Next Page >>
Injection Vulnerabilities
Core Security Technologies - CoreLabs
Advisory
http://www.coresecurity.com/corelabs/
Multiple XSS and Injection Vulnerabilities in TestLink Test Management
and Execution System
1. *Advisory Information*
########################## WwW.BugReport.ir ###########################################
#
# BugReport Security Research & Penetration Testing Group
#
# Title: [Sky Portal] Multiple SQL Injection Vulnerabilities
# Vendor: http://skyportal.net
# Exploitation: Remote with browser
# Fix Available: Patched In Last Version In Vendor
#######################################################################################
# Leaders : Shahin Ramezany & Sorush Dalili
graph_view.php (filter parameter)
index.php/login (action parameter)
index.php/login (login_username parmeter)
B) Path Disclosure Vulnerabilities
graph.php (local_graph_id parameter)
C) SQL Injection Vulnerabilities
graph_view.php (graph_list parameter)
tree.php (leaf_id parameter)
graph_xport.php (local_graph_id parameter)
tree.php (id parameter)
index.php/login (login_username parameter)
Title:
======
Matterdaddy Market v1.1 - SQL Injection Vulnerabilities
Date:
=====
2012-04-09
Title:
======
Netjuke 1.0 RC1 - SQL Injection Vulnerabilities
Date:
=====
2012-04-12
RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities
Vulnerable: v3.0.7.x
Vendor: www.rj-itop.com
Category: Input Validation Error
Impact: SQL injection
Details:
ECHO_ADV_85$2007
-----------------------------------------------------------------------------------------
[ECHO_ADV_85$2007] alstrasoft E-Friends <= 4.98 (seid) Multiple Remote SQL Injection Vulnerabilities
-----------------------------------------------------------------------------------------
Author : M.Hasran Addahroni
Date : November, 15 th 2007
Location : Australia, Sydney
Web : http://advisories.echo.or.id/adv/adv85-K-159-2007.txt
#######################################################################################
# #
# ...::::RoomPHPlanning((weekview.php)) 1.5 SQL Injection Vulnerabilities ::::... #
#######################################################################################
Virangar Security Team
www.virangar.net
www.virangar.ir
#-------------------In The Name Of God------------
# BPstyle - Graphic studio SQL Injection Vulnerabilities
###################################
#AUTHOR: md.r00t
#Mail: md.r00t.defacer@gmail.com
#Webstie: www.r00t.gigfa.com
#
###################################
#Google D0rk:
# "Designed and Created by: BPstyle - Graphic studio"
Conference 2008 | _ | | | | | (__| () | |
|_| |_|_| |_| \____|____|_|\__|
http://www.hitcon.org
Title =======:: Insanely Simple Blog 0.5 (index) Remote SQL Injection Vulnerabilities
Author ======:: unohope [at] chroot [dot] org
IRC =========:: irc.chroot.org #chroot
#------------------In The Name Of God------------
# Joomla (com_gambling) SQL Injection Vulnerabilities
###################################
#AUTHOR: md.r00t
#Mail: md.r00t.defacer@gmail.com
#Webstie: www.r00t.gigfa.com
#Forum: http://forum.aria-security.com
#
###################################
#Google D0rk:
Amblog 1.0 Joomla Component Multiple SQL Injection Vulnerabilities
Name Amblog
Vendor http://robitbt.hu
Versions Affected 1.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-10
Teams 1_1028_100809_1711 Joomla Component Multiple Blind SQL Injection Vulnerabilities
Name Teams
Vendor http://www.joomlamo.com
Versions Affected 1_1028_100809_1711
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-10
TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities
Name TimeTrack
Vendor http://www.itrn.de
Versions Affected 1.2.4
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-09-22
#######################################################################################
# #
# ...:::::ezContents CMS Version 2.0.0 SQL Injection Vulnerabilities ::::... #
#######################################################################################
Virangar Security Team
www.virangar.net
================================================================
Def_Blog 1.0.3 Multiple Remote SQL Injection Vulnerabilities
================================================================
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
On Fri, Jul 01, 2011 at 11:23:40AM +0200, SEC Consult Vulnerability Lab wrote:
> SEC Consult Vulnerability Lab Security Advisory < 20110701-0 >
> =======================================================================
> title: Multiple SQL Injection Vulnerabilities
> product: WordPress
> vulnerable version: 3.1.3/3.2-RC1 and probably earlier versions
> fixed version: 3.1.4/3.2-RC3
> impact: Medium
> homepage: http://wordpress.org/
> found: 2011-06-21
Google V8 Server-Side JavaScript Injection joins the set of web
application security vulnerabilities
TIME-BASED PHP V8JS INJECTION & NOSQL/SSJS INJECTION
Detecting server-side JavaScript (SSJS) injection vulnerabilities using
time-based techniques. Article by Felipe Aragon - February 25, 2012
This article, which is an update of an article that we originally
published on December 18, 2011, intends to highlight the risk of
unvalidated input used to execute server-side JavaScript.
