PHPTPoint Pharmacy Management System 1.0 - username SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title: phptpoint Pharmacy Management System 1.0 - 'username' SQL injection Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link:...

CVE-2018-17023

Summary (CVE-2018-17023) The issue affects the ASUS GT-AC5300 router family, with firmware up to 3.0.0.4.384_32738. A cross-site request forgery (CSRF) vulnerability could allow an attacker to hijack administrator authentication and perform password-change actions via a request to start_apply.htm...

Hanno's projects: Reflected Cross-Site Scripting in Serendipity (serendipity.SetCookie)

Summary The Smarty template responsible of creating JavaScript snippets assigning cookies to users is during sorting of entries in the administration interface is affected by a reflected cross-site scripting. Description In templates/2k11/admin/entries.inc.tpl, the following code is dynamically...

CVE-2018-8925

Cross-site request forgery CSRF vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the 1 username, 2 password, 3 admin, 4 action, 5 uid, or 6 modifyadmin parameter...

CVE-2018-8925

Cross-site request forgery CSRF vulnerability in admin/user.php in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote attackers to hijack the authentication of administrators via the 1 username, 2 password, 3 admin, 4 action, 5 uid, or 6 modifyadmin parameter...

CVE-2018-8925

Synology Photo Station is affected by a CSRF in admin/user.php. The vulnerability exists in versions prior to 6.8.5-3471 and prior to 6.3-2975, allowing remote attackers to hijack administrator authentication via several parameters (username, password, admin, action, uid, modify_admin). The issue...

Interspire Email Marketer Administrative Authentication Bypass

''' Exploit Title: Interspire Email Marketer - Remote Admin Authentication Bypass Google Dork: intitle:"Control Panel" + emailmarketer Date: 4-22-18 Exploit Author: devcoinfet Vendor Homepage: www.interspire.com/emailmarketer Software Link: Can't legally provide link but can be found on net...

Interspire Email Marketer 6.1.6 - Remote Admin Authentication Bypass

Interspire Email Marketer 6.1.6 - Remote Admin Authentication Bypass ''' Exploit Title: Interspire Email Marketer - Remote Admin Authentication Bypass Google Dork: intitle:"Control Panel" + emailmarketer Date: 4-22-18 Exploit Author: devcoinfet Vendor Homepage: www.interspire.com/emailmarketer...

LifeSize ClearSea 3.1.4 - Directory Traversal

LifeSize ClearSea 3.1.4 - Directory Traversal ''' Tittle: LifeSize ClearSea 3.1.4 Directory Traversal Vulnerabilities Author: rsp3ar Impact: Remote Code Execution Post-Authentication Recommendation: Use strong password for default 'admin' user and secure management access to the device. Please...

Path traversal

Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password...

CubeCart 6.1.12 - Admin Authentication Bypass

I Forgot My Password! Both vulnerabilities are exploitable through CubeCarts "I forgot my Password!" functionality. It is implemented in the file classes/cubecart.class.php, in the method recovery. When a user forgot his password, he can use this feature to enter his email address, a valid passwo...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email...

CVE-2018-5689

Cross-site scripting XSS vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email...

CVE-2018-5689

Cross-site scripting XSS vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email...

CVE-2017-17746

Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any user on a NAT network with an authenticated administrator to access the device without entering user credentials. The authentication record is stored on the device; thus if an administrator authenticates from a NAT network, the...

CVE-2017-17777

Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter...

CVE-2017-7341

An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 linkname, 2 url, or 3 title parameter in an add action to linksmanage.php...

CVE-2017-11455

diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack the authentication of administrators for requests to start tcpdump, related to the lack of anti-CS...

CVE-2015-3655

Aruba Networks ClearPass Policy Manager is affected by a CSRF vulnerability (CVE-2015-3655) in versions prior to 6.4.7 and 6.5.x prior to 6.5.2. The flaw allows remote attackers to hijack administrator authentication due to improper enforcement of the anti-CSRF token. According to CVSS v3.1, the ...