7210 matches found
Ginkgo CMS - 'index.php?rang' SQL Injection
/\ \ /\ \ /\ \ /\ \ /\ \ /\ \ /\ /\ \ \ \ \ //\ \///'/'\ \ \ \ \ /'\ \ \ \L\ \ \ \ \ \ \ \ \ /\ /\ \ \ \ \ //'/' \ \ \ /'\ /'\ \ , \ \ , /\ \ \ \ \ \ \ \L\ \ \ \ \ \ \ //'/' \ \ \ \ /\ \L./\ /\ \ \\ \ \ \ \ \ \ \ \ /\ / /\/\\ \ \ /.\ \\ \ \/\\ \ \ \ // // ////...
CVE-2013-3515
Multiple cross-site scripting XSS vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 package parameter to www/admin/plugin-index.php or the 2 group parameter to www/admin/plugin-settings.php...
CVE-2013-2242
Summary: CVE-2013-2242 affects Moodle versions up to 2.5.x, where the chat daemon could be accessed by remote authenticated users due to insufficient checks on mod/chat:chat capability before authorizing daemon-mode chat. This could bypass intended access restrictions via an HTTP session to a cha...
metinfo 5.1.7 getshell 0day vulnerabilities attached to the use of the Exp-bug warning-the black bar safety net
1:code analysis about/index.php $filpy = basenamedirnameFILE; $fmodule=1; requireonce ‘../include/module.php’; requireonce $module; Binding metinfo global variables covering the mechanisms can contain files Test:http://w/coder/metinfo/about/? module=../robots. txt&fmodule=7 2:getshell Find a can...
Elemata CMS SQLi Vulnerability
Elemata CMS is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PHP-Charts 1.0 - index.php?type Remote Code Execution
PHP-Charts 1.0 - index.php?type Remote Code Execution !/usr/bin/python Original Advisory came from: http://packetstormsecurity.com/files/119582/PHP-Charts-1.0-Code-Execution.html infodox - insecurety.net import requests import random import threading import sys def genpayloadhost, port: """ Perl...
易思espcms某处sql注入漏洞,附详细分析与POC代码
简要描述: 小菜刚学代码审核 详细说明: 文件 /interface/forummain.php中$userid未过滤进入sql语句 第17行到32行 function inlist parent::startpagetemplate; parent::memberpurview0, $this-mlink'orderlist'; includeonce adminROOT . 'public/classpagebotton.php'; $lng = adminLNG == 'big5' ? $this-CON'islancode' : adminLNG; $page =...
mkCMS - 'index.php' Arbitrary PHP Code Execution
source: https://www.securityfocus.com/bid/60488/info mkCMS is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code within the context of the affected application. mkCMS 3.6 is vulnerable; other versions may also be affected...
PHPMyWind CMS v4. 6. 3 Beta 0day-vulnerability warning-the black bar safety net
BUG-1: permission to bypass File location: goodsshow.php Problem code: 2 0 //Do not allow visitors under the single jump landing 2 1 ifempty$COOKIE'username' /just a simple determination of whether or not it is empty 2 2 2 3 header'location:member. php? c=login'; 2 4 exit; 2 5 2 6 Brief...
Cross site scripting
Cross-site scripting XSS vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information...
PHP-Charts 1.0 - Code Execution
PHP-Charts 1.0 - Code Execution Exploit Title: PHP-CHARTS v1.0 code execution vulnerability Date: 05/15/2013 Exploit Author: fizzle stick Vendor Homepage: http://php-charts.com/ Software Link: http://php-charts.com/downloads/php-chartv1.0.zip Version: v1.0 Tested on: Windows Summary: PHP-charts...
Server: Password autocompletion
Index.php aka the login page contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate attackers to obtain the password from web browsers that support autocomplete. For more information please consult t...
Hloun Support Management System 3.0 SQL Injection / Bypass
Hloun Support Management System version 3.0 suffers from authentication bypass and remote SQL injection vulnerabilities. fixhashuser$COOKIE'onlineadmin'; $userquery = "SELECT FROM member WHERE username='".$memberhash'username'."' AND password='".$memberhash'password'."'"; $member =...
Yahoo! TW YSM MKT - Blind SQL Injection Vulnerability
Document Title: =============== Yahoo! TW YSM MKT - Blind SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=892 Release Date: ============= 2013-04-02 Vulnerability Laboratory ID VL-ID: ==================================== 892...
Sql injection
SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action...
CVE-2013-2690
CVE-2013-2690 is a SQL injection vulnerability in the SynConnect 2.0 login flow of Synchroweb Technology. The flaw affects index.php where an attacker can manipulate the loginid parameter in a logoff action to execute arbitrary SQL commands. Reported in NVD with a base score of 7.5 (HIGH) and net...
SynConnect SQL Injection
Title: ==== SynConnect - SQL Injection vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== Date: ==== 01-03-2013 CRD: ==== CRD-2013-01 Vendor: ====== Synchroweb Technology is a provider of application...
Joomla! Component com_rsfiles - 'cid' SQL Injection
Title : Joomla Component RSfiles = cid SQL injection Vulnerability Author : ByEge Contact : http://byege.blogspot.com Date : 18.03.2013 S.Page : http://www.rsjoomla.com Dork : inurl:index.php?option=comrsfiles DorkEx :...
Batavi - index.php Cross-Site Scripting
Batavi - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/58151/info Batavi is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
webAssist Sql Injection Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...