com/ Version: 6.0 and earlier Tested on: Linux CVE: CVE-2017-9730 Description: SQL injection...

Joomla 3.7.0 Fields SQL Injection

Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on: Win, Kali Linux x64, Ubuntu, Manjaro and Arch Linux...

Joomla 3.7.0 - com_fields SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on...

Whitewidow - SQL Vulnerability Scanner

Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server information, multiple SQL injection syntax, abili...

Joomla! 3.7.0 - com_fields SQL Injection

Joomla! 3.7.0 - comfields SQL Injection Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on: Win, Kali...

Joomla! 3.7.0 - 'com_fields' SQL Injection

Exploit Title: Joomla 3.7.0 - Sql Injection Date: 05-19-2017 Exploit Author: Mateus Lino Reference: https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html Vendor Homepage: https://www.joomla.org/ Version: = 3.7.0 Tested on: Win, Kali Linux x64, Ubuntu, Manjaro and Arch Linux...

Gongwalker API Manager 1.1 Blind SQL Injection

Exploit Title: gongwalker API Manager v1.1 - Blind SQL Injection Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/gongwalker/ApiManager Software Link: https://github.com/gongwalker/ApiManager.git Version: v1.1 Tested on: Debian...

Apache Ranger eventTime parameter SQL injection Vulnerability (CVE-2016-2174)

Description ----------- Apache Ranger =:6080/service/plugins/policies/eventTime ?eventTime=' or '1'='1 &policyId=1 The vulnerable code is located in the org/apache/ranger/db/XXDataHistDao.java file in the findObjByEventTimeClassTypeAndId function: public XXDataHist...

Faraday v2.4 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday is the Integrated Multiuser Risk Environment you were looking for! It maps and leverages all the knowledge you generate in real time, letting you track and understand your audits. Our dashboard for CISOs and managers uncovers the impact and risk being assessed by the audit in real-time...

Joomla com_joominaflileselling 2.2 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Joomla comjoominaflileselling 2.2 SQL injection Vulnerability Exploit Author : xBADGIRL21 Dork : inurl:index.php?option=comjoominaflileselling Vendor Homepage : http://www.joomina.ir by amirrezatehrani Link :...

SlimarUSER Management 1.0 - id Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SlimarUSER Management v1.0 – 'id' Parameter SQL Injection Date: 03.02.2017 Vendor Homepage: http://slimar.org Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...

SlimarUSER Management 1.0 SQL Injection

Exploit Title: SlimarUSER Management v1.0 a 'id' Parameter SQL Injection Date: 03.02.2017 Vendor Homepage: http://slimar.org Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview SlimarUSER is a PHP user management system ful...

Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery

Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery Source: https://www.foxmole.com/advisories/foxmole-2016-07-05.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities...

SlimarUSER Management 1.0 - 'id' SQL Injection

Exploit Title: SlimarUSER Management v1.0 – 'id' Parameter SQL Injection Date: 03.02.2017 Vendor Homepage: http://slimar.org Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview SlimarUSER is a PHP user management system ful...

Zoneminder 1.29 / 1.30 CSRF / XSS / SQL Injection / Session Fixation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities Affected Versions ================= Zoneminder 1.29,1.30 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site Scripting, Session Fixation, No...

Complain Management System SQL Injection

Title : Complain Management System SQL Injection Date: 20 January 2017 Exploit Author: Sibusiso Sishi [email protected] Tested on: Windows7 x32 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied Download Software:...

Complain Management System - SQL injection Vulnerability

Exploit for php platform in category web applications Title : Complain Management System SQL Injection Date: 20 January 2017 Exploit Author: Sibusiso Sishi email protected Tested on: Windows7 x32 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied Download...

Complain Management System - SQL injection

Title : Complain Management System SQL Injection Date: 20 January 2017 Exploit Author: Sibusiso Sishi [email protected] Tested on: Windows7 x32 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied Download Software:...

Courier Management System Cross Site Scripting / SQL Injection

Title : Courier Management System - Sql Injection and non-persistent XSS login portal Date: 17 January 2017 Exploit Author: Sibusiso Sishi [email protected] Tested on: Windows7 x32 Vendor: http://couriermanageme.sourceforge.net/ Version: not supplied Download Software:...