933 matches found
Fingerprint Attendance 1.0 SQL Injection
Title: Fingerprint Attendance 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Date: 28.07.2022 Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQ...
Auto Spare Parts Management 1.0 SQL Injection Vulnerability
Title: Auto-Spare-Parts-Management v1.0 remote SQL-Injections Author: nu11secur1ty Vendor: https://github.com/pavanpatil45 Software: https://github.com/pavanpatil45/Auto-Spare-Parts-Management Description: The Referer HTTP header on Auto-Spare-Parts-Management v1.0 system appears to be vulnerable...
CVE-2021-41609
SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection...
CVE-2021-41609
SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection...
Sql injection
SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection...
CVE-2021-41609
SQL injection in the ID parameter of the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve data from the application's backend database via boolean-based blind and UNION injection...
ClassApps SelectSurvey.NET SQL注入漏洞
Net is a survey software from ClassApps, Inc. built using Microsoft's cutting-edge . A SQL injection vulnerability exists in the ID parameter of the UploadedImageDisplay.aspx endpoint, which can be exploited by an unauthenticated attacker to retrieve data from the application's back-end database...
ERC20 return values not checked
Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead. Tokens that don't actually perform the...
CVE-2021-44993
There is an Assertion ''ecmaisvalueboolean basevalue'' failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0...
Online Project Time Management System 1.0 SQL Injection
Exploit Title: Online Project Time Management System 1.0 - SQLi Authenticated Date: 19/01/2022 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Online Project Time Management System 1.0 - SQLi (Authenticated)
Exploit Title: Online Project Time Management System 1.0 - SQLi Authenticated Date: 19/01/2022 Exploit Author: Felipe Alcantara Filiplain Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Unsafe transfer in XTokenUpgradeable
Handle 0x1f8b Vulnerability details Impact Unsafe transfer was done. Proof of Concept In the method XTokenUpgradeable.burnXTokens it's made a transfer without checking the boolean result, ERC20 standard specify that the token can return false if the transfer was not made, so it's mandatory to che...
Gerdab.ir SQL Injection
This site belongs to the Revolutionary Guards Intelligence Organization of the Islamic Republic of Iran IRGC, which has a security problem with the SQL INJECTION Vulnerability "CWE-89". We have repeatedly reported to this site that it has a security problem and has ignored our report. We want to...
PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection Vulnerability
PuneethReddyHC Online Shopping System Advanced version 1.0 suffers from a remote SQL injection vulnerability. CVE-2021-41648 CVE-2021-41648 SQL Injection in online-shopping-system The online-shopping-system is vulnerable to un-authenticated error/boolean-based blind & error based SQL Injection...
PuneethReddyHC Online Shopping System Advanced 1.0 SQL Injection
CVE-2021-41648 CVE-2021-41648 SQL Injection in online-shopping-system The online-shopping-system is vulnerable to un-authenticated error/boolean-based blind & error based SQL Injection attacks. The proId parameter on the /action.php page does not sanitize the user input, an attacker can extract...
SEO Booster < 3.8 - Admin+ SQL Injection
The plugin allows for authenticated SQL injection via the "fnmyajaxifieddataloaderajax" AJAX request as the $REQUEST'order'0'dir' parameter is not properly escaped leading to blind and error-based SQL injections. Install SEO Booster, then click on the "Incoming Keywords" link in the Wordpress...
OpenLDAP < 2.4.50 DoS Vulnerability
OpenLDAP is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...
Online Course Registration 1.0 SQL Injection
Exploit Title: Online Course Registration 1.0 - Blind Boolean-Based SQL Injection Authenticated Exploit Author: Sam Ferguson @AffineSecurity and Drew Jones @qhum7sec Date: 2021-10-21 Vendor Homepage: https://www.sourcecodester.com/php/14251/online-course-registration.html Software Link:...
CVE-2021-41920
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sorcible, sorchamps, and sorordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain...
unchecked return value from Transfer/TransferFrom()
Handle JMukesh Vulnerability details Impact The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead. Proof of Concept Tools Used manual...