302 matches found
Travel Booking < 2.8.4 - Unauthenticated SQL Injection
Unauthenticated SQL Injection via the locationid parameter sqlmap --url="https://example.com/search-rental-full-map/?locationid=1" -dbs --random-agent --time-sec=8 03:13:37 INFO resuming back-end DBMS 'mysql' sqlmap resumed the following injection points from stored session: --- Parameter:...
PT-2020-14545 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mail...
WordPress Official MailerLite Sign Up Forms plugin <= 1.4.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found by Dave WebARX in WordPress Official MailerLite Sign Up Forms plugin versions = 1.4.3. Solution Update the WordPress Official MailerLite Sign Up Forms plugin to the latest available version at least 1.4.4...
CVE-2019-18866
Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database...
CVE-2020-5308
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName parameter in add-product.php. Recent assessments: cinzinga at March 09, 2020...
CVE-2016-9488
ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from remote SQL injection vulnerabilities. An unauthenticated attacker is able to access the URL /servlet/MenuHandlerServlet, which is vulnerable to SQL injection. The attacker could extract users' password hashes, whi...
WordPress User Control plugin <=2.1.0 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability found by JustThomas in WordPress User Control plugin versions =2.1.0. Solution This plugin has been closed and is no longer available for download. Please Deactivate and delete...
CVE-2017-14743
Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/deviceservice, as demonstrated by reading the admin password...
osTicket 1.10 - SQL Injection (PoC)
ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions Affected: = v1.10 Technology: PHP...
osTicket 1.10 - SQL Injection (PoC)
osTicket 1.10 - SQL Injection PoC 1. ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions...
osTicket 1.10 SQL Injection
ADVISORY INFORMATION ======================================== Title: osTicket v1.10 Unauthenticated SQL Injection Application: osTicket Bugs: SQL Injection Class: Sensitive Information disclosure Remotely Exploitable: Yes Authentication Required: NO Versions Affected: = v1.10 Technology: PHP...
EyesOfNetwork (EON) 5.1 SQL Injection
Exploit Title: EyesOfNetwork EON 5.1 Unauthenticated SQL Injection in eonweb leading to remote root Google Dork: intitle:EyesOfNetwork intext:"sponsored by AXIANS" Date: 29/03/2017 Exploit Author: Dany Bach Vendor Homepage: https://www.eyesofnetwork.com/ Software Link:...
Schoolhos CMS 2.29 Multiple vulnerabilities / RCE Exploit
Exploit for php platform in category web applications \x0d\x0a-----------------------------26518470919255\x0d\x0a\x0d\x0a' \ 'http://HOST/PATH/elearningku/proses.php?pilih=guru&untukdi=upload' php file...
PT-2016-4516 · Huge It · Huge-It Portfolio Gallery Plugin
Name of the Vulnerable Software and Affected Versions: Huge-IT Portfolio Gallery Plugin version 1.0.6 Description: The issue is related to an unauthenticated SQL Injection. No information is provided about the estimated number of potentially affected devices or real-world incidents...
WordPress Booking Calendar Contact Form 1.1.23 Plugin - Unauthenticated SQL Injection
Exploit for php platform in category web applications Exploit Title: WordPress appointment-booking-calendar =1.1.23 - Unauthenticated SQL injection Date: 2016-01-26 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez i0akiN...
Support Ticket System <= 1.2 - Unauthenticated SQL Injection
The Support Ticket System WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability...
Watchguard XCS 10.0 - Multiple Vulnerabilities
Watchguard XCS 10.0 - Multiple Vulnerabilities , , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Watchguard XCS Multiple Vulnerabilities Affected versions: Watchguard XCS =10.0 PDF:...
Symantec Data Center Security - Multiple Vulnerabilities
Symantec Data Center Security: Server Advanced SDCS:SA and Symantec Critical System Protection SCSP suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities. ======================================================================= title:...
Participants Database < 1.5.4.9 - Unauthenticated SQL Injection
The Participants Database WordPress plugin was affected by an Unauthenticated SQL Injection vulnerability via the query parameter of the export CSV action...
Raritan PowerIQ 4.1.0 - SQL Injection (Metasploit)
=begin Raritan PowerIQ suffers from an unauthenticated SQL injection vulnerability within an endpoint used during initial configuration of the licensing for the product. This endpoint is still available after the appliance has been fully configured. POST /license/records HTTP/1.1 Host: 192.168.1....