SEC Consult Vulnerability Lab Security Advisory < 20110701-0 >
=======================================================================
title: Multiple SQL Injection Vulnerabilities
product: WordPress
vulnerable version: 3.1.3/3.2-RC1 and probably earlier versions
fixed version: 3.1.4/3.2-RC3
impact: Medium
homepage: http://wordpress.org/
found: 2011-06-21
by: K. Gudinavicius
Title:
======
Dolibarr CMS v3.2.0 Alpha - SQL Injection Vulnerabilities
Date:
=====
2012-02-09
#------------------In The Name Of God------------
# IWD Group SQL Injection Vulnerabilities
###################################
#AUTHOR: md.r00t
#Mail: md.r00t.defacer@gmail.com
#Webstie: www.r00t.gigfa.com
#
###################################
#Google D0rk:
# "Designed by IWD Group"
Biblioteca 1.0 Beta Joomla Component Multiple SQL Injection Vulnerabilities
Name Biblioteca
Vendor http://www.cielostellato.info
Versions Affected 1.0 Beta
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-21
ImageAlbum Remote SQL Injection Vulnerabilities
-------------------------------------------------------------------------
Product: ImageAlbum
Version: Latest 2.0.0b2, others not tested
Vendor: http://imagealbum.sourceforge.net/
Date: 01/10/08
- Introduction
# Exploit Title: Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerabilities
# Date: 05.09.2010
# Author: Stephan Sattler // Solidmedia
# Software Link: http://www.joomla-clantools.de/downloads/doc_download/7-clantools-123.html
# Version: 1.2.3
[ Vulnerability 1 ]
http://www.site.com/joomlapath/index.php?option=com_clantools&squad=1+[Blind SQL]
# Title: PHP Volunteer Management (get_messages.php) SQL Injection Vulnerabilities
#
# Author: eidelweiss
# Twitter: @AriosRandy
# Website: www.eidelweiss.info
# Software Site: https://sourceforge.net/projects/phpvolunteer/
# Version: 1.0.2
# Category: webapp (php)
# Greetz: Devilzc0de, exploit-db, G13 (first vuln Disclose http://www.exploit-db.com/exploits/18788/) and YOU !!!
iScripts EasySnaps 2.0 Multiple SQL Injection Vulnerabilities
Name iScripts EasySnaps
Vendor http://www.iscripts.com
Versions Affected 2.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-01-07
CallManager) contains the following vulnerabilities:
* Three (3) denial of service (DoS) vulnerabilities that affect
Session Initiation Protocol (SIP) services
* Directory transversal vulnerability
* Two (2) SQL injection vulnerabilities
Cisco has released free software updates for affected Cisco Unified
Communications Manager versions to address the vulnerabilities. A
workaround exists only for the SIP DoS vulnerabilities.
#######################################################################################
# #
# ...::::Kostenloses Linkmanagementscript SQL Injection Vulnerabilities ::::... #
#######################################################################################
Virangar Security Team
www.virangar.net
transLucid - Cross Site Scripting and HTML Injection Vulnerabilities
Version Affected: 1.75 (newest)
Info: transLucidonline is the easy website publishing system with which anyone can create and maintain web content, in multiple languages and based on a growing list of ready-made, professional layouts.
Credits: InterN0T (macd3v and MaXe)
External Links:
http://www.pantha.net/
[>>] Writer’s Block SQL Injection Vulnerabilities [<<]
[x] Vendor Information
"If the written word is the wheel, then Writer’s Block is the sweet, sweet fossil fuel in the
engine that keeps it spinning. A free, flexible, elegant Content Management System that helps
you maintain any web site you want, at any size you want, with no hassle and no restrictions.
In fact, it’s running this entire site right now."
Next Page>>
|
