Lucene search
K

116 matches found

Packet Storm
Packet Storm
added 2020/04/13 12:0 a.m.105 views

MOVEit Transfer 11.1.1 SQL Injection

Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...

7.5CVSS0.2AI score0.05187EPSS
Exploits4
Exploit DB
Exploit DB
added 2020/04/13 12:0 a.m.181 views

MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection

Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...

9.4CVSS7AI score0.05187EPSS
Exploits4
Prion
Prion
added 2020/02/18 6:15 p.m.30 views

Sql injection

SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter...

7.5CVSS9AI score0.03671EPSS
Exploits5References4Affected Software1
CNVD
CNVD
added 2018/03/29 12:0 a.m.1 views

Roland Gruber Softwareentwicklung LDAP Account Manager Cross-Site Request Forgery Vulnerability

Roland Gruber Softwareentwicklung LDAP Account Manager is an LDAP account manager for managing various account types in the LDAP directory. A security vulnerability exists in Roland Gruber Softwareentwicklung LDAP Account Manager versions prior to 6.3, which originates when the program places a...

8.8CVSS6.9AI score0.01344EPSS
Exploits2References1
OSV
OSV
added 2017/12/13 9:29 a.m.1 views

CVE-2017-17587

FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter...

9.8CVSS5.8AI score0.02978EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2017/12/07 12:0 a.m.77 views

FS Facebook Clone - 'token' SQL Injection

Exploit Title: FS Facebook Clone - 'token' SQL Injection Date: 2017-12-06 Exploit Author: Dan° Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/facebook-clone/ Version: 2017-12-06 Tested on: Kali Linux 2.0 PoC: SQL Injection on GET parameter = token...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2017/12/06 12:0 a.m.14 views

FS Shaadi Clone - token SQL Injection

FS Shaadi Clone - token SQL Injection Exploit Title: FS Shaadi Clone - SQL Injection Date: 2017-12-05 Exploit Author: Dan° Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/shaadi-clone/ Version: 2017-12-05 Tested on: Kali Linux 2.0 PoC: SQL Injection ...

0.5AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2017/12/05 9:29 p.m.4 views

CVE-2017-17431

GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765...

6.1CVSS5.4AI score0.00683EPSS
Exploits4References2
CNVD
CNVD
added 2017/11/03 12:0 a.m.1 views

ConverTo Video Downloader&Converter File Download Vulnerability

ConverTo Video Downloader&Converter is an online video download system. A security vulnerability exists in ConverTo Video Downloader&Converter version 1.4.1. The vulnerability can be exploited to download arbitrary files by sending a 'token' parameter to the download.php file...

7.5CVSS7AI score0.04661EPSS
Exploits0References1
OSV
OSV
added 2017/10/29 6:29 a.m.1 views

CVE-2017-15956

ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php...

7.5CVSS5.8AI score0.04661EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/23 12:0 a.m.4 views

Accellion File Transfer Appliance Command Execution Vulnerability

Accellion File Transfer Appliance FTA is a file transfer solution from Accellion USA. The solution supports file transfer, file sharing, file transfer tracking and reporting, and more. A security vulnerability exists in Accellion FTA versions prior to FTA911210. A remote attacker can exploit the...

9.8CVSS8.9AI score0.84178EPSS
Exploits12References1
CNVD
CNVD
added 2017/04/01 12:0 a.m.3 views

Sophos Web Appliance Remote Command Injection Vulnerability (CNVD-2017-04889)

Sophos Web Appliance SWA is a suite of Web security gateway products from Sophos UK. The product supports real-time web threat protection, customized web filtering and dynamic control of applications. A remote command injection vulnerability exists in the interface for report generation in Sophos...

6.5CVSS7.7AI score0.02545EPSS
Exploits1References1
OSV
OSV
added 2017/03/30 5:59 p.m.3 views

CVE-2017-6184

In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303...

4.7CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2017/03/30 5:59 p.m.16 views

CVE-2017-6184

In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303...

6.5CVSS5.3AI score0.02545EPSS
Exploits1References3
Openbugbounty
Openbugbounty
added 2017/03/14 5:36 p.m.10 views

amigo-browser.ru XSS vulnerability

Vulnerable URL: http://amigo-browser.ru/dkit-hps/?chid=12930partnerid=dse.1:812270,dse.2:812274,hp.1:812269,hp.2:812273,pult.1:812271,pult.2:812275,any.2:812272,any:812268=fDrYpMqTUQ=818068=hdclub"alert/OPENBUGBOUNTY/...

6.9AI score
Exploits0
NVD
NVD
added 2017/02/24 2:59 a.m.13 views

CVE-2017-6099

Cross-site scripting XSS vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK aka merchant-sdk-php 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1CVSS6.1AI score0.01244EPSS
Exploits1References2
OSV
OSV
added 2017/02/24 2:59 a.m.11 views

CVE-2017-6099

Cross-site scripting XSS vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK aka merchant-sdk-php 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...

6.1CVSS5.9AI score
Exploits0References2
CNVD
CNVD
added 2017/02/15 12:0 a.m.1 views

Itech B2B Script SQL Injection Vulnerability (CNVD-2017-01850)

B2B Script v4.29 is a versatile WEB solution for those who want to quickly publish their B2B portals in minutes. A SQL injection vulnerability exists in the 'token' in the catcompany.php page in B2B Script v4.29, which can be exploited by an attacker to obtain sensitive information from the...

7.8AI score
Exploits0References1
CNVD
CNVD
added 2017/01/16 12:0 a.m.1 views

SQL Injection Vulnerability in the 'token[]' Parameter of Shangyi CMS

Shangyi CMS, or 31cms for short, is a drop-in microsoft public platform management system. A SQL injection vulnerability exists in Business Easy CMS. The lack of filtering of the 'token' parameter allows attackers to exploit the vulnerability to obtain sensitive information about the database...

7.6AI score
Exploits0References1
Hacker One
Hacker One
added 2016/05/10 2:50 p.m.1763 views

Vimeo: All Vimeo Private videos disclosure via Authorization Bypass

Hello, There is a vulnerability in https://vimeo.com/VIDEOID?action=share that makes all Vimeo private videos available to anybody. POC link : http://opnsec.com/vimeo/vl/videoLeak.php?video=VIDEOID POC requirements : - No need to be logged in Vimeo - Because of sensitivity of this, I put a passwo...

0.3AI score
Exploits0
Rows per page
Query Builder