shopNC B2B版 /microshop/index.php处存在SQL注入漏洞

No description provided by source...

CVE-2015-4671

Cross-site scripting XSS vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zoneid parameter to index.php...

PHPWEB search/index.php SQL注入漏洞

0x01 框架介绍 PHPWEB智能网站管理系统是一款具有可视化管理和模块化网站功能的网站管理软件。可视化的鼠标拖曳排版，自由插入、拖动和叠放插件，所见即所得，让网站制作如同搭积木般便捷易玩；各种插件、边框、菜单可灵活组合和任意摆放，摆脱页面框架的束缚，尽享创意的乐趣；灵活的管理权限和会员权限配置、强大的网站互动功能，让DIY制作的网站毫不逊色于专业开发；模块化的网站功能，十多种常用网站模块和不断增加的专业功能模块可供选用，可根据需要安装卸载模块，即可用于简单的企业展示网站，又可用于开发各种专业网站。 官方主页：www.phpweb.net/ Dork:...

CVE-2016-1499

ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allow remote authenticated users to obtain sensitive information from a directory listing and possibly cause a denial of service CPU consumption via the force parameter to index.php/apps/files/ajax/scan.php...

PHPOK官方DEMO配置不当可getshell(影响其他站点)

简要描述： 这.... 详细说明： Demo未配置好权限，可直接拿shell 首先登陆demo站后台 http://demo.phpok.com/admin.php 进入风格管理 更改模板格式为php 然后直接创建一个index.php内容为一句话即可。 从配置文件可以看出绑定了多个网站，其中有些是正在运行的 如yuechi.net ，岳池在线。 还有update.phpok.com,估计是用来更新的。 mask 区域 alHos n 8 Host Host admin@p ot /qg Name 1000 ;/qghost/w eny,a fro...

RW::Download 4.0.8 File Inclusion / SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : http://0day.today 0 1 + Support e-mail :...

Beezfud - Remote Code Execution

Exploit for php platform in category web applications ================================================================================ Beezfud Remote Code Execution ================================================================================ Vendor Homepage: https://github.com/EVA-01/beezfud...

Beezfud - Remote Code Execution

Beezfud - Remote Code Execution ================================================================================ Beezfud Remote Code Execution ================================================================================ Vendor Homepage: https://github.com/EVA-01/beezfud Date: 23/12/2015...

Beezfud - Remote Code Execution

================================================================================ Beezfud Remote Code Execution ================================================================================ Vendor Homepage: https://github.com/EVA-01/beezfud Date: 23/12/2015 Software Link:...

Docebo LMS 4.0.3 Cross Site Scripting

| Title : Docebo LMS 4.0.3 Multi Vulnerability | Author : indoushka | email : [email protected] | Dork : Powered by Docebo ® Community Edition | Tested on: windows 8.1 Français V.Pro | Download : http://www.dl.persianscript.ir/script/DoceboLMS403PersianScript.ir.zip...

CVE-2015-7777

CVE-2015-7777 corresponds to a cross-site scripting (XSS) vulnerability in the index.php script of the JosephErnest Void CMS, exploitable via a crafted URI to affect Void versions released before 2015-10-02. Public sources in connected documents confirm the affected product (Void CMS), the vulner...

onanera.eu XSS vulnerability

Vulnerable URL: http://www.onanera.eu/index.php?tag="';-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website status:| No Check...

keramikboa.se XSS vulnerability

Vulnerable URL: http://keramikboa.se/index.php?kat=sagofigurer="';-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website status:|...

CVE-2015-6500

Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service CPU consumption via a .. dot dot in the dir parameter to index.php/apps/files/ajax/scan.php...

Realtyna RPL Joomla Extension 8.9.2 index.php 参数 Itemid SQL注入

No description provided by source...

eXtplorer vulnerable to cross-site request forgery

Overview eXtplorer is a web-based file manager. index.php of eXtplorer contains a cross-site request forgery CWE-352 vulnerability. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

JVN#92520335: eXtplorer vulnerable to cross-site request forgery

eXtplorer is a web-based file manager. index.php of eXtplorer contains a cross-site request forgery CWE-352 vulnerability. Impact If a user views a malicious page while logged in, the user may be forced to implicitly perform unintended operations such as the execution of arbitrary PHP code...

mao10cms文件包含漏洞（有条件）

简要描述： mao10cms有条件的文件包含漏洞 详细说明： 1.mao10cms采用了mysqli的数据库操作方式，而且所有的数据库操作都是参数绑定的，蛋疼。只有来看一个有条件的文件包含漏洞了。漏洞文件index.php $act; else : require "gdb.php"; endif; 2.这里的$GET'm'直接传入了require，二没有经过过滤，那么就可以考虑截断的文件包含。两种方式，一种是%00，一种是超长文件。两种都有条件，大家懂得。这里以%00为例，注册一个用户，上传一张图片马 然后下面可以获取到图片的路径，直接进行包含...

mcGallery 'lang' Parameter Multiple Cross Site Scripting Vulnerabilities

背景： PhpForums.net mcGallery是一款网站图片管理脚本工具。 类型： xss 影响： 可注入任意web脚本或HTML 分析： PhpForums.net mcGallery 1.1版本中存在多个跨站脚本攻击漏洞。远程攻击者可以借助对 1admin.php, 2index.php, 3sess.php, 4stats.php, 5detail.php, 6resize.php, 7show.php的lang参数，注入任意web脚本或HTML。...

rtalabel.org XSS vulnerability

Vulnerable URL: http://www.rtalabel.org/index.php Details: Description| Value ---|--- Patched:| Yes, at 28.10.2015 Latest check for patch:| 28.10.2015 19:56 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 84218 Google Pagerank| 6 VIP website status:| No Check...