Lucene search
K

226 matches found

Exploit DB
Exploit DB
added 2020/11/06 12:0 a.m.268 views

SmartBlog 2.0.1 - 'id_post' Blind SQL injection

Exploit Title: SmartBlog 2.0.1 - 'idpost' Blind SQL injection Date: 2020-11-05 Exploit Author: C0wnuts Vendor Homepage: https://github.com/smartdatasoft/smartblog Version: 2.0.1 Tested on: Linux Description : A blind SQL injection is present in the "idpost" parameter of the "details" controller. ...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/10/20 12:0 a.m.724 views

Visitor Management System In PHP 1.0 SQL Injection

Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection Exploit Author: Rahul Ramkumar Date: 2020-09-16 Vendor Homepage: https://projectworlds.in Software Link: https://projectworlds.in/wp-content/uploads/2020/07/Visitor-Management-System-in-PHP.zip Version: 1.0 Tested On: Windo...

6.5CVSS0.7AI score0.02169EPSS
Exploits4
GithubExploit
GithubExploit
added 2020/08/16 6:17 p.m.59 views

Exploit for Code Injection in Vbulletin

vBulletin RCE 5.x Get Email + SMTP CVE-2019-16759 This tool...

9.8CVSS7.3AI score0.99728EPSS
Exploits27
GithubExploit
GithubExploit
added 2020/08/16 6:17 p.m.60 views

Exploit for Code Injection in Vbulletin

vBulletin RCE 5.x Get Email + SMTP CVE-2019-16759 This tool...

9.8CVSS7.3AI score0.99728EPSS
Exploits27
UbuntuCve
UbuntuCve
added 2020/01/21 7:15 p.m.33 views

CVE-2019-17357

Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...

6.5CVSS6.6AI score0.35041EPSS
Exploits0References3
Prion
Prion
added 2020/01/21 7:15 p.m.23 views

Cross site request forgery (csrf)

Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...

4CVSS7AI score0.35041EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2020/01/21 6:35 p.m.30 views

CVE-2019-17357

Cacti through 1.2.7 is affected by a graphs.php?templateid= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, ...

6.5CVSS6.3AI score0.35041EPSS
Exploits0
CVE
CVE
added 2019/11/13 10:46 p.m.50 views

CVE-2019-3650

CVE-2019-3650 affects McAfee Advanced Threat Defense (ATD) prior to 4.8. The vulnerability is an information disclosure where a crafted GET request can extract insecure information stored in the ATD database, allowing remote authenticated attackers to gain access to atduser credentials. The conne...

6.5CVSS5.5AI score0.00923EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/11/13 12:0 a.m.2 views

TYPO3 Information Disclosure Vulnerability (CNVD-2019-41231)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 versions prior to 4.3.12, 4.4.x prior to 4.4.9, and 4.5.x prior to 4.5.4. An attacker could exploit the vulnerability to extract arbitrary informati...

6.5CVSS6.6AI score0.0114EPSS
Exploits0References1
CVE
CVE
added 2019/11/06 4:49 p.m.57 views

CVE-2011-4901

CVE-2011-4901 affects TYPO3 prior to 4.3.12, 4.4.x prior to 4.4.9, and 4.5.x prior to 4.5.4. The issue enables remote attackers to extract arbitrary information from the TYPO3 database (information disclosure). Root cause and affected component are described in TYPO3 security advisories and relat...

6.5CVSS6.6AI score0.0114EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/10/21 11:15 p.m.20 views

CVE-2019-16404

Authenticated SQL Injection in interface/forms/eyemag/js/eyebase.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter...

8.8CVSS8.9AI score0.01075EPSS
Exploits1References1
Metasploit
Metasploit
added 2019/09/04 5:18 a.m.39 views

OpenEMR 5.0.1 Patch 6 SQLi Dump

This module exploits a SQLi vulnerability found in OpenEMR version 5.0.1 Patch 6 and lower. The vulnerability allows the contents of the entire database with exception of log and task tables to be extracted. This module saves each table as a .csv file in your loot directory and has been tested wi...

