Next Page >>
SQL database
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TorrentTrader is a feature packed and highly customisable PHP/MySQL Based
BitTorrent tracker. Featuring integrated forums and plenty of administration
options. Please visit www.torrenttrader.org for the support forums.
http://sourceforge.net/projects/torrenttrader
- Severity: Moderately High
=============================================
I. VULNERABILITY
-------------------------
Invision Power Board <= 3.0.4 Local PHP File Inclusion and SQL Injection
Invision Power Board <= 2.3.6 SQL Injection
II. BACKGROUND
-------------------------
Invision Power Board (IPB) is a professional forum system that has
The Exploit Next GenerationR SQL FingerprintT (f.k.a. Microsoft SQL Server
Fingerprint Tool) is a powerful tool which performs version fingerprinting
for:
1. Microsoft SQL Server 2000;
2. Microsoft SQL Server 2005; and
3. Microsoft SQL Server 2008.
The Exploit Next GenerationR SQL FingerprintT (ESF) uses well-known
techniques based on several public tools that are capable to identify the
Microsoft SQL Server version (such as: SQLping and SQLver), but, instead of
Product: SiT! Support Incident Tracker
Vendor: The Support Incident Tracker Project ( http://sitracker.org/ )
Vulnerable Version: 3.64 and probably prior
Tested Version: 3.64
Vendor Notification: 24 August 2011
Vulnerability Type: SQL Injection, XSS, CSRF
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Firebird SQL op_connect_request main listener shutdown vulnerability
1. *Advisory Information*
Title: Firebird SQL op_connect_request main listener shutdown vulnerability
Advisory: IceWarp WebMail Server: SQL Injection in Groupware Component
During a penetration test RedTeam Pentesting discovered multiple
SQL-Injections in the IceWarp WebMail Server. Attackers that are in
control of a user account for the web-based email and groupware
components are able to execute arbitrary SQL SELECT statements and
therefore read any data from the DBMS that are accessible by the Icewarp
eMail Server.
======================================================================
2) Severity
Rating: Moderately critical
Impact: SQL Injection
Local File Inclusion
Cross-Site Scripting
Cross-Site Request Forgery
Where: Remote
======================================================================
2) Severity
Rating: Moderately critical
Impact: SQL Injection
Cross-Site Scripting
Manipulation of Data
Spoofing
Where: Remote
<?php
/*
RunCms v.2M1 /modules/forum/post.php - 'forum' remote semi-blind SQL Injection Exploit
by Nine:Situations:Group::bookoo
site: http://retrogod.altervista.org/
software site: http://www.runcms.org/
vulnerable code in /modules/forum/post.php near lines 16-34 :
Product: OBM
Vendor: obm.org ( http://obm.org )
Vulnerable Version: 2.4.0-rc13 and probably prior
Tested Version: 2.4.0-rc13
Vendor Notification: 30 November 2011
Vulnerability Type: XSS, SQL Injection, Local File Inclusion, Information Disclosure
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OBM, which can be exploited to perform information disclosure, cross-site scripting, local file inclusion and SQL injection attacks.
[waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10
===============================================================================
Author: Janek Vind "waraxe"
Date: 16. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-62.html
Product: Help Desk Software
Vendor: freehelpdesk.org ( http://freehelpdesk.org/ )
Vulnerable Version: 1.1b and probably prior
Tested Version: 1.1b
Vendor Notification: 17 August 2011
Vulnerability Type: SQL injection, XSS, CSRF
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
<?php
/*
glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit
by Nine:Situations:Group::bookoo
our site: http://retrogod.altervista.org/
software site: http://www.glfusion.org/
google dork: "Page created in" "seconds by glFusion" +RSS
Description:
Pligg is a popular open source, full featured, content management
system written in php. There are a number of vulnerabilities
within Pligg that allow for remote file enumeration, file inclusion,
cross site scripting, and sql injection. When combined these issues
allow for remote code execution on the affected installation
via arbitrary php code placed within template files once admin
credentials are gained via SQL Injection.
======================================================================
Secunia Research 30/06/2010
- Joomla BookLibrary Component Four SQL Injection Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Summary
=======
The Management Center for Cisco Security Agents is affected by a
directory traversal vulnerability and a SQL injection vulnerability.
