1201 matches found
Pornhub: Blind SQL injection in Hall of Fap
Summary: There is a blind SQL injection vulnerability in GET parameter topsort in page https://www.tube8.fr/ajax-hof/. Description: SQL functions can be injected into the SQL query. Using the sleep function, which makes the database sleep, we can notice the injection. PoC The following request wi...
Trello: Sessions Token In Get Parameter Request Initiating Websocket Connection
When anyone login into trello.com application then after authentication, application sends session token into get parameter. so attacker can sniffing this session token form web history, proxy history or log cause fully account takeover. HTTP Request : GET...
CVE-2017-17104
Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/apptheme/libs/checkfile.php via $GET'src' or $GET'name'...
CVE-2017-17104
Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/apptheme/libs/checkfile.php via $GET'src' or $GET'name'...
FS Freelancer Clone - 'sk' SQL Injection
Exploit Title: FS Freelancer Clone - SQL Injection Date: 2017-10-23 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/freelancer-clone/ Version: 23 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...
The Car Project 1.0 - SQL Injection
The Car Project 1.0 - SQL Injection Exploit Title: The Car Project 1.0 - SQL Injection Dork: N/A Date: 05.09.2017 Vendor Homepage: http://thecarproject.org/ Software Link: http://thecarproject.org/thecarproject.zip Demo: http://www.thecarproject.org/cp Version: 1.0 Category: Webapps Tested on:...
PaulShop - Sql Injection / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title: PaulShop CMS - Sql Injection and stored XSS Date: 07/23/2017 Exploit Author: BTIS Team http://www.btis.vn Vendor Homepage: https://codecanyon.net/item/paulshop-cms-with-shopping-cart-system/18070714 Version: 03/27/2017 Tested on...
Sql injection
Fiyo CMS 2.0.7 has SQL injection in dapur/apps/apparticle/controller/commentstatus.php via $GET'id'...
CVE-2017-9833
/cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue e.g., a vulnerability on one type of camera because Boa does not include any...
Emby MediaServer SQL Injection Vulnerability
Emby is a media server. An SQL injection vulnerability exists in Emby MediaServer. The vulnerability exists because input passed via the GET parameter "MediaTypes" is not properly filtered before being returned to the user. This allows an attacker to exploit the vulnerability to manipulate SQL...
IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities
IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describe three 3 vulnerabilities found in IDERA Uptime Monitor version 7.8. “IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and...
CVE-2017-6576
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id...
CVE-2017-6572
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/addmember.php with the GET Parameter: filterlist...
Sql injection
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/editmember.php with the GET Parameter: filterlist...
CVE-2017-6575
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/editmember.php with the GET Parameter: memberid...
CVE-2017-6574
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/editmember.php with the GET Parameter: filterlist...
CVE-2017-6573
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id...
CVE-2017-6572
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/addmember.php with the GET Parameter: filterlist...
CVE-2017-6576
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id...
CVE-2017-6575
A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta aka mail-masta plugin 1.0 for WordPress. This affects ./inc/lists/editmember.php with the GET Parameter: memberid...