376 matches found
MaxOn ERP Software 8.x / 9.x SQL Injection
Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download: https://datapacket.dl.sourceforge.net/project/maxon/maxon.rar Version:...
Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Academic Timetable Final Build 7.0b - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link:...
MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection
Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download: https://datapacket.dl.sourceforge.net/project/maxon/maxon.rar Version:...
MaxOn ERP Software 8.x-9.x - nomor SQL Injection
MaxOn ERP Software 8.x-9.x - nomor SQL Injection Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download:...
HaPe PKH 1.1 - Arbitrary File Upload
HaPe PKH 1.1 - Arbitrary File Upload Exploit Title: HaPe PKH 1.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Test...
CVE-2018-16432
BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...
Sql injection
BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...
CVE-2018-16432
BlueCMS 1.6 allows SQL Injection via the username parameter to uploads/user.php?act=indexlogin...
Remote Code Execution Vulnerability in All Series of ECShop Versions
ECShop is a B2C independent online store system, suitable for enterprises and individuals to quickly build a personalized online store. The system is based on PHP language and MYSQL database structure development of cross-platform open source program. A remote code execution vulnerability exists ...
CVE-2018-14971
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS...
CVE-2018-8925
Cross-site request forgery CSRF vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the 1 username, 2 password, 3 admin, 4 action, 5 uid, or 6 modifyadmin parameter...
CVE-2018-8925
Cross-site request forgery CSRF vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the 1 username, 2 password, 3 admin, 4 action, 5 uid, or 6 modifyadmin parameter...
CVE-2018-10268
An issue was discovered in FastAdmin V1.0.0.20180417beta. There is XSS via the application\api\controller\User.php avatar parameter...
CVE-2018-10268
An issue was discovered in FastAdmin V1.0.0.20180417beta. There is XSS via the application\api\controller\User.php avatar parameter...
CVE-2018-10268
An issue was discovered in FastAdmin V1.0.0.20180417beta. There is XSS via the application\api\controller\User.php avatar parameter...
CVE-2018-9162
Contec Smart Home 4.15 devices do not require authentication for newuser.php, edituser.php, deleteuser.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors...
clickthecity.com XSS vulnerability
Open Bug Bounty ID: OBB-572674 Description| Value ---|--- Affected Website:| clickthecity.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
CVE-2018-6009
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity...
CVE-2018-6009
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity...
CVE-2018-6009
In Yii Framework 2.x before 2.0.14, the switchIdentity function in web/User.php did not regenerate the CSRF token upon a change of identity...