CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

737 matches found

seebug.org•added 2014/07/22 12:0 a.m.•133 views

easysite内容管理系统某简单粗暴的SQL注入

简要描述： web services是不会骗人的！大量gov站点采用了easysite内容管理系统。详细说明： 1.soap注入 easysite webservice 文件： http://www.py.gov.cn/DesktopModules/CInfo/WebService/CInfoService.asmx 2.ArticleIDs参数存在SQL注入漏洞随便找个放sqlmap里跑吧 POST /DesktopModules/CInfo/WebService/CInfoService.asmx HTTP/1.1 Host: dynamic.xmedu.gov.cn...

seebug.org•added 2014/07/18 12:0 a.m.•15 views

逐浪oa后台存在sql注入

简要描述：这个能算通用吗。。没什么技术含量详细说明：官网演示地址：http://oa.zoomla.cn/ 使用admin admin888登陆注入点http://oa.zoomla.cn/Messagemanage/ViewMessageManage.aspx?id=1 没有经过任何限制，直接可以注入 http://oa.zoomla.cn/Messagemanage/ViewMessageManage.aspx?id=1 and 1=1返回正常 http://oa.zoomla.cn/Messagemanage/ViewMessageManage.aspx?id=1 and...

Packet Storm•added 2014/07/11 12:0 a.m.•27 views

FoeCMS 1.6.6 SQL Injection

Exploit Title : FoeCMS SQL inection vulnerability in search page Author : Jagriti Sahu Vendor : http://foecms.com/ Download Link : https://github.com/themarioga/FoeCMS/archive/master.zip Date : 11/07/2014 Discovered at : IndiShell Lab Love to : Surbhi, Mradula and Harry Greez to : ALL Indian...

0day.today•added 2014/07/10 12:0 a.m.•23 views

Wordpress BSK PDF Manager 1.3.2 Authenticated SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress BSK PDF Manager 1.3.2 Authenticated SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://www.bannersky.com/bsk-pdf-manager/ Software Link : http://downloads.wordpress.org/plugin/bsk-pdf-manager.zip...

Packet Storm•added 2014/07/09 12:0 a.m.•27 views

WordPress BSK PDF Manager 1.3.2 SQL Injection

Exploit Title : Wordpress BSK PDF Manager 1.3.2 Authenticated SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://www.bannersky.com/bsk-pdf-manager/ Software Link : http://downloads.wordpress.org/plugin/bsk-pdf-manager.zip Date : 2014-07-04 Tested on : Windows 7 / Mozilla...

seebug.org•added 2014/07/01 12:0 a.m.•20 views

WP-SpamFree WordPress Spam Plugin SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress wpsf-js plugin, SQL Injection Date: 2011-09-25 Author: cheki Version:3.2.1 Tested on:linux Used: sqlmap SQL Injection http://target/wp-content/plugins/wp-spamfree/js/wpsf-js.php?id=1 Exploit:id=-1; WAITFOR DELAY '0:0:5';-- or id=-1 AND...

seebug.org•added 2014/07/01 12:0 a.m.•17 views

Wordpress Plugin Glossary - SQL Injection

No description provided by source. Exploit Title: WordPress WP Glossary plugin SQL Injection Vulnerability Date: 2011-30-10 Author: longrifle0x software: Wordpress Download: http://wordpress.org/extend/plugins/wp-glossary/ Tools: SQLMAP DESCRIPTIONDiscovered a vulnerability in WP Glossary,...

seebug.org•added 2014/07/01 12:0 a.m.•20 views

WordPress wp-autoyoutube plugin Blind SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress wp-autoyoutube plugin Blind SQL Injection Vulnerability Date: 2012-11-01 Author: longrifle0x software: Wordpress Download:http://wordpress.org/extend/plugins/wp-autoyoutube/ Tools: SQLMAP DESCRIPTION Discovered a vulnerability in...

seebug.org•added 2014/07/01 12:0 a.m.•11 views

php video script SQL Injection Vulnerability

No description provided by source. Exploit Title: php video script SQL Injection Vulnerability Date: 2011-25-11 Author: longrifle0x Home page: www.security-research.ge software: PHP video script Download:http://www.alurian.com/php-video-script/ Tools: SQLMAP Drok: Copyright ? PHP Video Script...

seebug.org•added 2014/07/01 12:0 a.m.•22 views

airVisionNVR 1.1.13 readfile() Disclosure and SQL Injection

No description provided by source. Exploit Title: airVisionNVR readfile disclosure and sql injection Google Dork: Date: Oct 13, 2012 Exploit Author: pennyGrit Vendor Homepage: http://www.ubnt.com/ Software Link: http://www.ubnt.com/downloads/airvision/airVision-v1.1.3-installer.exe Version: 1.1.1...

