EUVD-2026-25133

IBM Guardium Data Protection 12.1 is vulnerable to stored cross-site scripting. This vulnerability allows an administrative user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Lynx Twonky Server 安全漏洞

Lynx Twonky Server is a DLNA/UPnP media server from Lynx USA. A security vulnerability exists in Lynx Twonky Server version 8.5.2, which stems from an access control flaw that could lead to log file disclosure and administrator credential disclosure...

CVE-2021-41297

CVE-2021-41297 affects ECOA BAS controller family (building automation controllers) and is due to a weak access-control mechanism that can allow an authenticated user to obtain administrative credentials in clear text, enabling remote privilege escalation. The vulnerability is documented across m...

CVE-2020-14429

Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before...

CVE-2018-6885

The CVE-2018-6885 entry describes an unauthenticated path-traversal vulnerability in MicroStrategy Web Services (the Microsoft Office plugin) prior to 10.4 Hotfix 7 and prior to 10.11. The vulnerability (in a SOAP request within the web service component) allows access to asset files using MicroS...

Intuit QuickBooks Desktop 2017 Credential Disclosure

Credits: Maxim Tomashevich + Website: https://www.thegrideon.com/quickbooks-forensics.html + Details: https://www.thegrideon.com/qb-internals-2017.html Vendor: --------------------- www.intuit.com www.intuit.ca Product: --------------------- QuickBooks Desktop versions: 2017 Vulnerability Type:...

LifeType <= 1.0.4 - SQL Injection / Admin Credentials Disclosure Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo LifeType = 1.0.4r3270 SQL injection / admin credentials disclosure\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo dork: \Powered by LifeType\ \RSS 0.90\ \RSS 1.0\ \RSS 2.0...

LoudBlog <= 0.5 (id) SQL Injection / Admin Credentials Disclosure

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo LoudBlog = 0.5 'id' SQL injection / admin credentials disclosure\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo a dork: \Powered by LoudBlog\r\n\r\n; / works regardless of...

ECShop2. 5. x&2.6. x injection exploit-vulnerability warning-the black bar safety net

ECShop2. 5. x&2.6. x goodsscript.php no initialization SQL, leading to injection vulnerabilities Effect 2. 5. x and 2. 6. x,other versions not tested goodsscript. php44 line:injection / admin credentials disclosure exploit if emptyempty$GET'type' ... elseif $GET'type' == 'collection' ... $sql .=...

Phpcms2007 (wenba)blind SQL injection / admin credentials disclosure exploit

No description provided by source. ? printr' -------------------------------------------------------------------------------- Phpcms2007 wenbablind SQL injection / admin credentials disclosure exploit BY oldjunS.U.S -------------------------------------------------------------------------------- ...

PHPCMS2007 SP6 vote模块SQL注射漏洞

vote/vote.php // 22行 $optionids = isarray$op ? implode',',$op : $op; ... $db-query"UPDATE ".TABLEVOTEOPTION." SET number = number+1 WHERE optionid IN $optionids "; PHPCMS2007 SP6 暂无 !/usr/bin/php ?php printr' +---------------------------------------------------------------------------+ Phpcms 200...

ATutor多个SQL注入漏洞

ATutor是一款基于PHP的WEB应用程序。 ATutor不正确处理用户提交的WEB数据，远程攻击者可以利用漏洞进行SQL注入获得敏感信息。 问题存在于'index.php'脚本中，由于对用户提交的URI参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 ATutor ATutor 1.5.3 ATutor ATutor 1.5.3 ATutor ATutor 1.5.1 pl2 ATutor ATutor 1.5.1 pl1 ATutor ATutor 1.5.1 ATutor ATutor 1.4.3 ATutor ATutor 1.4.2...

ContentNow 1.39 (pageid) Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ===================================================== ContentNow 1.39 pageid Remote SQL Injection Exploit ===================================================== !/usr/bin/perl -w use IO::Socket; use strict; ContentNow "pageid" Sql Injection...

Etomite CMS 0.6.1 - &#039;Username&#039; SQL Injection (mq = off)

!/usr/bin/php -q -d shortopentag=on ? echo "Etomite CMS = 0.6.1 all patches applied 'username' SQL injection / admin credentials disclosure\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "google dork: "Content managed by the Etomite Content...

LoudBlog &lt;= 0.5 (id) SQL Injection / Admin Credentials Disclosure

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "LoudBlog = 0.5 'id' SQL injection / admin credentials disclosure\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "a dork: "Powered by LoudBlog"\r\n\r\n"; / works...

LoudBlog 0.5 - SQL Injection Admin Credentials Disclosure

LoudBlog 0.5 - SQL Injection Admin Credentials Disclosure !/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n...

LoudBlog 0.5 - SQL Injection / Admin Credentials Disclosure

!/usr/bin/php -q -d shortopentag=on 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex =...

LoudBlog <= 0.5 (id) SQL Injection / Admin Credentials Disclosure

Exploit for unknown platform in category web applications ================================================================= LoudBlog 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; els...

PAPOO 3_RC3 - SQL Injection / Admin Credentials Disclosure

!/usr/bin/php -q -d shortopentag=on ? echo "PAPOO = 3RC3 SQL injection / admin credentials disclosure\n"; echo "by rgod [email protected]\n"; echo "site: http://retrogod.altervista.org\n"; echo "dork: "Help Contact Imprint Sitemap" | "powered by papoo" | "powered by cms papoo"\n\n"; / notes:...

Jaws-0.6.2.txt

!/usr/bin/php -q -d shortopentag=on ? echo "Jaws = 0.6.2 'Search gadget' SQL injection / admin credentials disclosure\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: "powered by jaws" | "powered by the jaws project" |...