CVE-2021-32103

OpenEMR CVE-2021-32103 is a Stored XSS affecting the interface/usergroup/usergroup_admin.php path in OpenEMR versions prior to 5.0.2.1. An admin-authenticated user could inject arbitrary script/HTML via the lname parameter. The vulnerability arises from improper handling of input in the admin use...

Sourcecodester Simple College Website SQL Injection Vulnerability (CNVD-2021-95934)

Sourcecodester Simple College Website is a content management system from Sourcecodester. Sourcecodester Simple College Website suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based applications, which can be exploit...

CVE-2020-28172

A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in collegewebsite/admin/ajax.php?action=login, thus gaining access to the website administrative panel...

Sql injection

A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers to bypass the admin authentication mechanism in collegewebsite/admin/ajax.php?action=login, thus gaining access to the website administrative panel...

CVE-2021-1383

Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in LOGITEC LAN-W300N/PR5B allows remote attackers to hijack the authentication of administrators via a specially crafted URL. As a result, unintended operations to the device such as changes of the device settings may be conducted...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in ELECOM NCC-EWF100RMWH2 allows remote attackers to hijack the authentication of administrators and execute an arbitrary request via unspecified vector. As a result, the device settings may be altered and/or telnet daemon may be started...

CVE-2021-20641

CVE-2021-20641 is a CSRF vulnerability in LOGITEC LAN-W300N/RS that lets an attacker spoof an admin session and perform unintended device changes via a crafted URL. Public sources describe the impact as affecting administrative web access, enabling authentication hijacking and potentially changin...

Online Reviewer System 1.0 SQL Injection

Exploit Title: Online Reviewer System PHPPDO - Admin Authentication Bypass Exploit Author: Richard Jones Date: 2021-01-31 Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...

Online Movie Streaming 1.0 - Admin Authentication Bypass

Exploit Title: Online Movie Streaming 1.0 - Admin Authentication Bypass Exploit Author: Richard Jones Date: 2021-01-13 Vendor Homepage: https://www.sourcecodester.com/php/14640/online-movie-streaming-php-full-source-code.html Software Link:...

Online Movie Streaming 1.0 SQL Injection

Exploit Title: Online Movie Streaming 1.0 - Admin Authentication Bypass Exploit Author: Richard Jones Date: 2021-01-13 Vendor Homepage: https://www.sourcecodester.com/php/14640/online-movie-streaming-php-full-source-code.html Software Link:...

Online Hotel Reservation 1.0 SQL Injection

Exploit Title: Online Hotel Reservation 1.0 - Admin Authentication Bypass Exploit Author: Richard Jones Note: Shout out to boku Bobby Cooke for helping me get started on 0day's!! Date: 2021-01-13 Vendor Homepage:...

Online Hotel Reservation System 1.0 - Admin Authentication Bypass

Exploit Title: Online Hotel Reservation System 1.0 - Admin Authentication Bypass Exploit Author: Richard Jones Date: 2021-01-13 Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...

CVE-2020-28071

SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting XSS in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS...

Cross site scripting

SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting XSS in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS...

CVE-2020-28071

SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting XSS in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS...

CVE-2020-35656

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files to upload a .php file. NOTE: this is unrelated to the JAWS aka Job...

CVE-2020-5641

Cross-site request forgery CSRF vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors...

Netgear Gs108ev3 跨站请求伪造漏洞

The GS108Ev3 is an 8-port Gigabit Simple Managed Switch from NETGEAR. A cross-site request forgery vulnerability exists in the NETGEAR GS108Ev3 2.06.10 and earlier firmware versions, which can be exploited by a remote attacker to hijack an administrator's authentication and change the product's...

CVE-2020-26083

CVE-2020-26083 affects Cisco Identity Services Engine (ISE) via the web-based management interface. The flaw is an XSS vulnerability caused by improper validation of user-supplied input in specific pages, allowing an authenticated attacker with administrative credentials to inject and execute scr...