Miroslav Stampar

CVE-2011-3192 NOMISEC WORKING POC

Apache HTTP Server 1.3.x 2.0.35-2.0.64 2.2.0-2.2.19 - Denial of Service via Range Header Overlap

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

14 stars

View Code

CVE-2011-3192 VULNCHECK_XDB WORKING POC

Apache HTTP Server 1.3.x 2.0.35-2.0.64 2.2.0-2.2.19 - Denial of Service via Range Header Overlap

The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.

View Code

CVE-2011-5286 EXPLOITDB text WORKING POC

Social Slider < 7.4.0 - SQL Injection via rA Array Parameter

SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter.

View Code

EIP-2026-114298 EXPLOITDB text WORKING POC

WordPress Plugin Zotpress 4.4 - SQL Injection

View Code

EIP-2026-114208 EXPLOITDB text WORKING POC

WordPress Plugin WP Bannerize 2.8.7 - 'ajax_sorter.php' SQL Injection

View Code

EIP-2026-114091 EXPLOITDB text WORKING POC

WordPress Plugin Super CAPTCHA 2.2.4 - SQL Injection

View Code

EIP-2026-114105 EXPLOITDB text WORKING POC

WordPress Plugin Symposium 0.64 - SQL Injection

View Code

EIP-2026-114023 EXPLOITDB text WORKING POC

WordPress Plugin SCORM Cloud 1.0.6.6 - SQL Injection

View Code

EIP-2026-114174 EXPLOITDB text WORKING POC

WordPress Plugin VideoWhisper Video Presentation 1.1 - SQL Injection

View Code

EIP-2026-114287 EXPLOITDB text WORKING POC

WordPress Plugin yolink Search 1.1.4 - SQL Injection

View Code

EIP-2026-114037 EXPLOITDB text WORKING POC

WordPress Plugin SH Slideshow 3.1.4 - SQL Injection

View Code

EIP-2026-114251 EXPLOITDB text WORKING POC

WordPress Plugin WP-Filebase Download Manager 0.2.9 - SQL Injection

View Code

EIP-2026-114152 EXPLOITDB text WORKING POC

WordPress Plugin UPM Polls 1.0.3 - SQL Injection

View Code

EIP-2026-114147 EXPLOITDB text WORKING POC

WordPress Plugin UnGallery 1.5.8 - Local File Disclosure

View Code

EIP-2026-114126 EXPLOITDB text WORKING POC

WordPress Plugin Tune Library 2.17 - SQL Injection

View Code

EIP-2026-114025 EXPLOITDB text WORKING POC

WordPress Plugin SearchAutocomplete 1.0.8 - SQL Injection

View Code

EIP-2026-113670 EXPLOITDB text WORKING POC

WordPress Plugin Crawl Rate Tracker 2.0.2 - SQL Injection

View Code

EIP-2026-113664 EXPLOITDB text WORKING POC

WordPress Plugin Couponer 1.2 - SQL Injection

View Code

EIP-2026-113574 EXPLOITDB text WORKING POC

WordPress Plugin Audio Gallery Playlist 0.12 - SQL Injection

View Code

EIP-2026-113660 EXPLOITDB text WORKING POC

WordPress Plugin Count per Day 2.17 - SQL Injection

View Code

EIP-2026-113735 EXPLOITDB text WORKING POC

WordPress Plugin Facebook Promotions 1.3.3 - SQL Injection

View Code

EIP-2026-113653 EXPLOITDB text WORKING POC

WordPress Plugin Contus HD FLV Player 1.3 - SQL Injection

View Code

EIP-2026-113559 EXPLOITDB text WORKING POC

WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection

View Code

EIP-2026-113744 EXPLOITDB text WORKING POC

WordPress Plugin File Groups 1.1.2 - SQL Injection

View Code

CVE-2011-4671 EXPLOITDB text WORKING POC

AdRotate < 3.6.8 - SQL Injection via Track Parameter

SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).

View Code