1 POST /modx/connectors/lang.js.php HTTP/1.1
2 Host: 192.168.1.70
3 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:26.0)
Gecko/20100101 Firefox/26.0
4 Accept: */*
5 Accept-Language: en-US,en;q=0.5
6 Accept-Encoding: gzip, deflate
7 Referer:
#
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#
#
# CVE ID : CVE-2014-1597
# CSNC ID: CSNC-2014-003
# Product: i-doit
# Vendor: synetics Gesellschaft für
Information
Name : SQL Injection Vulnerability in glFusion
Software : glFusion 1.3.0 and possibly below.
Vendor Homepage : http://www.glfusion.org
Vulnerability Type : Blind SQL Injection
Severity : Critical
Researcher : Omar Kurt
Advisory Reference : NS-13-009
Hello list!
There is SQL Injection vulnerability in Soltech.CMS. This is commercial CMS.
-
Affected products:
-
Vulnerable are Soltech.CMS v 0.4 and previous versions.
-
Affected vendors:
-
Product: FOOT Gestion
Version: -
Vendor: Winsoft
Vendor site:http://www.footgestion.ch
Status: fixed
Level: High
=
Description
=
FOOT Gestion is a soccer team management CMS. The solution is based on a
software and a CMS website.
The website module is affected by a SQL injection
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
SQL Injection in Oracle Enterprise Manager (compareWizFirstConfig web page).
Risk Level:
High
Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2 (and
previous patchsets)
Oracle
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
AppSecInc Team SHATTER Security Advisory
SQL Injection in Oracle Enterprise Manager (searchPage web page).
Risk Level:
High
Affected versions:
Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 (and
previous patchsets)
Oracle Enterprise
During vulnerability assessment or penetration testing, identifying the
input vectors of the target application is a first step. Sometimes, when
dealing with Web application testing, verification routines related to SQL
injection flaws discovery are restricted to the GET and POST variables as
the
Information
Name : SQL Injection Vulnerability in Batavi
Software : Batavi 1.1.2 and possibly below.
Vendor Homepage : http://www.batavi.org
Vulnerability Type : SQL Injection
Severity : Critical
Researcher : Onur Yılmaz
Advisory Reference : NS-12-003
Description
Information
Name : SQL Injection Vulnerability in OpenEMR
Software : OpenEMR 4.1.0 and possibly below.
Vendor Homepage : http://www.open-emr.org
Vulnerability Type : SQL Injection
Severity : Critical
Researcher : Canberk Bolat
Advisory Reference : NS-12-001
Description
Retreived data using Sqlmap:
Public Database: salkpublicweb2
Tables:
[5 tables]
+--+
| category |
| faculty |
| page |
| users|
| video|
+--+
The users table contains around 80 username and password entries which
can be easily retrieved.
Madhur
The libary system from the university Regensburg is vulnerable:
http://rzblx10.uni-regensburg.de/dbinfo/dbliste.php?bib_id=wlbcolors=15ocolors=40lett=ccollid=%27
http://pastebin.com/4Z57qUky
___
Full-Disclosure - We believe in it.
Charter:
Just saw this earlier:
http://www.un.org/chinese/News/archive.asp?month=5year=2010'
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Over year in DB multiple..
http://www.vs-db.info/?s=un.org
MG.
Wiadomość napisana przez Sihan w dniu 2011-05-30, o godz. 03:50:
Just saw this earlier:
http://www.un.org/chinese/News/archive.asp?month=5year=2010'
___
Full-Disclosure - We
Are you going to react to this at all? This isn't even the first time:
http://www.securityfocus.com/archive/1/517931
Best regards,
Henri Salo
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
Are you going to react to this at all? This isn't even the first time:
http://www.securityfocus.com/archive/1/517931
Best regards,
Henri Salo
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted
We are continuing with the list of security vulnerabilities found in a
number of web applications while testing our latest version of Acunetix
WVS v7 . In this blog post, we will look into the details of a number of
security problems discovered by Acunetix WVS in CubeCart.
CubeCart is a fully
of Websecurity web site
http://websecurity.com.ua
- Original Message -
From: Henri Salo he...@nerv.fi
To: MustLive mustl...@websecurity.com.ua
Cc: full-disclosure@lists.grok.org.uk
Sent: Thursday, August 12, 2010 4:38 PM
Subject: Re: [Full-disclosure] SQL Injection vulnerability in CMS
WebManager
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 11 Aug 2010 21:04:51 +0300
MustLive mustl...@websecurity.com.ua wrote:
Hello Full-Disclosure!
I want to warn you about SQL Injection vulnerability in CMS
WebManager-Pro.
SQL Injection:
Hello Full-Disclosure!
I want to warn you about SQL Injection vulnerability in CMS WebManager-Pro.
SQL Injection:
http://site/index.php?content_id=-1%20or%20version()=4
Affected software:
Vulnerable are CMS WebManager-Pro v.7.4.3 (version from FGS_Studio) and
previous versions. Original
Hello Full-Disclosure!
