12 matches found
BaoTa SQL注入漏洞
BaoTa is a Linux Ops panel by an individual developer at aapanel.com. A SQL injection vulnerability exists in BaoTa version 11.1.0 and earlier, which stems from incorrect manipulation of the parameter Name in the file /database?action=GetDatabaseAccess, which could lead to a SQL injection attack...
EUVD-2020-3359
Malware in sbrugna...
CVE-2025-52046
Totolink A3300R V17.0.0cu.596B20250515 was found to contain a command injection vulnerability in the sub4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request...
PT-2025-17583 · Labvantage · Labvantage
Name of the Vulnerable Software and Affected Versions: LabVantage versions prior to 8.8.0.13 HF6 Description: The issue allows local file inclusion, enabling authenticated users to retrieve arbitrary files from the environment. This is achieved via the objectname request parameter. Recommendation...
PT-2024-14504 · Examsys · Examsys
Name of the Vulnerable Software and Affected Versions: ExamSys version 9150244 Description: The issue allows SQL Injection via the "/Support/action/Pages.php" endpoint, specifically through the s score2 parameter. This enables potential attackers to inject malicious SQL code, which could lead to...
SQL Injection
Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to SQL Injection via the mcprojectgetusers function. An attacker can manipulate SQL queries and access or alter database information without proper authorization by injecting malicious SQL command...
MantisBT SQL Injection via mc_project_get_users function
In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mcprojectgetusers function through the API SOAP...
Gryphon Tower 跨站脚本漏洞
A cross-site scripting vulnerability exists in Gryphon Tower, a wireless router from Gryphon. The vulnerability stems from a lack of user-supplied data and output data validation filtering in the url parameter of cgi-bin/luci/siteaccess/, which can be exploited to execute client-side JavaScript...
Mantis Bug Tracker 2.24.3 SQL Injection
Exploit Title: Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Date: 30/12/2020 Exploit Author: EthicalHCOP Vendor Homepage: https://www.mantisbt.org/ Version: 2.24.3 CVE: CVE-2020-28413 import requests, sys, time from lxml import etree proxies = "http": "http://127.0.0.1:8080", "https":...
MantisBT SQL Injection Vulnerability (CNVD-2021-01533)
MantisBT is a lightweight, free and open source, web-based defect tracking system. A SQL injection vulnerability exists in the "access" parameter of the mcprojectgetusers function in MantisBT 2.24.3. An attacker can exploit this vulnerability via API SOAP to conduct SQL injection attacks...
The vulnerability of the Mac OS X operating system allows a hacker to arbitrarily change user passwords.
The vulnerability of the Apple ID OD plugin for the Mac OS X operating system is related to the management of access parameters. Exploiting this vulnerability allows a malicious actor to arbitrarily change user passwords using the created application...
Flash Player (Flash6.ocx) Denial Of Service
PARAM NAME="AllowScriptAccess"...