Next Page >>
SQL queries
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
TorrentTrader is a feature packed and highly customisable PHP/MySQL Based
BitTorrent tracker. Featuring integrated forums and plenty of administration
options. Please visit www.torrenttrader.org for the support forums.
http://sourceforge.net/projects/torrenttrader
Product: SiT! Support Incident Tracker
Vendor: The Support Incident Tracker Project ( http://sitracker.org/ )
Vulnerable Version: 3.64 and probably prior
Tested Version: 3.64
Vendor Notification: 24 August 2011
Vulnerability Type: SQL Injection, XSS, CSRF
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
======================================================================
2) Severity
Rating: Moderately critical
Impact: SQL Injection
Local File Inclusion
Cross-Site Scripting
Cross-Site Request Forgery
Where: Remote
- Severity: Moderately High
=============================================
I. VULNERABILITY
-------------------------
Invision Power Board <= 3.0.4 Local PHP File Inclusion and SQL Injection
Invision Power Board <= 2.3.6 SQL Injection
II. BACKGROUND
-------------------------
Invision Power Board (IPB) is a professional forum system that has
The Exploit Next GenerationR SQL FingerprintT (f.k.a. Microsoft SQL Server
Fingerprint Tool) is a powerful tool which performs version fingerprinting
for:
1. Microsoft SQL Server 2000;
2. Microsoft SQL Server 2005; and
3. Microsoft SQL Server 2008.
The Exploit Next GenerationR SQL FingerprintT (ESF) uses well-known
techniques based on several public tools that are capable to identify the
Microsoft SQL Server version (such as: SQLping and SQLver), but, instead of
Vendor: www.pbboard.com
Vulnerable Version(s): 2.1.4 and probably prior
Tested Version: 2.1.4
Vendor Notification: July 18, 2012
Public Disclosure: August 8, 2012
Vulnerability Type: SQL Injection [CWE-89], Improper Authentication [CWE-287], Improper Access Control [CWE-284]
CVE References: CVE-2012-4034, CVE-2012-4035, CVE-2012-4036
CVSSv2 Base Scores: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P), 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P), 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Solution Status: Fixed by Vendor
Risk Level: High
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
======================================================================
2) Severity
Rating: Moderately critical
Impact: SQL Injection
Cross-Site Scripting
Manipulation of Data
Spoofing
Where: Remote
Product: OBM
Vendor: obm.org ( http://obm.org )
Vulnerable Version: 2.4.0-rc13 and probably prior
Tested Version: 2.4.0-rc13
Vendor Notification: 30 November 2011
Vulnerability Type: XSS, SQL Injection, Local File Inclusion, Information Disclosure
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in OBM, which can be exploited to perform information disclosure, cross-site scripting, local file inclusion and SQL injection attacks.
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Firebird SQL op_connect_request main listener shutdown vulnerability
1. *Advisory Information*
Title: Firebird SQL op_connect_request main listener shutdown vulnerability
Advisory: IceWarp WebMail Server: SQL Injection in Groupware Component
During a penetration test RedTeam Pentesting discovered multiple
SQL-Injections in the IceWarp WebMail Server. Attackers that are in
control of a user account for the web-based email and groupware
components are able to execute arbitrary SQL SELECT statements and
therefore read any data from the DBMS that are accessible by the Icewarp
eMail Server.
Opening that download link will execute previously uploaded php file.