7.5CVSS0.01505EPSS

0day.today•added 2014/06/01 12:0 a.m.•21 views

Videos Tube 1.0 - Multiple SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Videos Tube SQL Injection and Remote Code Execution Google Dork: inurl:"single.php?url=" video Date: 05.05.2014 Exploit Author: Mustafa ALTINKAYNAK Vendor Homepage: http://www.phpscriptlerim.com Software Link:...

seebug.org•added 2014/05/28 12:0 a.m.•23 views

某学校综合管理平台存在通用型SQL注入

简要描述：某学校综合管理平台存在通用型SQL注入，涉及不少学校。详细说明： http://www.baidu.com/s?wd=%E6%8A%80%E6%9C%AF%E6%94%AF%E6%8C%81%EF%BC%9A56628124%2056626870 漏洞应用开发商：上海安脉计算机科技有限公司 1、http://ps.imau.edu.cn/anmai/login.aspx a、用WVS扫描，发现参数"txtUserName"存在post型SQL注入。 b、将post请求保存2s.txt的文件。 POST /anmai/getsession.asp HTTP/1.1...

seebug.org•added 2014/05/16 12:0 a.m.•160 views

用友NC-IUFO报表系统SQL注入（无需登录通杀所有版本）

简要描述：用友NC-集团报表为集团企业用户提供全面的报表解决方案，它主要支持各类业务报表的输出、合并报表编制、分部报告编制以及报表的权限与流程管理，客户涉及金融、政府、教育、企业等 ------------------------------------------------ 该SQL注入点简单粗暴！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！！详细说明：用友IUFO如图：问题出在单位编码这，点击放大镜查找的时候一直是这页面，还以为没这功能呢，后来才发现可以直接访问URL进入搜索页面；随便找个:...

seebug.org•added 2014/05/07 12:0 a.m.•15 views

帝友P2P借贷系统最新版SQL注入

简要描述：不描述了，忙着去改金额=。= 详细说明：注入点:http://www.diyou.cc/?plugins&area=&class=usel&name=work&q=areas&type=p,c&value=1 GET参数value未有效过滤导致存在注入这是你们家的官网产品演示站对吧？通知存在注入点，未做进一步测试，赶紧赶紧赶紧修复！ python sqlmap.py -u "http://www.diyou.cc/?plugins&area=&class=usel&name=work&q=areas&type=p,c&value=1" --batch -p "value...

securityvulns•added 2014/05/05 12:0 a.m.•90 views

Sendy 1.1.9.1 - SQL Injection Vulnerability

Sendy contains a flaw that may allow carrying out an SQL injection attack. The issue is due to the /send-to script not properly sanitizing user-supplied input to the "c" parameter. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the...

Packet Storm•added 2014/04/15 12:0 a.m.•35 views

Xerox DocuShare SQL Injection

The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...

exploitpack•added 2014/04/15 12:0 a.m.•22 views

Xerox DocuShare - SQL Injection

Xerox DocuShare - SQL Injection The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...

seebug.org•added 2014/03/02 12:0 a.m.•26 views

SrunDisk存储系统通用型盲注

简要描述：刚看看官网原来跟Srun3000另外一款Srundisk系统详细说明： Url:http://218.75.75.92/userspace.php?username=admin username参数过滤不严,直接单引号检测,直接跳转进入空间页面,但是都到Sqlmap可以直接跑数据。漏洞证明： database management system users 6: ''@'localhost' 'aaa'@'%' 'guest'@'%' 'icc'@'%' 'root'@'127.0.0.1' 'root'@'localhost'...

Kitploit•added 2014/02/21 10:45 p.m.•14 views

[GoLismero v2.0] Merge results of security tools (OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer...)

GoLismero is an Open Source security tools that can run their own security tests and manage a lot of well known security tools OpenVas, Wfuzz, SQLMap, DNS recon, robot analyzer... take their results, feedback to the rest of tools and merge all of results. And all of this automatically. Changelog...

Exploits0References1

seebug.org•added 2014/02/14 12:0 a.m.•12 views

逐浪cms通用型post注入

简要描述：逐浪cms post注入详细说明： Url:http://demo.zoomla.cn/Plugins/Register.aspx 注册页面参数TxtCode过滤不严抓包： VIEWSTATE=%2FwEPDwUKMTIyNDY2NzAxNGRk0w6kzdp8SCGVd8OTDosLe3fFnE9ZAKecfpfoPfbVfKI%3D&TxtCode=1111&TxtPassword=111&TxtPassword1=111'&Button1= 漏洞证明：漏洞证明： img...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by