9.8CVSS9.5AI score0.11945EPSS
Exploits2
exploitpack
exploitpack
added 2019/08/19 12:0 a.m.62 views

YouPHPTube 7.2 - userCreate.json.php SQL Injection

YouPHPTube 7.2 - userCreate.json.php SQL Injection Exploit Title: YouPHPTube 7.3 SQL Injection Google Dork: / Date: 19.08.2019 Exploit Author: Fabian Mosch, r-tec IT Security GmbH Vendor Homepage: https://www.youphptube.com/ Software Link: https://github.com/YouPHPTube/YouPHPTube Version: 7.3...

5CVSS0.02984EPSS
Exploits5
exploitpack
exploitpack
added 2018/07/20 12:0 a.m.52 views

MSVOD 10 - cid SQL Injection

MSVOD 10 - cid SQL Injection Exploit Title: MSVOD V10 ¡V SQL Injection Google Dork: inurl:"images/lists?cid=13" Date: 2018/07/17 Exploit Author: Hzllaga Vendor Homepage: http://www.msvod.cc/ Version: MSVOD V10 CVE : CVE-2018-14418 Reference : https://www.wtfsec.org/2583/msvod-v10-sql-injection/...

7.5CVSS0.3AI score0.09076EPSS
Exploits3
NVD
NVD
added 2018/07/09 6:29 p.m.22 views

CVE-2018-12977

A SQL injection vulnerability in the SoftExpert SE Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the "cddocument" parameter in the "Downloading Electronic Documents" section...

8.8CVSS8.5AI score0.0146EPSS
Exploits0References1
Kitploit
Kitploit
added 2018/05/12 8:58 p.m.13 views

TheDoc - Simple But Very Useful SQLMAP Automator With Built In Admin Finder, Hash Cracker (Using Hashcat) And More!

TheDoc is a simple but very useful SQLMAP automator with built in admin finder, hash crackerusing hashca and more! Abilities: Counts total injections tried. Crawls given domain for vulnerabilties. Extracts Database Infos via injection URL Extract Users, Passwords & emails via injection URL Extrac...

7.7AI score
Exploits0References1
CNVD
CNVD
added 2016/09/02 12:0 a.m.3 views

SQL injection vulnerability in the cid parameter of OpenCourse_new.aspx page of the CMS system of the resource management platform of Beijing Hanboer Information Technology Co.

Resource Management Platform CMS is a comprehensive management and application platform based on the cloud service system, through a multi-layer system architecture, establishing a multi-level cloud platform and cloud application environment covering provinces, municipalities, counties, schools a...

7.9AI score
Exploits0References1
Packet Storm
Packet Storm
added 2014/03/09 12:0 a.m.23 views

Herpes Net 3.0 SQL Injection

import random import pycurl import urllib import cStringIO import json def ui: try: return unicodei, errors='ignore' except: return i class HerpesNetPanel: def initself, gatewayurl: self.gatewayurl = gatewayurl @staticmethod def getfieldgateway, table, column, row: prefix = "" while lenprefix 6:...

0.3AI score
Exploits0
Exploit DB
Exploit DB
added 2013/01/09 12:0 a.m.433 views

WeBid 1.0.6 - SQL Injection

Exploit Title: WeBid 1.0.6 SQL Injection Vulnerability Google Dork: "Powered by WeBid" Date: 1/9/13 Exploit Author: Life Wasted Vendor Homepage: http://www.webidsupport.com/ Version: Tested on 1.0.6, but could affect other version Tested On: Linux, Windows Vulnerable Code: Line 53 of the...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2012/10/08 6:25 p.m.9 views

Harvard Carr Center for Human Rights Policy Hacked, Password was "DOG" ?

Harvard's Carr Center for Human Rights Policy website www.hks.harvard.edu/cchrp/ was hacked last week and then silently fixed by the administrator without giving Reply/Credit to the Whitehat Hacker who reported the vulnerability. The Hack incident was performed in 3 Phases as described below: Pha...

7AI score
Exploits0
Rows per page
Query Builder