###############################################################################
2. SQL Injection Vulnerability in "documenthandler.php"
###############################################################################
Reasons: Insufficient sanitization of user-supplied data
Attack vectors: User-supplied POST parameter "prefix"
Preconditions: Logged in as admin with FoxyPress product editing privileges
Product: Help Desk Software
Vendor: freehelpdesk.org ( http://freehelpdesk.org/ )
Vulnerable Version: 1.1b and probably prior
Tested Version: 1.1b
Vendor Notification: 17 August 2011
Vulnerability Type: SQL injection, XSS, CSRF
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
<?php
/*
RunCms v.2M1 /modules/forum/post.php - 'forum' remote semi-blind SQL Injection Exploit
by Nine:Situations:Group::bookoo
site: http://retrogod.altervista.org/
software site: http://www.runcms.org/
vulnerable code in /modules/forum/post.php near lines 16-34 :
[waraxe-2008-SA#062] - Multiple Sql Injections in MyBB 1.2.10
===============================================================================
Author: Janek Vind "waraxe"
Date: 16. January 2008
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-62.html
Vendor: bananadance.org
Vulnerable Version(s): B.2.6 and probably prior
Tested Version: B.2.6
Vendor Notification: October 3, 2012
Public Disclosure: December 19, 2012
Vulnerability Type: PHP File Inclusion [CWE-98], Improper Access Control [CWE-284], SQL Injection [CWE-89]
CVE References: CVE-2012-5242, CVE-2012-5243, CVE-2012-5244
CVSSv2 Base Scores: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C), 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N), 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Risk Level: High
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
======================================================================
Secunia Research 30/06/2010
- Joomla BookLibrary Component Four SQL Injection Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Product: Efront
Vendor: EPIGNOSIS Ltd ( http://www.efrontlearning.net/ )
Vulnerable Version: 3.6.10 build 11944 and probably prior
Tested Version: 3.6.10 build 11944
Vendor Notification: 12 October 2011
Vulnerability Type: XSS, SQL Injection
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
Product: Dolibarr
Vendor: Dolibarr foundation ( http://www.dolibarr.org/ )
Vulnerable Version: 3.1.0 RC and probably prior
Tested Version: 3.1.0 RC
Vendor Notification: 02 November 2011
Vulnerability Type: XSS, SQL Injection
Status: Fixed by Vendor
Risk level: High
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
Product: PHPShop CMS Free
Vendor: PHPShop Software ( http://www.phpshopcms.ru/ )
Vulnerable Version: 3.4 and probably prior
Tested Version: 3.4
Vendor Notification: 23 November 2011
Vulnerability Type: XSS, SQL Injection
Status: Fixed by Vendor
Risk level: Medium
Credit: High-Tech Bridge SA Security Research Lab ( https://www.htbridge.ch/advisory/ )
Vulnerability Details:
Biblioteca 1.0 Beta Joomla Component Multiple SQL Injection Vulnerabilities
Name Biblioteca
Vendor http://www.cielostellato.info
Versions Affected 1.0 Beta
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-21
II. DESCRIPTION
_______________
Many parameters are not properly sanitised before being
used in SQL queries and from some PHP's functions.
III. ANALYSIS
_____________
Amblog 1.0 Joomla Component Multiple SQL Injection Vulnerabilities
Name Amblog
Vendor http://robitbt.hu
Versions Affected 1.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-08-10
Vulnerable Version(s): 2.6 Revision 738 and probably prior
Tested Version: 2.6 Revision 738
Vendor Notification: November 7, 2012
Vendor Patch: November 28, 2012
Public Disclosure: December 5, 2012
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2012-5849
CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Risk Level: High
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
Vulnerable Version(s): 2.6 Revision 738 and probably prior
Tested Version: 2.6 Revision 738
Vendor Notification: November 7, 2012
Vendor Patch: November 28, 2012
Public Disclosure: December 5, 2012
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2012-5849
CVSSv2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Risk Level: High
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
<?php
/*
glFusion <= 1.1.2 COM_applyFilter()/cookies remote blind sql injection exploit
by Nine:Situations:Group::bookoo
our site: http://retrogod.altervista.org/
software site: http://www.glfusion.org/
google dork: "Page created in" "seconds by glFusion" +RSS
Description:
Pligg is a popular open source, full featured, content management
system written in php. There are a number of vulnerabilities
within Pligg that allow for remote file enumeration, file inclusion,
cross site scripting, and sql injection. When combined these issues
allow for remote code execution on the affected installation
via arbitrary php code placed within template files once admin
credentials are gained via SQL Injection.
Summary
=======
The Management Center for Cisco Security Agents is affected by a
directory traversal vulnerability and a SQL injection vulnerability.
Successful exploitation of the directory traversal vulnerability may
allow an authenticated attacker to view and download arbitrary files
from the server hosting the Management Center. Successful
exploitation of the SQL injection vulnerability may allow an
authenticated attacker to execute SQL statements that can cause
.OR.ID
ECHO_ADV_111$2009
-----------------------------------------------------------------------------------------
[ECHO_ADV_111$2009] Joomla Hotel Booking System Component XSS/SQL Injection Multiple Vulnerability
-----------------------------------------------------------------------------------------
Author : K-159
Date : September, 11 th 2009
Location : Jakarta, Indonesia
II. DESCRIPTION
This CMS is affected by multiple remote security flaws,
such as SQL Injection, Arbitrary File upload, etc.
These security flaws DO NOT require authentication. Other
files may be vulnerable.
III. ANALYSIS
This vulnerability provides an attacker full access to all functions
in the admin webinterface without providing any user credentials.
The Tomcat filter which is responsible for authentication could be
completely circumvented.
2) SQL injection
It is possible to pass SQL statements to the backend database through
a SQL injection vulnerability. Depending on the particular
runtime environment and database permissions it is even possible to
write files to disk and execute code on operating system level.
Next Page>>
|
