openEMR 4.2.0 Cross Site Scripting / SQL Injection

Advisory: Multiple reflecting/stored XSS- and SQLi-vulnerabilities in openEMR v.4.2.0 Advisory ID: SROEADV-2015-08 Author: Steffen Rösemann Affected Software: openEMR v.4.2.0 Release-date: 28th Dec 2014 Vendor URL: http://www.open-emr.org Vendor Status: patched CVE-ID: to be assigned after releas...

Moodle Blog 1.18.2.2/1.6.2 Module SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20395/info Moodle is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application, access or modify data, ...

FortiAnalyzer 5.0.4 - CSRF Vulnerability

Exploit for php platform in category web applications CertR no respond my email, not Fortinet has not given the credits. I. VULNERABILITY ------------------------- CSRF vulnerabilities in OS of fortianalyzer 5.0.4 II. BACKGROUND ------------------------- Fortinet’s industry-leading, Network...

Quick CMS 3.0 Cross Site Request Forgery

================================ + Exploit Title: Quick CMS v3.0 Cross Site Request Forgery Add Admin User + Author : ^Xecuti0n3r + E-mail : xecuti0n3ryahoo.com + Category : Web Apps XSRF + Dork : intext:"Quick.Cms v3.0" inurl:admin.php + Demo CMS Link:...

ActiveCMS v1.2_dev CSRF (Add User) Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

CVE-2010-2545

Multiple cross-site scripting XSS vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing HPC Solution and other products, allow remote attackers to inject arbitrary web script or HTML via 1 the name element in an XML template to templatesimport.php; and allow remote...

CVE-2010-2545

Multiple cross-site scripting XSS vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing HPC Solution and other products, allow remote attackers to inject arbitrary web script or HTML via 1 the name element in an XML template to templatesimport.php; and allow remote...

Invision Power Board Currency Mod 1.3 - 'edit' SQL Injection

Exploit Title: Invision Power Board Currency Modedit SQL injection Date: 17/04/2007 Author: Pr0T3cT10n Software Link: www.invisionpower.com Version: 1.3 Tested on: 1.3 CVE: Code: !/usr/bin/perl Invision Power Board Currency Modedit SQL injection. Bug found by Pr0T3cT10n, [email protected] The...

Simply Classified 0.2 - Cross-Site Scripting Cross-Site Request Forgery

Simply Classified 0.2 - Cross-Site Scripting Cross-Site Request Forgery Simply Classified 0.2 XSS & CSRF Vulnerabilities Found by: mrme Tested On: Windows Vista Note: For educational purposes only Author contact date: 16th December 2009 Advisory:...

Simply Classified 0.2 - Cross-Site Scripting / Cross-Site Request Forgery

Simply Classified 0.2 XSS & CSRF Vulnerabilities Found by: mrme Tested On: Windows Vista Note: For educational purposes only Author contact date: 16th December 2009 Advisory: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-002-simply-classifieds-v0.2-xss-and-csrf/ Greetz...

kalimat new system v 1.0 (index.php) SQL Injection

No description provided by source. ===================================== | kalimat v 1.0 admin by pass index.php ===================================== Author: ProF.Code Email :[email protected] ===================================== dorkgoogle : intext:"Kalimat news system v 1.0" demo:...

Vikingboard <= 0.2 Beta SQL Column Truncation Vulnerability

No description provided by source. --------------------------------------------------------------------- Vikingboard = 0.2 Beta SQL Column Truncation --------------------------------------------------------------------- Discovered By: StAkeR - StAkeRathotmaildotit Discovered On: 25/09/2008...

PT-2008-5267 · Opendb · Opendb

Name of the Vulnerable Software and Affected Versions: OpenDb version 1.0.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the user id parameter in an edit action to "user admin.php", the title parameter to "listings.php", and the...

TOKOKITA - produk_id SQL Injection

TOKOKITA - produkid SQL Injection !/usr/bin/perl k1tk4t Public Security Advisory //////////////////////////////////////////////////////////// TOKOKITA Multiple Remote SQL Injection Demosite : http://www.tokokita.net/toko/ Vendor : http://www.tokokita.com/ Kutu : 1. catlist.php?catid=Blind SQLi 2...

BosNews v4.0 Remote add user admin

-------------------------------------------------------------------------------------------------------------- ----- H-T Team HouSSaMix + ToXiC350 from MoroCCo ---------------------------------------------------------...

YaBB SE 1.5.5 - Remote Command Execution

!/usr/bin/perl YaBB SE version new; $top-title"r57yabbse155ceGUI"; $top-resizable0,0; $url = 'http://server/forum/index.php'; $id = '1'; $cookiename = 'YaBBSE155'; $cmd = 'ls -la; id; uname -a;'; $button1text = 'Found admin ID'; $foundadminid = \ $stop = 0; $xpl = LWP::UserAgent-new or die;...

Agares PhpAutoVideo 2.21 (articlecat) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ================================================================== Agares PhpAutoVideo 2.21 articlecat Remote SQL Injection Exploit ================================================================== !/usr/bin/perl Agares PhpAutoVideo 2.21...

ftpadmin-multi.txt

FTP Admin v0.1.0 - MULTIPLE VULNERABILITIES by Omni 1 Infos --------- Date : 2007-11-28 Product : FTP Admin Version : v0.1.0 Vendor : http://sourceforge.net/projects/ftpadmin/ Vendor Status : 2007-11-30 Informed! Description : FTP admin is a web-based user administration tool, for usage in...