116 matches found
MOVEit Transfer 11.1.1 SQL Injection
Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...
MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection
Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...
Sql injection
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter...
Roland Gruber Softwareentwicklung LDAP Account Manager Cross-Site Request Forgery Vulnerability
Roland Gruber Softwareentwicklung LDAP Account Manager is an LDAP account manager for managing various account types in the LDAP directory. A security vulnerability exists in Roland Gruber Softwareentwicklung LDAP Account Manager versions prior to 6.3, which originates when the program places a...
CVE-2017-17587
FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter...
FS Facebook Clone - 'token' SQL Injection
Exploit Title: FS Facebook Clone - 'token' SQL Injection Date: 2017-12-06 Exploit Author: Dan° Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/facebook-clone/ Version: 2017-12-06 Tested on: Kali Linux 2.0 PoC: SQL Injection on GET parameter = token...
FS Shaadi Clone - token SQL Injection
FS Shaadi Clone - token SQL Injection Exploit Title: FS Shaadi Clone - SQL Injection Date: 2017-12-05 Exploit Author: Dan° Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/shaadi-clone/ Version: 2017-12-05 Tested on: Kali Linux 2.0 PoC: SQL Injection ...
CVE-2017-17431
GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, term, to, or token parameter. NOTE: this might overlap CVE-2017-14761, CVE-2017-14762, or CVE-2017-14765...
ConverTo Video Downloader&Converter File Download Vulnerability
ConverTo Video Downloader&Converter is an online video download system. A security vulnerability exists in ConverTo Video Downloader&Converter version 1.4.1. The vulnerability can be exploited to download arbitrary files by sending a 'token' parameter to the download.php file...
CVE-2017-15956
ConverTo Video Downloader & Converter 1.4.1 allows Arbitrary File Download via the token parameter to download.php...
Accellion File Transfer Appliance Command Execution Vulnerability
Accellion File Transfer Appliance FTA is a file transfer solution from Accellion USA. The solution supports file transfer, file sharing, file transfer tracking and reporting, and more. A security vulnerability exists in Accellion FTA versions prior to FTA911210. A remote attacker can exploit the...
Sophos Web Appliance Remote Command Injection Vulnerability (CNVD-2017-04889)
Sophos Web Appliance SWA is a suite of Web security gateway products from Sophos UK. The product supports real-time web threat protection, customized web filtering and dynamic control of applications. A remote command injection vulnerability exists in the interface for report generation in Sophos...
CVE-2017-6184
In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303...
CVE-2017-6184
In Sophos Web Appliance SWA before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303...
amigo-browser.ru XSS vulnerability
Vulnerable URL: http://amigo-browser.ru/dkit-hps/?chid=12930partnerid=dse.1:812270,dse.2:812274,hp.1:812269,hp.2:812273,pult.1:812271,pult.2:812275,any.2:812272,any:812268=fDrYpMqTUQ=818068=hdclub"alert/OPENBUGBOUNTY/...
CVE-2017-6099
Cross-site scripting XSS vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK aka merchant-sdk-php 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
CVE-2017-6099
Cross-site scripting XSS vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK aka merchant-sdk-php 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter...
Itech B2B Script SQL Injection Vulnerability (CNVD-2017-01850)
B2B Script v4.29 is a versatile WEB solution for those who want to quickly publish their B2B portals in minutes. A SQL injection vulnerability exists in the 'token' in the catcompany.php page in B2B Script v4.29, which can be exploited by an attacker to obtain sensitive information from the...
SQL Injection Vulnerability in the 'token[]' Parameter of Shangyi CMS
Shangyi CMS, or 31cms for short, is a drop-in microsoft public platform management system. A SQL injection vulnerability exists in Business Easy CMS. The lack of filtering of the 'token' parameter allows attackers to exploit the vulnerability to obtain sensitive information about the database...
Vimeo: All Vimeo Private videos disclosure via Authorization Bypass
Hello, There is a vulnerability in https://vimeo.com/VIDEOID?action=share that makes all Vimeo private videos available to anybody. POC link : http://opnsec.com/vimeo/vl/videoLeak.php?video=VIDEOID POC requirements : - No need to be logged in Vimeo - Because of sensitivity of this, I put a passwo...