Lucene search
K

134 matches found

0day.today
0day.today
added 2020/07/02 12:0 a.m.174 views

ZenTao Pro 8.8.2 - Command Injection Exploit

Exploit for php platform in category web applications Exploit Title: ZenTao Pro 8.8.2 - Command Injection Exploit Author: Daniel Monzón & Melvin Boers Vendor Homepage: https://www.zentao.pm/ Version: 8.8.2 Tested on: Windows 10 / WampServer Other versions like pro or enterprise edition could be...

0.1AI score
Exploits0
0day.today
0day.today
added 2020/07/01 12:0 a.m.134 views

Online Shopping Portal 3.1 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Shopping Portal 3.1 - Authentication Bypass Exploit Author: Ümit Yalçın Vendor Homepage: https://phpgurukul.com/shopping-portal-free-download/ Version: 3.1 Tested on: Windows 10 / WampServer 1- Authentication Bypass Go to...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/07/01 12:0 a.m.191 views

Online Shopping Portal 3.1 SQL Injection / Shell Upload

Exploit Title: Online Shopping Portal 3.1 - Authentication Bypass Date: 2020-06-25 Exploit Author: Ümit Yalçın Vendor Homepage: https://phpgurukul.com/shopping-portal-free-download/ Version: 3.1 Tested on: Windows 10 / WampServer 1- Authentication Bypass Go to following url!...

Exploits0
0day.today
0day.today
added 2020/06/22 12:0 a.m.163 views

Student Enrollment 1.0 - Unauthenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Student Enrollment 1.0 - Unauthenticated Remote Code Execution Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14281/online-student-enrollment-system-using-phpmysqli.html Versio...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/06/22 12:0 a.m.275 views

Student Enrollment 1.0 Remote Code Execution

Exploit Title: Student Enrollment 1.0 - Unauthenticated Remote Code Execution Date: 2020-06-22 Exploit Author: Selim Enes 'Enesdex' Karaduman Vendor Homepage: https://www.sourcecodester.com/php/14281/online-student-enrollment-system-using-phpmysqli.html Version: 1.0 Tested on: Windows 10 /...

0.1AI score
Exploits0
CNVD
CNVD
added 2019/06/12 12:0 a.m.2 views

WampServer Cross-Site Request Forgery Vulnerability (CNVD-2019-17113)

WampServer is a Windows-based Web development platform . The platform integrates Apache, MySQL and PHP development environment. A cross-site request forgery vulnerability exists in the addvhost.php file in WampServer versions prior to 3.1.9. The vulnerability stems from the WEB application not...

6.5CVSS6.8AI score0.00438EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2019/06/11 12:0 a.m.88 views

WampServer >= 3.1.3, <= 3.1.8 CSRF Vulnerability

WampServer is prone to a cross-site request forgery CSRF vulnerability. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the...

6.5CVSS7.6AI score0.00438EPSS
Exploits1References1
NVD
NVD
added 2019/06/10 6:29 p.m.14 views

CVE-2019-11517

WampServer before 3.1.9 has CSRF in addvhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner...

6.5CVSS7.5AI score0.00438EPSS
Exploits1References1
OSV
OSV
added 2019/06/10 6:29 p.m.2 views

CVE-2019-11517

WampServer before 3.1.9 has CSRF in addvhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner...

6.5CVSS7AI score0.00438EPSS
Exploits1References1
Prion
Prion
added 2019/06/10 6:29 p.m.17 views

Cross site request forgery (csrf)

WampServer before 3.1.9 has CSRF in addvhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner...

5.8CVSS7.4AI score0.03267EPSS
Exploits7References1Affected Software1
Cvelist
Cvelist
added 2019/06/10 5:47 p.m.23 views

CVE-2019-11517

WampServer before 3.1.9 has CSRF in addvhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner...

7.4AI score0.00438EPSS
Exploits1References1
CVE
CVE
added 2019/06/10 5:47 p.m.60 views

CVE-2019-11517

CVE-2019-11517 is a CSRF in WampServer before 3.1.9 affecting add_vhost.php. The issue arose because the synchronizer pattern, implemented as remediation for CVE-2018-8817, was incomplete, allowing an attacker to add or delete vhosts without the owner’s consent. Public details across connected so...

6.5CVSS7.2AI score0.00438EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2019/06/10 12:0 a.m.300 views

Wampserver 3.1.8 Cross Site Request Forgery

Affected product: WampServer 3.1.4-3.1.8 Offiical description: "WampServer is a Windows web development environment. It allows you to create web applications with Apache2, PHP and a MySQL database. Alongside, PhpMyAdmin allows you to manage easily your databases." Official website:...

6.8CVSS0.3AI score0.03267EPSS
Exploits6
OpenVAS
OpenVAS
added 2018/12/21 12:0 a.m.48 views

WampServer < 3.1.5 XSS Vulnerability

WampServer is prone to an XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

6.1CVSS6.1AI score0.00647EPSS
Exploits0References1
OSV
OSV
added 2018/12/20 3:29 p.m.6 views

CVE-2018-1000848

Wampserver version prior to version 3.1.5 contains a Cross Site Scripting XSS vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later...

6.1CVSS5.8AI score0.00647EPSS
Exploits0References1
NVD
NVD
added 2018/12/20 3:29 p.m.19 views

CVE-2018-1000848

Wampserver version prior to version 3.1.5 contains a Cross Site Scripting XSS vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later...

6.1CVSS6.1AI score0.00647EPSS
Exploits0References1
Prion
Prion
added 2018/12/20 3:29 p.m.17 views

Cross site scripting

Wampserver version prior to version 3.1.5 contains a Cross Site Scripting XSS vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later...

4.3CVSS6.1AI score0.00647EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/12/20 3:0 p.m.24 views

CVE-2018-1000848

Wampserver version prior to version 3.1.5 contains a Cross Site Scripting XSS vulnerability in index.php localhost page that can result in very low. This attack appear to be exploitable via payload onmouseover. This vulnerability appears to have been fixed in 3.1.5 and later...

6.1AI score0.00647EPSS
Exploits0References1
CVE
CVE
added 2018/12/20 3:0 p.m.51 views

CVE-2018-1000848

CVE-2018-1000848 refers to a Cross Site Scripting (XSS) vulnerability in WampServer when using versions prior to 3.1.5. The issue affects the local index.php page and can be triggered by a payload via an onmouseover event, enabling potential script execution in a victim’s browser. The vulnerabili...

6.1CVSS6AI score0.00647EPSS
Exploits0References1Affected Software1
Exploit DB
Exploit DB
added 2018/06/07 12:0 a.m.31 views

WampServer 3.0.6 - Cross-Site Request Forgery

Exploit Title: WampServer 3.0.6 - Cross-Site Request Forgery Date: 2018-06-11 Exploit Author: L0RD Software Link: https://ufile.io/gpqh9 Vendor Homepage: http://www.wampserver.com/en/ Version: 3.0.6 - 64bit Tested on: Win 10 Description : An issue was discovered in WampServer 3.0.6 which allows a...

7.4AI score
Exploits0
Rows per page
Query Builder