poc

This repository appears to be a collection of proof-of-concept PoC exploits for various vulnerabilities, primarily targeting web applications. The PoCs are written in Python and utilize the Beebeeto framework. The PoCs cover a range of vulnerabilities, including SQL injection, cross-site scriptin...

Schneider Electric U.motion Builder SOAP Remote Code Execution Vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder SOAP. The system allows SOAP requests to execute arbitrary SQL commands. An attacker could exploit the vulnerability to execute arbitrary...

Schneider Electric U.motion Builder editobject remote code execution vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in the Schneider Electric U.motion Builder editobject. The underlying SQLite database query requires SQL injection on the type input parameter. A remote attacker could exploit the...

Schneider Electric U.motion Builder track_import_export remote code execution vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder trackimportexport. When the export operation is selected in an applet call, the underlying SQLite database query requires SQL injection of the...

SQL Injection Vulnerability in State Micro CMS Attachment Lists

State Micro CMS is one of the mainstream CMS systems in China, is also the largest open source platform provider in the field of PHP in southern China. State Micro CMS attachment list SQL injection vulnerability exists. The vulnerability stems from the attachment list parameter filtering is not...

CVE-2017-6668

Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager CUCDM could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. More Information: CSCvc52784 CSCvc97648. Known Affected...

Openbravo Business Suite SQL Injection Vulnerability

Openbravo Business Suite is a management and business process optimization solution from Openbravo Spain. A SQL injection vulnerability exists in Openbravo Business Suite version 3.0. A remote attacker can exploit this vulnerability to inject arbitrary SQL code...

Xavier SQL Injection Vulnerability

Xavier - PHP is a login script and user management administration panel. Xavier suffers from a SQL injection vulnerability. Allows attackers to exploit the vulnerability to obtain sensitive information...

Fastspot BigTree CMS SQL Injection Vulnerability (CNVD-2017-08707)

Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in Fastspot BigTree CMS 4.2.18 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

TeamPass SQL Injection Vulnerability (CNVD-2017-11316)

TeamPass is a dedicated password manager for Apache, MySQL and PHP. A SQL injection vulnerability exists in the users.queries.php file in versions of TeamPass prior to 2.1.27.4. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

WordPress Multi Feed Reader Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on PHP and MySQL servers.Multi Feed Reader is one of the components used to create RSS feed templates. A SQL injection vulnerability exists in Mult...

Dolibarr ERP/CRM SQL Injection Vulnerability (CNVD-2017-11315)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A SQL injection vulnerability exists in the user/index.php fil...

TPshop 2.0 Backend SQL Injection Vulnerability in Multiple Different Page Parameters

TPshop open source mall system Thinkphp shop for short , is a set of Shenzhen Soleil Networks Ltd. developed a set of multi- merchant model of the mall system . TPshop 2.0 background parameters of a number of different pages mobile, id and orderby the existence of SQL injection leaks , allowing...

Flash cms /wap has multiple SQL Injection Vulnerabilities

Flash Flash cms is a flash website system developed by Zibo Flash Network Technology Co. Flash cms has a SQL injection vulnerability. The vulnerability stems from the program's failure to filter user-submitted data, which can be exploited by attackers to obtain sensitive database information...

Joomla VideoFlow SQL Injection Vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in Joomla VideoFlow. An attacker can exploit this vulnerability to gain access to sensitive database information...

INFOR EAM SQL Injection Vulnerability

Infor EAM is the best configurable enterprise-class asset management solution on the market. Improve capital asset management by increasing reliability, enhancing predictive maintenance, ensuring regulatory compliance, reducing energy consumption, and supporting sustainability programs. An SQL...

finecms has a csrf vulnerability

FineCMS is a content management system based on PHP+MySql. A CSRF vulnerability exists in the finecms backend form for executing SQL, which can be exploited by attackers to trick administrators into clicking on a malicious link to execute SQL statements and write a webshell to gain server...

Apple macOS Sierra SQLite SQL Query Memory Corruption Vulnerability

Apple macOS is a set of operating systems that run on Apple's Macintosh line of computers. A memory corruption vulnerability exists in the Apple macOS Sierra SQLite SQL query, which can be exploited by a remote attacker to submit a special WEB page and trick the user into parsing it to execute...

Apple macOS Sierra SQLite SQL Query Arbitrary Code Execution Vulnerability

Apple macOS is an operating system that runs on Apple's Macintosh line of computers. An arbitrary code execution vulnerability exists in the Apple macOS Sierra SQLite SQL query, which can be exploited by a remote attacker to submit a special SQL query and execute arbitrary code...

UBUNTU-CVE-2017-2519

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial o...