I want to warn you about security vulnerability in coWiki.
Earlier I already wrote about XSS vulnerability in coWiki -
SecurityVulns ID:8005 (http://securityvulns.ru/Rdocument692.html).
-
Advisory: SQL Injection vulnerability in coWiki
Product: Zabbix
Vendor: Zabbix SIA
References: http://www.securityfocus.com/bid/39752
http://secunia.com/advisories/39119
Software Link: http://www.zabbix.com/
Vulnerable Version: = 1.8.1
Vulnerability Type: SQL Injection
Status: Fixed in version 1.8.2
Risk level: Medium
Author: David skys
Vulnerable URL
http://www.glmees.org.br:80/noticias_exibe.php?id=253
Tables of database glmees
arquivos
imagens
irmaos
mensagens
noticias
usuarios
___
Full-Disclosure - We believe in it.
Charter:
Vulnerable URL
/d_wnl_ads/?did=14dc=1gid=28
Users:
demolaymain
demolaystore
phpmyadmin
root
Tables from DEMOLAY database
ADVISOR_TYPE..WORK_GROUP_PERMISSION (75 tables)
This ought to be fixed, SWIM tells me there's tons of personal stuff in
these tables.
{ Ariko-Security - Advisory #4/3/2010 } =
SQL injection vulnerability in wILD CMS
Vendor's Description of Software:
# http://www.wildcms.com/
Vulnerable DEMO
# http://www.wildcms.com/page.php?page_id=139
Dork:
# N/A
Application Info:
# Name: wILD CMS
{ Ariko-Security - Advisory #2/3/2010 } =
SQL injection and XSS vulnerability in NATYCHMIAST CMS
Vendor's Description of Software:
# http://www.natychmiast-cms.pl/Natychmiast+CMS.html [Polish]
Dork:
# N/A
Application Info:
# Name: NATYCHMIAST CMS
Vulnerability
# Title: [SQL injection vulnerability in WebAdministrator Lite CMS]
# Date: [25.02.2010]
# Author: [Ariko-Security]
# Software Link: [http://jskinternet.pl/]
# Version: [Lite]
{ Ariko-Security - Advisory #5/2/2010 } =
SQL injection vulnerability in
# Title: [SQL injection vulnerability in LiveChatNow]
# Date: [20.02.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.livechatnow.com/]
# Version: [ALL]
# Tested on: [freebsd / ubuntu]
{ Ariko-Security - Advisory #4/2/2010 } =
SQL injection
# Title: [SQL injection vulnerability in Amelia CMS]
# Date: [10.02.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.ameliadesign.eu/]
# Version: [ALL]
# Tested on: [freebsd / ubuntu]
{ Ariko-Security - Advisory #3/2/2010 } =
SQL injection
{ Ariko-Security - Advisory #1/2/2010 } =
SQL injection vulnerability in apemCMS
Vendor's Description of Software:
# http://apem.com.pl/?sc=oferta
Dork:
#Powered by apemCMS
Application Info:
# Name: apemCMS
# Versions: ALL
Vulnerability Info:
# Type: SQL
OCS Inventory NG Server 1.2.1
Details:
The Open Computer and Software (OCS) Inventory Next Generation (NG)
provides relevant inventory information about system configurations and
software on the network.
Download : http://www.ocsinventory-ng.org/index.php?page=1-02-1
Found by : Guilherme
Name SQL Injection in package DBMS_AQADM_SYS
[CVE-2009-0977]
Systems Affected Oracle 9.2.0.8 - 10.2.0.3
Severity Medium Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Franz Hüll
CVE
Name SQL Injection in package DBMS_AQIN
[CVE-2009-0992]
Systems Affected Oracle 10.1.0.5 - 11.1.0.7
Severity High Risk
Category SQL Injection
Vendor URLhttp://www.oracle.com/
Author
Dear Full-Disclosure,
Since F-Secure, Kaspersky, Symantec, SecurityFocus and Secunia apparently
don't care about fake anti-virus authors, I'm giving you this awesome, yet
simple flaw that will give you access to their main control panel.
!background
I originally found this
Original article:
http://www.davidsopas.com/2008/09/sql-injection-in-easyrealtorpro/
EasyRealtorPRO 2008 provides you with all features you need to setup
your own business oriented real estate website on your own domain
name. Our support team will install the script on your server and then
you
SQL Injection Vulnerability in BtiTracker and xbtit
Vulnerable products
BtiTracker =1.4.7
https://sourceforge.net/projects/btit-tracker/
xbtit =2.0.542
http://www.btiteam.org
Description
A vulnerability is caused due to the application does not perform sanitation
checks for input passed to
(resend with title...)
