201 matches found
Sliced Invoices <= 3.8.2 - Multiple Vulnerabilities
- Unauthenticated information disclosure, allowing attackers to access arbitrary invoices and quotes containing PII - Authenticated SQL injection and information disclosure - Additional issues, such as lack of CSRF and Authorisation checks on AJAX methods used to search invoices. -...
Authenticated SQL Injection
katello is vulnerable to authenticated SQL injection attacks. These attacks are possible because there is a flaw in the input sanitization for the scoped search parameters sortby and sortorder...
Companion Auto Update <= 3.3.5 - Authenticated SQL Injection
The Companion Auto Update WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...
Dbox 3D Slider Lite <= 1.2.2 - Multiple Authenticated SQL injection
During the security analysis, ThunderScan discovered SQL injection vulnerabilities in Dbox 3D Slider Lite WordPress plugin. The easiest way to reproduce the vulnerabilities is to modify the POST request for the slider rename or reorder and append parts of the SQL query to the currentsliderid...
FineCMS 1.0 - Multiple Vulnerabilities
Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: sohaip-hackerDZ Author Web:...
FineCMS 1.0 - Multiple Vulnerabilities
FineCMS 1.0 - Multiple Vulnerabilities Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author:...
WordPress Plugin IBPS Online Exam <= 1.0 - Authenticated SQL Injection / Cross-Site Scripting
Exploit Author: 8bitsec Contact Author: https://twitter.com/8bitsec Stored XSS on exam input textfields and Blind SQL Injection on 'examappUserResult' page 'id' parameter. Authenticated Stored XSS: Logged as a student: Write the payload in the input textfields while attempting an exam. The payloa...
FineCMS multi vulnerablity
Reflected XSS in getimage.php Technical Description: file /application/lib/ajax/getimage.php the $POST'id' and $POST'name' and $GET'folder' without any validated, sanitised or output encoded. Proof of ConceptPoC http://yourfinecms/application/lib/ajax/getimage.php?folder=1 POST: id=1"alert1&name=...
WordPress WP Statistics plugin <=12.0.7 - Authenticated SQL Injection vulnerability
WordPress WP Statistic plugin in version 12.0.7 and earlier versions vulnerable to Authenticated SQL Injection vulnerability due to lack of sanitization in user-provided data. In this case users even with subscriber rights could use this vulnerability to steal sensitive data. Solution The plugin...
Calendar by WD <= 1.5.51 - Authenticated SQL injection
http://www.defensecode.com/advisories/DC-2017-01-017WordPressSpiderEventCalendarPluginAdvisory.pdf PoC Vulnerable POST URL: http://www.vulnerablesite.com/wpadmin/admin.php?page=SpiderCalendar=showmanageeventid=1 Vulnerable POST Body: searcheventsbytitle=a=2011-11-11=2017-11-...
Single Personal Message 1.0.3 – Authenticated SQL Injection
Type user access: any user. $GET‘message’ is not escaped. Is accessible for every registered user. PoC http://www.example.com/wp-admin/admin.php?page=simple-personal-message-outbox=view=0%20UNION%20SELECT%201,2.3,name,5,slug,7,8,9,10,11,12%20FROM%20wpterms%20WHERE%20termid=1...
Single Personal Message 1.0.3 – Authenticated SQL Injection
Type user access: any user. $GET‘message’ is not escaped. Is accessible for every registered user. http://www.example.com/wp-admin/admin.php?page=simple-personal-message-outbox&action=view&message=0%20UNION%20SELECT%201,2.3,name,5,slug,7,8,9,10,11,12%20FROM%20wpterms%20WHERE%20termid=1...
BigTree CMS 4.2.11 SQL Injection
ADVISORY INFORMATION ======================================== Title: BigTree CMS substr$page,1; else // It's an existing page $type = "EDIT"; $pending = false; $existingpage = BigTreeCMS::getPage$page; $existingpendingchange = sqlfetchsqlquery"SELECT id FROM bigtreependingchanges WHERE table =...
Huge IT Google Map <= 2.2.5 - Authenticated SQL Injection
The google-map-wp WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...
WordPress Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: WordPress Booking Calendar Contact Form 1.0.2Multiple vulnerabilities Date: 2015-05-01 Google Dork: Index of /wordpress/wp-content/plugins/booking-calendar-contact-form/ Exploit Author: Joaquin Ramirez Martinez i0akiN...
WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities
WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities Exploit Title: WordPress Booking Calendar Contact Form 1.0.2Multiple vulnerabilities Date: 2015-05-01 Google Dork: Index of /wordpress/wp-content/plugins/booking-calendar-contact-form/ Exploit Author: Joaquin Ramirez...
SEO Control Panel 3.6.0 - (Authenticated) SQL Injection
Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link: http://www.seopanel.in/spdownload/ Version: Seo Panel Version 3.6.0 Tested on: Ka...
WordPress Huge IT Image Gallery Plugin 1.0.1 - Authenticated SQL Injection
An authenticated SQL injection allows an attacker to bypass a web application’s authentication mechanism and retrieve the contents of database. Solution Upgrade the plugin...
BSK PDF Manager < 1.5 - Multiple Authenticated SQL Injections
The plugin did not use prepared statement with the categoryid and pdfid parameter when viewing the /wp-admin/admin.php?page=bsk-pdf-manager and /wp-admin/admin.php?page=bsk-pdf-manager-pdfs page leading to Authenticated SQL Injection issues PoC...
PT-2014-5659 · Dolibarr · Dolibarr Erp/Crm
Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 3.5.3 Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the entity parameter in an update action to "user/fiche.php" or the sortorder parameter to...