CVE-2025-4313

A vulnerability, which was classified as critical, was found in SourceCodester Advanced Web Store 1.0. Affected is an unknown function of the file /admin/adminaddnewproduct.php. The manipulation of the argument txtProdId leads to sql injection. It is possible to launch the attack remotely. The...

PT-2024-28824 · Unknown · Sourcecodester Pharmacy/Medical Store Point Of Sale System

Name of the Vulnerable Software and Affected Versions: SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the na...

MAL-2024-7506 Malicious code in sap-addnew (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12f8c238be86b6eda197ccf055ce731f7f59ebb9506f2333979fb21e18f5072a The OpenSSF Package Analysis project identified 'sap-addnew' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in sap-addnew (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 12f8c238be86b6eda197ccf055ce731f7f59ebb9506f2333979fb21e18f5072a The OpenSSF Package Analysis project identified 'sap-addnew' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

PopojiCMS Cross-Site Request Forgery Vulnerability

PopojiCMS is an open source content management system CMS based on the Popoji framework. A cross-site request forgery vulnerability exists in the po-admin/route.php?mod=component&act=addnew URI in PopojiCMS v2.0.1. A remote attacker can exploit this vulnerability to perform unauthorized operation...

Cross site request forgery (csrf)

An issue was discovered in PopojiCMS v2.0.1. It has CSRF via the po-admin/route.php?mod=component&act=addnew URI, as demonstrated by adding a level=1 account...

Rix4Web Portal - Blind SQL Injection Vulnerability

No description provided by source. Exploit Title: Rix4Web Portal Remote Blind SQL Injection Vulnerability Date: 02/23/2013 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://www.rix4web.com/ Software Link:...

New Backdoor DDoS Malware Co-Existing on Gh0stRAT-Infected Machines

Gh0st RAT has a new roommate. A new backdoor called ADDNEW has been discovered on machines infected with the Gh0st remote access Trojan, adding new distributed denial of service attack capabilities, as well as a feature that targets passwords and credentials stored on the Firefox browser. Gh0st R...

linux/x86 Addnew Users 'root' /etc/passwd shell code 79 bytes

=============================================================== Linux X86 Addnew Users 'Ro0t' /etc/passwd shell code 79 bytes =============================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...

free-php.net Poll 1.0 admin login

google dork:"powered by free-php.net" poll last path add to /admin/ select poll and modify or addnew poll credits:tugr@...

CVE-2005-1284

CVE-2005-1284 affects ArGoSoft Mail Server Pro 1.8.7.6; the addnew script allows remote attackers to create arbitrary accounts via a direct HTTP POST, even when web-interface account creation is disabled. This is a network‑level issue with CVSS2 base score 7.5 (HIGH). No exploit details or remedi...

CVE-2005-1284

The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request...