334 matches found
Bus Pass Management System 1.0 - 'viewid' SQL Injection
Exploit Title: Bus Pass Management System 1.0 - 'viewid' SQL Injection Date: 2021-08-28 Exploit Author: Aryan Chehreghani Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...
Path Traversal in os4ed/opensis-classic
✍️ Description The ajax.php modname parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. 🕵️♂️ Proof of Concept // Ajax.php GET /Ajax.php?modname=../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 302 Found Location: index.php...
Online Traffic Offense Management System 1.0 SQL Injection
Exploit Title: Online Traffic Offense Management System 1.0 - 'id' SQL Injection Authenticated Date: 19/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link:...
Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated)
Exploit Title: Online Traffic Offense Management System 1.0 - 'id' SQL Injection Authenticated Date: 19/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link:...
CVE-2021-38757
Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through contact.php...
CVE-2021-38699
TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/systemlogs...
CVE-2021-37832
A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter...
Online Shopping Portal 3.1 SQL Injection
Exploit Title: Online Shopping Portal - time-based blind SQL Injection Date: 2021-07-09 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: 3.1 Tested on: Windows 10, XAMPP...
Cotonti Siena 0.9.19 Cross Site Scripting
Exploit Title: Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting Date: 2021-15-06 Exploit Author: Fatih İLGİN Vendor Homepage: cotonti.com Vulnerable Software: https://www.cotonti.com/download/siena0919 Affected Version: 0.9.19 Tested on: Windows 10 Vulnerable Parameter Type: POST...
Grocery crud 1.6.4 - 'order_by' SQL Injection
Exploit Title: Grocery crud 1.6.4 - 'orderby' SQL Injection Date: 11/06/1963 Exploit Author: TonyShavez Vendor Homepage: https://www.grocerycrud.com/ Software Link: https://www.grocerycrud.com/downloads Version: v2.0.1 Tested on: Linux Ubuntu Proof Of concept : ======================= Request: PO...
Student Result Management System 1.0 - 'class' SQL Injection
Exploit Title: Student Result Management System 1.0 - 'class' SQL Injection Date: 09.09.2020 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage : https://projectworlds.in Software Page: https://projectworlds.in/free-projects/php-projects/student-result-management-system-project-in-php/...
CHIYU IoT Devices - Denial of Service (DoS)
Exploit Title: CHIYU IoT Devices - Denial of Service DoS Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all...
COVID19 Testing Management System 1.0 Cross Site Scripting
Exploit Title: COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting XSS Date: 19/05/2021 Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...
COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (XSS)
Exploit Title: COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting XSS Date: 19/05/2021 Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...
Advanced Guestbook 2.4.4 Cross Site Scripting
Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Date: 17/08/2021 Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4....
Advanced Guestbook 2.4.4 - (Smilies) Persistent Cross-Site Scripting Vulnerability
Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4.4 Advanced...
Sql injection
An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1...
Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system
✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtererclient" Parameter 🕵️♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...
Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system
✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtereritem" Parameter 🕵️♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...
Online Catering Reservation System 1.0 SQL Injection Vulnerability
Exploit Title: Online Catering Reservation System - SQL Injection Authenticated Exploit Author: email protected Vendor Homepage: https://www.sourcecodester.com/php/11355/online-catering-reservation.html Software Link:...