Trixbox 2.8.0.4 - (lang) Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Trixbox 2.8.0.4 - 'lang' Remote Code Execution Unauthenticated Exploit Author: Ron Jost Hacker5preme Credits to: https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ Credits to: Sachin Wagh Vendor Homepage:...

Cross site scripting

TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explainfirst and againexplain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scriptin...

CVE-2020-23691

YFCMF v2.3.1 has a Remote Command Execution RCE vulnerability in the index.php...

CVE-2020-23691

YFCMF v2.3.1 has a Remote Command Execution RCE vulnerability in the index.php...

CVE-2020-23691

YFCMF v2.3.1 has a Remote Command Execution RCE vulnerability in the index.php...

CVE-2020-23691

CVE-2020-23691 affects YFCMF v2.3.1. Multiple connected sources describe a Remote Command Execution (RCE) vulnerability in the package’s index.php. The underlying issue enables an attacker to craft a POST request to index.php to execute system commands on the hosting environment. Reported in vari...

CVE-2021-31537

SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php affected parameters are config, version, win, db, pwd, and user and /rewe/prod/web/rewegocheck.php version and all other parameters...

Cross site scripting

A stored cross-site scripting XSS vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'...

CVE-2021-29388

A stored cross-site scripting XSS vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'...

CVE-2021-28245

PbootCMS 3.0.4 contains a SQL injection vulnerability through index.php via the search parameter that can reveal sensitive information through adding an admin account...

CVE-2021-28245

PbootCMS 3.0.4 contains a SQL injection vulnerability in index.php via the search parameter that can be exploited to add an administrator account and reveal sensitive information. This CVE (CVE-2021-28245) is documented across multiple feeds (NVD, Red Hat, CNVD, CVE lists) with consistent descrip...

CVE-2021-29027

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI...

CVE-2021-29027

A cross-site scripting XSS vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI...

CVE-2021-27520

A cross-site scripting XSS issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter...

CVE-2021-27519

A cross-site scripting XSS issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter...

Cross site scripting

A cross-site scripting XSS issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter...

CVE-2021-27519

A cross-site scripting XSS issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter...

Seat-Reservation-System SQL Injection Vulnerability

Seat-Reservation-System is a seat reservation system. A sql injection vulnerability exists in Seat-Reservation-System 1.0. The vulnerability is caused due to the id and file parameters in the index.php file not being input/output filtered for special characters. An attacker can exploit this...

Sql injection

Seat-Reservation-System 1.0 has a SQL injection vulnerability in index.php in the id parameter where attackers can obtain sensitive database information...

CVE-2020-36002

CVE-2020-36002 affects Seat-Reservation-System 1.0. A SQL injection in index.php parameter id (and related file param per PT-2021-11898) can lead to disclosure of sensitive database information. No official patch/version is detailed in the provided sources; mitigations include parameter access re...