Thinksaas SQL注入漏洞

简要描述： Thinksaas SQL注入5 详细说明： Thinksaas SQL注入5 积分兑换——物品编辑处，sql注入。 第一处：/app/redeem/action/edit.php case "do": $goodsid = intval$POST'goodsid'; $cateid = intval$POST'cateid'; $title = trim$POST'title';//问题在这里 $content = trim$POST'content';//问题在这里 $nums = intval$POST'nums'; $scores =...

WordPress Mz-Jajak 2.1 SQL Injection

Exploit Title: WordPress Mz-jajak plugin query"UPDATE " . $tablename . " SET ".$answert."=".$answert."+1 WHERE id=".$id; $rows = $wpdb-getresults"SELECT FROM " . $tablename . " WHERE id=".$id; Greetz: T0r3x, m1l05, JuMp-Er, EsC, UNICORN, Xermes, s4r4d0...

INSECT Pro 2.7 - Penetration testing tool download

INSECT Pro 2.7 - Penetration testing tool download INSECT Pro 2.7 - Ultimate is here! This penetration security auditing and testing software solutionis designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active...

DmxReady Links Manager 1.2 SQL Injection

Exploit Title: DmxReady Links Manager v1.2 SQL Injection Vulnerability Google Dork: inurl:inclinksmanager.asp Date: 03.07.2011 Author: Bellatrix Software Link: http://www.dmxready.com/?product=links-manager Version: v1.2 Language: ASP Price : $99.97 Tested on: Windows XP Sp3 Greetz : VoLqaN ,...

DmxReady News Manager 1.2 - SQL Injection

DmxReady News Manager 1.2 - SQL Injection Exploit Title: DmxReady News Manager v1.2 SQL Injection Vulnerability Google Dork: inurl:incnewsmanager.asp Date: 03.07.2011 Author: Bellatrix Software Link: http://www.dmxready.com/?product=news-manager Version: v1.2 Language: ASP Price : $99.97 Tested o...

CVE-2009-3720

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...

Panda Security ActiveScan 2.0 (Update) Remote BOF Exploit

Exploit for unknown platform in category remote exploits ========================================================= Panda Security ActiveScan 2.0 Update Remote BOF Exploit ========================================================= Author: Karol Wiesek There exists two vulnerabilities in Panda...

LDAP server update function vulnerable to buffer overflow

Overview Some LDAP servers contain a buffer overflow vulnerability in the update processing. Impact A remote attacker could cause a denial of service or execute arbitrary code with the privileges of the user running the LDAP server. Solution None...

CVE-2008-0227

yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service crash via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update function in hash.cpp...