118 matches found
Hasan MWB 1.0 Time-Based SQL Injection
=================================================== Hasan MWB v1.0 - Multiple Time-Based SQL Injections =================================================== Exploit Title: Hasan MWB v1.0 - Multiple Time-Based SQL Injections Date: 12-04-2018 Category: Webapps Author: Socket0x03 Alvaro J. Gene Email...
Cory Support 1.0 SQL Injection
============================================================ Cory Support v1.0 - Time-Based SQL Injection in 'signin.php' ============================================================ Exploit Title: Cory Support v1.0 - Time-Based SQL Injection in 'signin.php' Date: 11-22-2018 Category: Webapps...
WordPress WP User Manager 2.0.8 SQL Injection
==================================================================== WP User Manager v2.0.8 WordPress Plugin - Time-Based SQL Injection ==================================================================== Exploit Title: WP User Manager v2.0.8 WordPress Plugin - Time-Based SQL Injection Date:...
WordPress Chained Quiz 1.0.8 Plugin - answer SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection Exploit Author: Çlirim Emini Website: https://www.sentry.co.com Software Link: https://wordpress.org/plugins/chained-quiz/ Version/s: 1.0.8 and below Patched Version:...
CVE-2018-8820
An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xpcmdshell. In some cases, the...
WordPress Doctor Appointment Booking 1.0.0 SQL Injection / XSS
Exploit Title: Wordpress Doctor Appointment Booking Plugin v1.0.0 - SQL Injection / XSS Date: 2018-01-01 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/doctor-appointment-booking-wordpress-plugin/21215314 Version: 1.0.0 Tested on: Kali...
nuevoMailer version 6.0 and earlier time-based SQL Injection
Description: SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter. PoC: https://vulnerablesite.com/inc/rdr.php?r=69387c602c1056c556time based SQL INJ...
WordPress Spider Event Calendar 1.5.51 Blind SQL Injection
============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY...
NewsBee CMS - SQL Injection
NewsBee CMS - SQL Injection Exploit Title: NewsBee CMS – SQL Injection Date: 06.02.2017 Software Link: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937?srank=2 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category:...
Exponent CMS 2.3.9 - Blind SQL Injection
Exponent CMS 2.3.9 - Blind SQL Injection ============================================= MGC ALERT 2016-005 - Original release date: September 09, 2016 - Last revised: September 20, 2016 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2016-7400...
Exponent CMS 2.3.9 - Blind SQL Injection
============================================= MGC ALERT 2016-005 - Original release date: September 09, 2016 - Last revised: September 20, 2016 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2016-7400 ============================================= I...
Exponent CMS 2.3.9 Blind SQL Injection
============================================= MGC ALERT 2016-005 - Original release date: September 09, 2016 - Last revised: September 20, 2016 - Discovered by: Manuel GarcAa CA!rdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2016-7400 ============================================= I...
SocialEngine 4.8.9 - SQL Injection
Exploit for php platform in category web applications Product: SocialEngine Vendor: Webligo Vulnerable Versions: 4.8.9 and probably prior Tested Version: 4.8.9 Advisory Publication: December 21, 2015 without technical details Vendor Notification: December 21, 2015 Public Disclosure: April 6, 2016...
Mail.ru: [cfire.mail.ru] Time Based SQL Injection
Добрый день. Уязвимо кукис с названием cfiresid. Рабочий PoC GET /account/userbar/ HTTP/1.1 User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/537.36 KHTML, like Gecko Chrome/47.0.2526.73 Safari/537.36 OPR/34.0.2036.25 Host: cfire.mail.ru Accept: text/html, application/xml;q=0.9,...
Centreon Enterprise Server 2.3.3-2.3.9-4 - Blind SQL Injection Exploit
No description provided by source. !/usr/bin/env python Exploit Title: Centreon 2.3.3 - 2.3.9-4 menuXML.php Blind SQL Injection Exploit Disclosure Date: December 12, 2012 Author: modpr0be @modpr0be Platform: Linux Tested on: Centreon Enterprise Server with Centreon 2.3.9-4 on CentOS 5.5 x8664 Fin...
Centreon 2.3.x SQL Injection
!/usr/bin/env python Exploit Title: Centreon 2.3.3 - 2.3.9-4 menuXML.php Blind SQL Injection Exploit Disclosure Date: December 12, 2012 Author: modpr0be @modpr0be Platform: Linux Tested on: Centreon Enterprise Server with Centreon 2.3.9-4 on CentOS 5.5 x8664 Final Software Link:...
Trend Micro Control Manager 5.5 / 6.0 Blind SQL Injection
!/usr/bin/env python Exploit Title: Trend Micro Control Manager 5.5/6.0 AdHocQuery BlindSQL Injection post-auth Disclosure Date: 09/27/2012 Author: otoy @otoyrood & modpr0be @modpr0be Contact: researchatspentera.com Platform: Windows Tested on: Windows 2003 Standard Edition Software Link:...
WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project
WAVSEP 1.0.3 – Web Application Vulnerability Scanner Evaluation Project A vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners. This evaluation platform contains a collection of unique vulnerable web pages that can be...