Monthly Archive: October 2017
29/10/2017
by
Fred
· Published 29/10/2017
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43087/ https://packetstormsecurity.com/files/144442/SoftDatepro-Dating-Social-Network-1.3-SQL-Injection.html
29/10/2017
by
Fred
· Published 29/10/2017
Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43088/ https://packetstormsecurity.com/files/144441/Same-Sex-Dating-Software-Pro-1.0-SQL-Injection.html
29/10/2017
by
Fred
· Published 29/10/2017
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43089/ https://packetstormsecurity.com/files/144440/PHP-CityPortal-2.0-SQL-Injection.html
29/10/2017
by
Fred
· Published 29/10/2017
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43090/ https://packetstormsecurity.com/files/144439/PG-All-Share-Video-1.0-SQL-Injection.html
29/10/2017
by
Fred
· Published 29/10/2017
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43091/ https://packetstormsecurity.com/files/144438/MyBuilder-Clone-1.0-SQL-Injection.html
29/10/2017
by
Fred
· Published 29/10/2017
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43092/ https://packetstormsecurity.com/files/144437/Mailing-List-Manager-Pro-3.0-SQL-Injection.html
29/10/2017
by
Fred
· Published 29/10/2017
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php. Date published : 2017-10-29 http://www.securityfocus.com/bid/101694 https://www.exploit-db.com/exploits/43093/
29/10/2017
by
Fred
· Published 29/10/2017
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. Date published : 2017-10-29 http://www.securityfocus.com/bid/101624 https://www.exploit-db.com/exploits/43094/
29/10/2017
by
Fred
· Published 29/10/2017
29/10/2017
by
Fred
· Published 29/10/2017
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43096/ https://packetstormsecurity.com/files/144434/iTech-Gigs-Script-1.21-SQL-Injection.html
29/10/2017
by
Fred
· Published 29/10/2017
29/10/2017
by
Fred
· Published 29/10/2017
29/10/2017
by
Fred
· Published 29/10/2017
29/10/2017
by
Fred
· Published 29/10/2017
Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576. Date published : 2017-10-29 https://www.exploit-db.com/exploits/43100/ https://packetstormsecurity.com/files/144428/Adult-Script-Pro-2.2.4-SQL-Injection.html