334 matches found
SUSE CVE-2006-4256
index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different...
CVE-2022-44718
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur issue 2 of 2. After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack...
CVE-2022-44717
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur issue 1 of 2. After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack...
Academy LMS 5.11 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
eCart Web 5.0.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Tiki Wiki CMS Groupware 25.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Online Food Ordering System 2.0 SQL Injection
Exploit Title: Online Food Ordering System v2 - Sql Injection Time-Based Blind Date: 01/10/2023 Exploit Author: Anıl Kızıltan Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Software Link:...
PT-2023-14165 · WordPress · Wp Autocomplete Search
Name of the Vulnerable Software and Affected Versions: WP AutoComplete Search WordPress plugin versions 1.0.4 and earlier Description: The issue arises from the plugin's failure to sanitise and escape a parameter before using it in a SQL statement via an AJAX endpoint available to unauthenticated...
PT-2022-26794 · Unknown · Billing System Project
Name of the Vulnerable Software and Affected Versions: Billing System Project version 1.0 Description: A SQL injection issue was found in the Billing System Project. The vulnerability can be exploited via the id parameter at the "editorder.php" endpoint. Recommendations: For Billing System Projec...
Sql injection
The application was vulnerable to multiple instances of SQL injection authenticated and unauthenticated through a vulnerable parameter. Due to the stacked query support, complex SQL commands could be crafted and injected into the vulnerable parameter and using a sleep based inferential SQL...
PT-2022-20193 · Red Os · Red Os
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue allows for SQL injection, both authenticated and unauthenticated, through a vulnerable parameter. This parameter can be used to craft and inject complex SQL commands due t...
Joomla Rentalot Plus 19.05 Cross Site Scripting Vulnerability
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploits ┌┘ └───────────────────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : │ Website : extensions.joomla.org │ │ Vendor : Les Arbres Design │ │ Software :...
NoSQL Injection Authentication Bypass
A NoSQL injection occurs when a value originating from the client's request is used within a NoSQL call without prior sanitisation. This can allow cyber-criminals to execute arbitrary NoSQL code and thus steal data, or use the additional functionality of the database server to take control of...
U.S. Dept Of Defense: Open Redirect at █████
Open Redirect on https://███ User can be redirect to malicious site POC: ████████/texis/search/redir.html?query=1234&pr=External+Meta&prox=page&rorder=500&rprox=500&rdfreq=500&rwfreq=250&rlead=500&rdepth=62&sufs=3&order=r&u=http://evil.com&m=0&p=2 I hope you know the impact of open redirect and...
Prison Management System SQL注入漏洞
Prison Management System is a prison management system from Carlo Montero's personal developer. v1.0 of Prison Management System is vulnerable to SQL injection, which originates from the id in /pms/admin/cells/viewcell.php in the application. parameter in /pms/admin/cells/viewcell.php lacks a...
CVE-2022-32373
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/getexam.php?id=...
Blockchain AltExchanger 1.2.1 SQL Injection
Information Vulnerability Name : Multiple Remote SQL Injections in Inout Blockchain AltExchanger Product : Inout Blockchain AltExchanger version : 1.2.1 Date : 2022-05-21 Vendor Site : https://www.inoutscripts.com/products/inout-blockchain-altexchanger/ Exploit Detail :...
CVE-2022-25617
Reflected Cross-Site Scripting XSS vulnerability in Code Snippets plugin = 2.14.3 at WordPress via &orderby vulnerable parameter...
Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting
Vulnerability Type Stored Cross Site-Scripting XSS Affected URL https://localhost/openemr-6.0.0/ /interface/super/rules/index.php?action=edit!submitsummary Affected Parameters “fldtitle” Authentication Required? Yes Issue Summary Non-privilege users accounting, front-office can create new rule an...
Loki RAT (Relapse) SQL Injection
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/aabb54951546132e70a8e9f02bf8b5baB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Loki RAT Relapse Vulnerability: SQL Injection Description: The LokiRAT WebUI panel for...