MAL-2024-2166 Malicious code in down_load_ebook_criptovalute_by_paolo_pigna_0h9nc (npm)

--- -= Per source details. Do not edit below this line.=-...

PT-2024-25946 · Achecker · Achecker

Name of the Vulnerable Software and Affected Versions: AChecker version 1.5 Description: The issue allows remote attackers to read the contents of arbitrary files via the "download.php" path parameter by using Unauthenticated Path Traversal. This occurs through the readfile function in PHP. It is...

Hitachi NAS (HNAS) System Management Unit (SMU) Backup & Restore < 14.8.7825.01 IDOR Exploit

!/usr/bin/python3 Title: Hitachi NAS HNAS System Management Unit SMU Backup & Restore IDOR Vulnerability CVE: CVE-2023-5808 Date: 2023-12-13 Exploit Author: Arslan Masood @arszilla Vendor: https://www.hitachivantara.com/ Version: --id --sso " Create --host argument: parser.addargument "--host",...

PrestaShop 路径遍历漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A path traversal vulnerability exists in Prestashop winbizpayment that stems from...

CVE-2023-30196

Prestashop salesbooster = 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php...

SUSE CVE-2018-19456

The WP Backup+ aka WPbackupplus plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql...

CVE-2022-41390

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php...

CVE-2020-15468

Persian VIP Download Script 1.0 allows SQL Injection via the cartedit.php active parameter...

Sql injection

Persian VIP Download Script 1.0 allows SQL Injection via the cartedit.php active parameter...

CVE-2020-15468

CVE-2020-15468 affects Persian VIP Download Script 1.0 and enables SQL Injection through the cart_edit.php active parameter. Public records (NVD) assign CVSS‑3.1 base score 9.8 (NETWORK, LOW attack complexity, no privileges required, UINONE, scope UNCHANGED; CONFIDENTIALITY, INTEGRITY, AVAILABILI...

Persian VIP Download Script 1.0 - (active) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Persian VIP Download Script 1.0 - 'active' SQL Injection Exploit Author: S3FFR Vendor HomagePage: http://download.freescript.ir/scripts/Persian-VIP-DownloadFreeScript.ir.zip Version: = 1.0 Final Version Tested on: Windows,Linux...

Persian VIP Download Script 1.0 SQL Injection

Exploit Title: Persian VIP Download Script 1.0 - 'active' SQL Injection Data: 2020-03-09 Exploit Author: S3FFR Vendor HomagePage: http://download.freescript.ir/scripts/Persian-VIP-DownloadFreeScript.ir.zip Version: = 1.0 Final Version Tested on: Windows,Linux Google Dork: N/A...

CVE-2019-8389

A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder with a crafted ../ payload...

Arbitrary file deletion

A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters downfiles and cur-folder with a crafted ../ payload...

CVE-2018-6409

An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding apform table leads to a path traversal vulnerability via the download.php q parameter...

ASUSTOR AS6202T ADM Insecure Direct Object Reference Vulnerability

ADM ASUSTOR Data Manager is the operating system and user interface for ASUSTOR NAS. An insecure direct object reference vulnerability exists in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3. An attacker could use this vulnerability to reference the "downloadsyssettings" action to arbitrarily...

PowerShdll - Run PowerShell with rundll32 (Bypass software restrictions)

Run PowerShell with dlls only. Does not require access to powershell.exe as it uses powershell automation dlls. dll mode: Usage: rundll32 PowerShdll,main rundll32 PowerShdll,main -f Run the script passed as argument rundll32 PowerShdll,main -w Start an interactive console in a new window rundll32...

EyesOfNetwork web interface path traversal vulnerability

EyesOfNetwork EON is an open source, free IT monitoring solution. The solution provides business process configuration tools, generating pop-up windows when events occur in the active queue, etc. EyesOfNetwork web interface aka eonweb is one of the web interfaces. A security vulnerability exists ...

CVE-2016-10331

Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter...

Smart PHP Poll - Authentication Bypass

Exploit Title: Smart PHP Poll Auth Bypass Vulnerability Google Dork: Copyright � Smart PHP Poll. All Rights Reserved. Exploit Author: Mr.tro0oqy from Yemen Email : [email protected] Download Script :http://www.scriptsez.net/download/download.php?action=download&p=smartphppoll.zip&ns=1 go to...