NGSSoftware Insight Security Research Advisory
Name: SQL Injection Flaw in Oracle Workspace Manager
Systems Affected: Oracle 10g release 1 and 2, Oracle 9i
Severity: High
Vendor URL: http://www.oracle.com/
Author: David Litchfield [ [EMAIL PROTECTED] ]
Reported: 22nd
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yessir.
On Wed, 17 Oct 2007 10:27:49 -0400 David Litchfield
[EMAIL PROTECTED] wrote:
(resend with title...)
NGSSoftware Insight Security Research Advisory
Name: SQL Injection Flaw in Oracle Workspace Manager
Systems Affected: Oracle 10g release 1
Information: The IP-Tracking Mod is a Extension for phpBB2.0.x which
logs all Page hits the user of the Boards do including Referer, IP and
Username. It contains a SQL-Injection on Admin-Level. You can get it
from:
http://www.phpbb.de/viewtopic.php?t=63690postdays=0postorder=ascstart=0
Steps
Hello folks!!
This is the website. ( SQL Injection vulnerability )
Website deloped using web 2.0 concept, very very same as Google tools
http://www.misgood.com
USER: ' or 1=1 --
PASS: ' or 1=1 --
get logged! now you will see the first ID in the system.
Have fun.
- Quik
Hi,
I have another question, somehow related with my previous one.
I have an injection point, where I can do, for example
test.asp?param=blabla' and 1=(select @@version)--
and injections of the sort, and retrieve the information without problems.
Now, when I try to execute a stored
Hi,
I have another question, somehow related with my previous one.
I have an injection point, where I can do, for example
test.asp?param=blabla' and 1=(select @@version)--
and injections of the sort, and retrieve the information without problems.
Now, when I try to execute a stored
HI,
Does anyone know how to get the body of a stored procedure in MS SQL
Server through a SELECT statement?
In other words, are the Stored Procedures bodies saved in any accesible
system table?
Cheers,
Andy.
_
Grandes éxitos,
Andres,
Stored procedures are saved in the syscomments table in the text field. They
are then tied to the sysobjects table by the field id.
SELECT sc.Text FROM syscomments sc
JOIN sysobjects so ON so.id = sc.id
WHERE so.Name LIKE '%PROC_NAME%'
That query would retrieve the body of the
NameSQL Injection Vulnerability in Oracle WWV_FLOW_UTILITIES
Systems Affected Oracle APEX/HTMLDB
SeverityHigh Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Date 18 October
NameSQL Injection in Oracle package SYS.DBMS_SQLTUNE_INTERNAL (6980745)
[DB10]
Systems AffectedOracle 8i-10g Rel. 2
SeverityHigh Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory
Name SQL Injection in Oracle package SYS.DBMS_CDC_IMPDP [DB04]
Systems AffectedOracle 10g
SeverityHigh Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory18 October 2006 (V
Name SQL Injection in Oracle package MDSYS.SDO_LRS (7569081) [DB13]
Systems AffectedOracle 9i Rel. 2
SeverityHigh Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory18
Name SQL Injection in Oracle package XDB.DBMS_XDBZ0 [DB01]/[DB15]
Systems AffectedOracle 9i Rel.2 - 10g Rel. 2
SeverityHigh Risk
CategorySQL Injection
Vendor URL http://www.oracle.com/
Author Alexander Kornbrust (ak at red-database-security.com)
Advisory
A security vulnerability was recently discovered in all versions of
Moodle 1.6 and later that allows SQL injection. A quick one-line fix has
already been added to CVS to patch this problem for 1.6.x and 1.7 versions.
Update your servers using CVS as soon as possible, or edit the file
//http://www.w4cking.comProduct: 4images 1.7.xhttp://www.4homepages.deVulnerability:
SQL injectionNotes:- SQL injection can be used to obtain password hash- for version 1.7.3, you must log in as a registered
//
http://www.w4cking.com
Product:
moodle 1.6.2
http://www.moodle.org
Vulnerability:
SQL injection
Notes:
- SQL injection can be used to obtain password hash
- the moodle blog module must be enabled
- guest access to the blog must be enabled
POC:
Well this would be NDSD-06-002 but n3td3v
seems to have really left...All relevant details are in the message below,
the SQL injection was patched within a day
(http://forums.invisionpower.com/index.php?showtopic=204627), I believe the
other problems still exist.
-Original
Aditya Sood wrote:
Hi Everyone
A very crafty SQL injection found in the MSN Website.
Sending u the details
Attachment:pdf
ZeroKnock
MetaEye Security
http://zeroknock.metaeye.org
site:
http://bookmark4u.sourceforge.net/
Hello i found a vulnerability in bookmark4u that u can use to make sql injections...
the following PoC changes the admin password:
[code]
form action='' method='post' trtd align='center' input type='hidden' name='sqlcmd' value=# add a administrator
SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1
Version: PHPKit 1.6.1
Risk: High if magic_quotes_gpc = Off
URL: http://www.phpkit.com
***
SQL Injection in include.php?path=login/member.php
The
56 matches
Mail list logo