Vuln: PacerCMS ‘id’ Parameter Multiple SQL Injection Vulnerabilities
PacerCMS ‘id’ Parameter Multiple SQL Injection Vulnerabilities
Related Files:
Some SQL injection vulnerabilities have been found in Cybozu Garoon 2 version 2.1.0 for Windows. When exploited by a logged on user, the vulnerabilities allow for manipulation of SQL statements which can lead to disclosure of information from the database, or to cause the backend MySQL database to consume large amount of CPU resources. Homepage: http://vuln.sg/. Authored By Tan Chew Keong
Subject SGI IRIX login LOCKOUT parameter Vuln. Date 11-apr-97
Multiple exploitable buffer overflow vulnerabilities were found within the file attachment viewer in IBM Lotus Notes. The vulnerabilities can be exploited to execute arbitrary code by tricking the user to view a malicious DOC, SAM, WPD, or MIF file attachment using the file attachment viewer in Lotus Notes. Homepage: http://vuln.sg/. Authored By Tan Chew Keong
Two vulnerabilities have been found in CruiseWorks. When exploited, the vulnerabilities allow an authenticated user to retrieve arbitrary files accessible to the web server process and to execute arbitrary code with privileges of the IIS IUSR_MACHINE account. Homepage: http://vuln.sg/cruiseworks109d-en.html. Authored By TAN Chew Keong
It is possible to DOS the IIS Worker Process (w3wp) due to improper reference of STA COM components in ASP.NET. POC Exploit included. Homepage: http://hackingspirits.com/vuln-rnd/vuln-rnd.html. Authored By Debasis Mohanty
aoblogger version 2.3 suffers from multiple vulnerabilities including script and SQL injection. Homepage: http://evuln.com/vulns/37/exploit/bt/. Authored By Aliaksandr Hartsuyeu
Multiple vulnerabilies have been found in the Singapore Image Gallery Web Application version 0.9.10 including arbitrary file download, directory deletion, and cross site scripting flaws. Homepage: http://www.security.org.sg/vuln/singapore0910.html. Authored By Tan Chew Keong
Secunia Security Advisory - rgod has discovered some vulnerabilities in Moodle, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
1) Input passed to the id parameter in category.php and info.php, and the user parameter in plot.php isn’t properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation requires that magic_quotes_gpc is disabled.
2) Input passed to the jump parameter in jumpto.php isn’t properly verified and sanitised before being returned to the user. This can be exploited to execute arbitrary Javascript code in a user’s browser session in context of an affected site via the javascript: URI handler.
The vulnerabilities have been confirmed in version 1.5.2. Other versions may also be affected. Homepage: http://secunia.com/advisories/17526/
7 vulnerabilities have been found in Neon WebMail for Java. When exploited, these vulnerabilities allow executing of arbitrary JSP code, escalation of user’s privileges, manipulating of user’s emails and user account information, disclosure of files on the server, and potentially cause a DoS via large CPU resource utilization by the MySQL server. Homepage: http://vuln.sg/neonmail506-en.html.
g-45.HP.VUE.Vuln.asc