Lucene search
K

1201 matches found

Hacker One
Hacker One
added 2017/12/07 2:0 a.m.878 views

Pornhub: Blind SQL injection in Hall of Fap

Summary: There is a blind SQL injection vulnerability in GET parameter topsort in page https://www.tube8.fr/ajax-hof/. Description: SQL functions can be injected into the SQL query. Using the sleep function, which makes the database sleep, we can notice the injection. PoC The following request wi...

8.2AI score
Exploits0
Hacker One
Hacker One
added 2017/12/05 7:22 p.m.30 views

Trello: Sessions Token In Get Parameter Request Initiating Websocket Connection

When anyone login into trello.com application then after authentication, application sends session token into get parameter. so attacker can sniffing this session token form web history, proxy history or log cause fully account takeover. HTTP Request : GET...

6.7AI score
Exploits0
NVD
NVD
added 2017/12/04 8:29 a.m.14 views

CVE-2017-17104

Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/apptheme/libs/checkfile.php via $GET'src' or $GET'name'...

7.8CVSS7.5AI score0.01705EPSS
Exploits1References1
Cvelist
Cvelist
added 2017/12/04 8:0 a.m.22 views

CVE-2017-17104

Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/apptheme/libs/checkfile.php via $GET'src' or $GET'name'...

7.6AI score0.01705EPSS
Exploits1References1
Exploit DB
Exploit DB
added 2017/10/23 12:0 a.m.22 views

FS Freelancer Clone - 'sk' SQL Injection

Exploit Title: FS Freelancer Clone - SQL Injection Date: 2017-10-23 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/freelancer-clone/ Version: 23 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/09/05 12:0 a.m.17 views

The Car Project 1.0 - SQL Injection

The Car Project 1.0 - SQL Injection Exploit Title: The Car Project 1.0 - SQL Injection Dork: N/A Date: 05.09.2017 Vendor Homepage: http://thecarproject.org/ Software Link: http://thecarproject.org/thecarproject.zip Demo: http://www.thecarproject.org/cp Version: 1.0 Category: Webapps Tested on:...

0.3AI score
Exploits0
0day.today
0day.today
added 2017/07/24 12:0 a.m.46 views

PaulShop - Sql Injection / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title: PaulShop CMS - Sql Injection and stored XSS Date: 07/23/2017 Exploit Author: BTIS Team http://www.btis.vn Vendor Homepage: https://codecanyon.net/item/paulshop-cms-with-shopping-cart-system/18070714 Version: 03/27/2017 Tested on...

0.2AI score
Exploits0
Prion
Prion
added 2017/07/18 5:29 a.m.16 views

Sql injection

Fiyo CMS 2.0.7 has SQL injection in dapur/apps/apparticle/controller/commentstatus.php via $GET'id'...

7.5CVSS9.8AI score0.01022EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/06/24 2:29 a.m.19 views

CVE-2017-9833

/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include any...

7.8CVSS7.6AI score0.68243EPSS
Exploits6References2
CNVD
CNVD
added 2017/06/17 12:0 a.m.6 views

Emby MediaServer SQL Injection Vulnerability

Emby is a media server. An SQL injection vulnerability exists in Emby MediaServer. The vulnerability exists because input passed via the GET parameter "MediaTypes" is not properly filtered before being returned to the user. This allows an attacker to exploit the vulnerability to manipulate SQL...

8.4AI score
Exploits0References1
exploitpack
exploitpack
added 2017/06/08 12:0 a.m.77 views

IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities

IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describe three 3 vulnerabilities found in IDERA Uptime Monitor version 7.8. “IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and...

7.5CVSS0.1AI score0.0493EPSS
Exploits5
NVD
NVD
added 2017/03/09 9:59 a.m.16 views

CVE-2017-6576

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id...

7.2CVSS7.3AI score0.01701EPSS
Exploits2References2
NVD
NVD
added 2017/03/09 9:59 a.m.18 views

CVE-2017-6572

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/addmember.php with the GET Parameter: filterlist...

7.2CVSS7.3AI score0.01701EPSS
Exploits2References2
Prion
Prion
added 2017/03/09 9:59 a.m.20 views

Sql injection

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/editmember.php with the GET Parameter: filterlist...

6.5CVSS7.3AI score0.01701EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2017/03/09 9:59 a.m.22 views

CVE-2017-6575

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/editmember.php with the GET Parameter: memberid...

7.2CVSS7.3AI score0.01701EPSS
Exploits2References2
NVD
NVD
added 2017/03/09 9:59 a.m.19 views

CVE-2017-6574

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/editmember.php with the GET Parameter: filterlist...

7.2CVSS7.3AI score0.01701EPSS
Exploits2References2
Cvelist
Cvelist
added 2017/03/09 9:26 a.m.24 views

CVE-2017-6573

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id...

7.3AI score0.01701EPSS
Exploits2References2
Cvelist
Cvelist
added 2017/03/09 9:26 a.m.23 views

CVE-2017-6572

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/addmember.php with the GET Parameter: filterlist...

7.3AI score0.01701EPSS
Exploits2References2
Cvelist
Cvelist
added 2017/03/09 9:26 a.m.19 views

CVE-2017-6576

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id...

7.3AI score0.01701EPSS
Exploits2References2
Cvelist
Cvelist
added 2017/03/09 9:26 a.m.25 views

CVE-2017-6575

A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/editmember.php with the GET Parameter: memberid...

7.3AI score0.01701EPSS
Exploits2References2
Rows per page
Query Builder