Lucene search
K

334 matches found

Exploit DB
Exploit DB
added 2021/08/30 12:0 a.m.184 views

Bus Pass Management System 1.0 - 'viewid' SQL Injection

Exploit Title: Bus Pass Management System 1.0 - 'viewid' SQL Injection Date: 2021-08-28 Exploit Author: Aryan Chehreghani Vendor Homepage: https://phpgurukul.com/bus-pass-management-system-using-php-and-mysql Software Link:...

7.4AI score
Exploits0
Huntr
Huntr
added 2021/08/27 3:25 a.m.8 views

Path Traversal in os4ed/opensis-classic

✍️ Description The ajax.php modname parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. 🕵️‍♂️ Proof of Concept // Ajax.php GET /Ajax.php?modname=../../../../../../../../../../../../../../../../etc/passwd HTTP/1.1 302 Found Location: index.php...

2.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/20 12:0 a.m.303 views

Online Traffic Offense Management System 1.0 SQL Injection

Exploit Title: Online Traffic Offense Management System 1.0 - 'id' SQL Injection Authenticated Date: 19/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link:...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/20 12:0 a.m.404 views

Online Traffic Offense Management System 1.0 - 'id' SQL Injection (Authenticated)

Exploit Title: Online Traffic Offense Management System 1.0 - 'id' SQL Injection Authenticated Date: 19/08/2021 Exploit Author: Justin White Vendor Homepage: https://www.sourcecodester.com Software Link:...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/08/16 2:15 p.m.30 views

CVE-2021-38757

Persistent cross-site scripting XSS in Hospital Management System targeted towards web admin through contact.php...

6.1CVSS6.3AI score0.00876EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2021/08/15 6:15 p.m.53 views

CVE-2021-38699

TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/systemlogs...

5.4CVSS6.1AI score0.07977EPSS
Exploits5References7
Cvelist
Cvelist
added 2021/08/03 12:30 p.m.25 views

CVE-2021-37832

A SQL injection vulnerability exists in version 3.0.2 of Hotel Druid when SQLite is being used as the application database. A malicious attacker can issue SQL commands to the SQLite database through the vulnerable idappartamenti parameter...

10AI score0.04102EPSS
Exploits3References2
Packet Storm
Packet Storm
added 2021/07/21 12:0 a.m.496 views

Online Shopping Portal 3.1 SQL Injection

Exploit Title: Online Shopping Portal - time-based blind SQL Injection Date: 2021-07-09 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: 3.1 Tested on: Windows 10, XAMPP...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/16 12:0 a.m.196 views

Cotonti Siena 0.9.19 Cross Site Scripting

Exploit Title: Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting Date: 2021-15-06 Exploit Author: Fatih İLGİN Vendor Homepage: cotonti.com Vulnerable Software: https://www.cotonti.com/download/siena0919 Affected Version: 0.9.19 Tested on: Windows 10 Vulnerable Parameter Type: POST...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/11 12:0 a.m.312 views

Grocery crud 1.6.4 - 'order_by' SQL Injection

Exploit Title: Grocery crud 1.6.4 - 'orderby' SQL Injection Date: 11/06/1963 Exploit Author: TonyShavez Vendor Homepage: https://www.grocerycrud.com/ Software Link: https://www.grocerycrud.com/downloads Version: v2.0.1 Tested on: Linux Ubuntu Proof Of concept : ======================= Request: PO...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/10 12:0 a.m.398 views

Student Result Management System 1.0 - 'class' SQL Injection

Exploit Title: Student Result Management System 1.0 - 'class' SQL Injection Date: 09.09.2020 Exploit Author: Riadh Benlamine rbn0x00 Vendor Homepage : https://projectworlds.in Software Page: https://projectworlds.in/free-projects/php-projects/student-result-management-system-project-in-php/...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/06/03 12:0 a.m.709 views

CHIYU IoT Devices - Denial of Service (DoS)

Exploit Title: CHIYU IoT Devices - Denial of Service DoS Date: 01/06/2021 Exploit Author: sirpedrotavares Vendor Homepage: https://www.chiyu-tech.com/msg/msg88.html Software Link: https://www.chiyu-tech.com/category-hardware.html Version: BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC - all...

6.8CVSS6.6AI score0.4367EPSS
Exploits4
Packet Storm
Packet Storm
added 2021/05/19 12:0 a.m.188 views

COVID19 Testing Management System 1.0 Cross Site Scripting

Exploit Title: COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting XSS Date: 19/05/2021 Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/05/19 12:0 a.m.142 views

COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (XSS)

Exploit Title: COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting XSS Date: 19/05/2021 Exploit Author: Rohit Burke Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/ Version: 1.0 Tested on:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/17 12:0 a.m.305 views

Advanced Guestbook 2.4.4 Cross Site Scripting

Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Date: 17/08/2021 Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4....

0.2AI score
Exploits0
0day.today
0day.today
added 2021/05/17 12:0 a.m.168 views

Advanced Guestbook 2.4.4 - (Smilies) Persistent Cross-Site Scripting Vulnerability

Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting XSS Exploit Author: Abdulkadir AYDOGAN Vendor Homepage: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Software Link: https://www.ampps.com/apps/guestbooks/AdvancedGuestbook Version: 2.4.4 Advanced...

0.1AI score
Exploits0
Prion
Prion
added 2021/04/23 9:15 p.m.20 views

Sql injection

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1...

5CVSS7.7AI score0.12245EPSS
Exploits1References2Affected Software1
Huntr
Huntr
added 2021/03/26 11:46 a.m.7 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtererclient" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...

1.7AI score
Exploits0
Huntr
Huntr
added 2021/03/26 11:41 a.m.15 views

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtereritem" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...

1.8AI score
Exploits0
0day.today
0day.today
added 2021/02/26 12:0 a.m.37 views

Online Catering Reservation System 1.0 SQL Injection Vulnerability

Exploit Title: Online Catering Reservation System - SQL Injection Authenticated Exploit Author: email protected Vendor Homepage: https://www.sourcecodester.com/php/11355/online-catering-reservation.html Software Link:...

0.4AI score
Exploits0
Rows per page
Query Builder