CVE-2023-44324 ZDI-CAN-21344: Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability

Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin's password. Exploitation of this...

CVE-2020-18889

Cross Site Request Forgery CSRF vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php...

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF vulnerability in edituser.php in OSWAPP Warehouse Inventory System aka OSWA-INV through 2020-08-10 allows remote attackers to change the admin's password after an authenticated admin visits a third-party site...

D-Link DIR-300NRUB5 Firmware 1.2.94 Cross Site Request Forgery

Hello list! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DIR-300. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DIR-300NRUB5, Firmware 1.2.94. All previous versions also must be...

PHP Arena <= 1.1.3 pafiledb.php Remote Change Password Exploit

No description provided by source. !/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR: PHP Arena paFileDB 1.1.3 And 0lder Expl0it By: A l p h a P r o g r a m m e r Sirus-v Email: [email protected] + Discovered By: GulfTech + Advisory:...

Sophos Web Appliance Privilege Escalation and Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Sophos Web Appliance. Authentication is required to exploit this vulnerability. The specific flaws exist within the changepassword and netinterface functions of the web appliance. The first flaw wi...

Prozilla Topsites 1.0 - Arbitrary Edit/Add Users

--==+================================================================================+==-- --==+ Prozilla Topsites 1.0 Arbitrary Edit/Add Users Vulnerability +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 7...

projectalumni-sqlxss.txt

project-alumni sql injection & xss author : tomplixsee [email protected] -------------------------------------------------------------------------- affected software version : project alumni 1.0.9, 1.0.8, or lower?? download : https://sourceforge.net/projects/project-alumni/ vulnerability...

BK Forum <= 4.0 (member.asp) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications =============================================================== BK Forum = 4.0 member.asp Remote SQL Injection Vulnerability =============================================================== BK Forum = 4.0 Remote SQL Injection by n0m3rcy...

BK Forum 4.0 - &#039;member.asp&#039; SQL Injection

BK Forum Exploit: First you must be logged in Then type this in your browser http://www.site.com/path/member.asp?id=-1%20UNION%20SELECT%201,memName,3,4,5,6,7,8,9,10,11,memPassword,13,14,15,16%20FROM%20member+where+memID=1 You will find admin's password Shoutz: nukedx , nukedx , nukedx : , cijfer ...

simpleBlogXSS.txt

Hackers Center Security Group http://www.hackerscenter.com/ Zinho's Security Advisory Risk: High - Note from the author Simple Blog is a free weblog application intended for personal use. The latest version, 2.1, features xhtml/css template structure, rss feed, blog calendar and an easy to use...

phpStat 1.5 - &#039;setup.php&#039; Authentication Bypass

!/usr/bin/perl T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m EXPLOIT FOR - PHPStat Setup.PHP Authentication Bypass Vulnerability Exploit By : A l p h a P r o g r a m m e r Sirus-v E-Mail : [email protected] This Xpl Change Admin's Pass in This Portal !! Discovered by:...

aeNovo Database Content Disclosure Vulnerability

The problem is that the aeNovo database file "dbase/aeNovo1.mdb" by default is accessible. you can disclose the ADMIN's password . The Login Page : "logon.asp"...