Successful exploitation of the directory traversal vulnerability may
allow an authenticated attacker to view and download arbitrary files
from the server hosting the Management Center. Successful
exploitation of the SQL injection vulnerability may allow an
authenticated attacker to execute SQL statements that can cause
This vulnerability provides an attacker full access to all functions
in the admin webinterface without providing any user credentials.
The Tomcat filter which is responsible for authentication could be
completely circumvented.
2) SQL injection
It is possible to pass SQL statements to the backend database through
a SQL injection vulnerability. Depending on the particular
runtime environment and database permissions it is even possible to
write files to disk and execute code on operating system level.
Released on: 2007/12/16
Changelog: 2007/12/16
Summary: [HT] Remote File Inclusion
[MT] SQL Injection
[MT] SQL Injection Protection Bypass
[__] Conclusion
Legend: L - Low risk M - Medium risk
H - High risk T - Tested
II. DESCRIPTION
_______________
Many parameters are not properly sanitised before being
used in SQL queries and from some PHP's functions.
III. ANALYSIS
_____________
Amblog 1.0 Joomla Component Multiple SQL Injection Vulnerabilities
Name Amblog
Vendor http://robitbt.hu
Versions Affected 1.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-10
Affected Software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CruxCMS is a lightweight, easy to use website content management system (CMS).
It is written in PHP and uses the powerful MySQL database.
http://www.cruxsoftware.co.uk/cruxcms.php
Affected versions
Product: Efront
Vendor: EPIGNOSIS Ltd ( http://www.efrontlearning.net/ )
Vulnerable Version: 3.6.10 build 11944 and probably prior
Tested Version: 3.6.10 build 11944
Vendor Notification: 12 October 2011
Vulnerability Type: XSS, SQL Injection
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
Product: Dolibarr
Vendor: Dolibarr foundation ( http://www.dolibarr.org/ )
Vulnerable Version: 3.1.0 RC and probably prior
Tested Version: 3.1.0 RC
Vendor Notification: 02 November 2011
Vulnerability Type: XSS, SQL Injection
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
Product: PHPShop CMS Free
Vendor: PHPShop Software ( http://www.phpshopcms.ru/ )
Vulnerable Version: 3.4 and probably prior
Tested Version: 3.4
Vendor Notification: 23 November 2011
Vulnerability Type: XSS, SQL Injection
Status: Fixed by Vendor
Risk level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
II. DESCRIPTION
This CMS is affected by multiple remote security flaws,
such as SQL Injection, Arbitrary File upload, etc.
These security flaws DO NOT require authentication. Other
files may be vulnerable.
III. ANALYSIS
[waraxe-2008-SA#069] - Multiple Sql Injection in vBulletin 3.7.4
===============================================================================
Author: Janek Vind "waraxe"
Date: 17. November 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-69.html
# Where do we go ?
switch( $this->p_attack )
{
case 1: $this->code_exec(); break;
case 2; $this->bf_sql_pwd(); break;
case 3: $this->bf_usr_pwd(); break;
default: $this->usage();
}
return;
Biblioteca 1.0 Beta Joomla Component Multiple SQL Injection Vulnerabilities
Name Biblioteca
Vendor http://www.cielostellato.info
Versions Affected 1.0 Beta
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-21
I understand that this is a vain hope that bugtraq will start posting something useful.
Author:Michael Brooks (Rook)<br>
Application:OpenClassifieds 1.7.0.3<br>
download: http://open-classifieds.com/download/<br>
Exploit chain:captcha bypass->sqli(insert)->persistant xss on front page<br>
If registration is required an extra link in the chain is added:<br>
Exploit chain:blind sqli(select)->captcha bypass->sqli(insert)->persistant xss on front page<br>
sites with SEO url's enabled:<br>
"powered by Open Classifieds" inurl:"publish-a-new-ad.htm" (85,000 results)<br>
or default urls:<br>
iScripts EasySnaps 2.0 Multiple SQL Injection Vulnerabilities
Name iScripts EasySnaps
Vendor http://www.iscripts.com
Versions Affected 2.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-01-07
Next Page>>
|
