Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

931 matches found

0day.today
0day.todayadded 2018/05/23 12:0 a.m.58 views

Feedy RSS News Ticker 2.0 - cat SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Feedy RSS News Ticker 2.0 - 'cat' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/feedy-rss-news-ticker/5818277 Version: 2.0 Category: Webapps Tested on: Kali linux PoC: SQLi:...

Exploits0
Exploit DB
Exploit DBadded 2018/05/23 12:0 a.m.27 views

MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection

Exploit Title: MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 Version: 1.7 - seventh update Category...

7.4AI score
Exploits0
Exploit DB
Exploit DBadded 2018/05/23 12:0 a.m.36 views

MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting

Exploit Title: MySQL Smart Reports 1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-smart-reports-online-report-generator-with-existing-data/16836503 Version: 1.0 Category: Webapps...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2018/05/22 12:0 a.m.25 views

Feedy RSS News Ticker 2.0 SQL Injection

Exploit Title: Feedy RSS News Ticker 2.0 - 'cat' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor Homepage: https://codecanyon.net/item/feedy-rss-news-ticker/5818277 Version: 2.0 Category: Webapps Tested on: Kali linux PoC: SQLi: Parameter: cat Type:...

0.4AI score
Exploits0
Packet Storm
Packet Stormadded 2018/05/22 12:0 a.m.38 views

PaulPrinting CMS Printing 1.0 SQL Injection

Exploit Title: PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Date: 2018-05-19 Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365 Author: Mehmet Onder Key Version: 1.0 Tested On: Linux 1. Description Any visitor can run code to exploit css and sql...

0.9AI score
Exploits0
exploitpack
exploitpackadded 2018/05/22 12:0 a.m.14 views

NewsBee CMS 1.4 - download.php SQL Injection

NewsBee CMS 1.4 - download.php SQL Injection Exploit Title: NewsBee CMS 1.4 - 'download.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Version:...

0.1AI score
Exploits0
exploitpack
exploitpackadded 2018/05/22 12:0 a.m.14 views

Feedy RSS News Ticker 2.0 - cat SQL Injection

Feedy RSS News Ticker 2.0 - cat SQL Injection Exploit Title: Feedy RSS News Ticker 2.0 - 'cat' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/feedy-rss-news-ticker/5818277 Version: 2.0 Category: Webapps Tested on: Ka...

0.3AI score
Exploits0
Packet Storm
Packet Stormadded 2018/05/22 12:0 a.m.24 views

EasyService Billing 1.0 SQL Injection / Cross Site Scripting

------------------- Exploit 1 of 2: Exploit Title: EasyService Billing 1.0 - 'template.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor Homepage:...

0.5AI score
Exploits0
Exploit DB
Exploit DBadded 2018/05/22 12:0 a.m.32 views

NewsBee CMS 1.4 - 'download.php' SQL Injection

Exploit Title: NewsBee CMS 1.4 - 'download.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Version: 1.4 / fourth update Category: Webapps Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DBadded 2018/05/22 12:0 a.m.47 views

PaulPrinting CMS Printing 1.0 - SQL Injection

Exploit Title: PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Date: 2018-05-19 Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365 Author: Mehmet Onder Key Version: 1.0 Tested On: Linux 1. Description Any visitor can run code to exploit css and sql...

7.4AI score
Exploits0
RedHat Linux
RedHat Linuxadded 2018/05/03 5:6 a.m.1 views

php: Incorrect WDDX deserialization of boolean parameters leads to DoS

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c...

7.5CVSS7.2AI score0.06846EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2018/05/03 5:6 a.m.3 views

php: Invalid read when wddx decodes empty boolean element

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

9.8CVSS7.4AI score0.06974EPSS
Exploits0References4
RedHat Linux
RedHat Linuxadded 2018/05/03 5:6 a.m.3 views

php: Null pointer dereference in php_wddx_push_element

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

7.5CVSS7.4AI score0.11102EPSS
Exploits1References4
Packet Storm
Packet Stormadded 2018/04/26 12:0 a.m.45 views

HRSALE The Ultimate HRM 1.0.2 SQL Injection

Exploit Title: HRSALE The Ultimate HRM v1.0.2 - 'awardid' SQL Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10256 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0.2 Tested on: Kali Linux 2.0 | Mac ...

0.1AI score0.02616EPSS
Exploits5
exploitpack
exploitpackadded 2018/04/25 12:0 a.m.30 views

HRSALE The Ultimate HRM 1.0.2 - award_id SQL Injection

HRSALE The Ultimate HRM 1.0.2 - awardid SQL Injection Exploit Title: HRSALE The Ultimate HRM v1.0.2 - 'awardid' SQL Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10256 Vendor Homepage: https://codecanyon.net/ Software Link:...

6.5CVSS0.1AI score0.02616EPSS
Exploits5
Prion
Prionadded 2018/03/05 10:29 p.m.23 views

Input validation

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...

6.8CVSS7.9AI score0.01221EPSS
Exploits0References3Affected Software3
Hacker One
Hacker Oneadded 2018/02/24 1:24 a.m.149 views

Khan Academy: [critical] sql injection by GET method

Hey there, after tampering a bit with the values, since I figured out your backend is not php most likely django or nodejs, I found an SQL injection . You can view my steps to reproduce, if you need additional screenshots, please let me know. Regards Gabriel Kimiaie Impact If I dig deeper, I may ...

0.1AI score
Exploits0
exploitpack
exploitpackadded 2018/02/05 12:0 a.m.21 views

NixCMS 1.0 - category_id SQL Injection

NixCMS 1.0 - categoryid SQL Injection Exploit Title: NixCMS 1.0 - 'categoryid' SQL Ýnjection Dork: N/A Date: 03.02.2018 Vendor: https://www.nixdesign.de Software Link: https://www.nixdesign.de/nix-cms/ Demo: http://www.jamaram.de/ Version: 1.0 Tested on: WiN10X64 Exploit Author: Bora Bozdogan...

8.7AI score
Exploits0
exploitpack
exploitpackadded 2018/01/30 12:0 a.m.21 views

Joomla! Component Visual Calendar 3.1.3 - id SQL Injection

Joomla! Component Visual Calendar 3.1.3 - id SQL Injection Exploit Title: Joomla! Component Visual Calendar 3.1.3 - SQL Injection Dork: N/A Date: 30.01.2018 Vendor Homepage: http://www.joomlacalendars.com/ Software Link:...

7.5CVSS0.5AI score0.02703EPSS
Exploits5
Positive Technologies
Positive Technologiesadded 2018/01/18 12:0 a.m.5 views

PT-2018-4879 · Jquery · Jquery

Name of the Vulnerable Software and Affected Versions: jquery versions 3.0.0-rc.1 Description: The issue arises due to the removal of logic that lowercased attribute names, leading to an infinite recursion when attribute getters use mixed-cased names for boolean attributes. This results in...

7.5CVSS6.5AI score0.02905EPSS
Exploits1References12
Rows per page
Query Builder