JxE-13

CVE-2009-4855 EXPLOITDB text WRITEUP

Typo3 - SQL Injection

SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.

View Code

CVE-2009-4721 EXPLOITDB text WORKING POC

Andrews-Web BannerAd 1.0 - SQL Injection

Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. NOTE: some of these details are obtained from third party information.

View Code