Simple Blog PHP 2.0 - SQL Injection

===================================================== Simple Blog PHP 2.0 - SQL Injection ===================================================== Vendor Homepage: http://simpleblogphp.com/ Date: 13 Oct 2016 Demo Link : http://simpleblogphp.com/blog/admin.php Version : 2.0 Platform : WebApp - PHP...

PHP Press Release Cross-Site Request Forgery Vulnerability

PHP Press Release is a software that allows you to manage your organization's press releases via the web, and the public can access recent releases via the web. A cross-site request forgery vulnerability exists in the administration.php page of PHP Press Release, which can be exploited by an...

WordPress Plugin W3 Total Cache 'admin.php' Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. w3 Total Cache is one of the blog optimization plug-ins. A cross-site scripting vulnerability exists in the WordPress plugin W3 Total Cache 'admin.php' 0.9.4.1 and earlier. An attacker can...

Modoer review system admin.php cross-site script execution vulnerability

Modoer review system a professional review website system, a variety of industry reviews, you can freely regulate the type of review project. Modoer system version 20150505 cross-site scripting vulnerability exists in the background, due to the failure to limit the act parameters when loading...

WordPress WP-DownloadManager Plugin 1.68.1 arbitrary file upload vulnerability

Vulnerability file: download-add.php Vulnerability code: if ! empty $POST'do' checkadminreferer'wp-downloadmanageradd-file'; // Decide What To Do switch $POST'do' // Add File case 'Add File', 'wp-downloadmanager': $filetype = ! empty $POST'filetype' ? intval $POST'filetype' : 0; switch$filetype...

WordPress Levo-Slideshow 2.3 Shell Upload

Document Title: =============== Wordpress Levo-Slideshow 2.3 - Arbitrary File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1854 Release Date: ============= 2016-06-07 Vulnerability Laboratory ID VL-ID:...

Xoops 2.5.7.2 - Cross-Site Request Forgery (Arbitrary User Deletions)

Exploit for php platform in category web applications var c=-1 var amttodelete=100 var id=document.getElementById"ids" var frm=document.getElementById"CSRF" function doit c++ arguments1.valu...

conference.wcaworld.com XSS vulnerability

Vulnerable URL: http://conference.wcaworld.com/WCAprojects2013/register/admin.php?MSG=%22%3E%3Csvg/onload=confirm%28/xssposed/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

destoon v6版 admin.php csrf 漏洞

No description provided by source...

OpenSolution Quick.Cart 'admin.php' Cross-Site Request Forgery Vulnerability

OpenSolution Quick.Cart is a PHP-based open source e-commerce software from OpenSolution Poland. The software supports engine optimization , module extensions and so on. OpenSolution Quick.Cart version 6.6 and cross-site request forgery vulnerability. An attacker can exploit the vulnerability to...

Sql injection

Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 searchcolumn or 2 switch parameter...

CVE-2015-7791

Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 searchcolumn or 2 switch parameter...

CVE-2015-7791

CVE-2015-7791 is an SQL injection vulnerability in the Welcart e-Commerce WordPress plugin (admin.php) caused by improper handling of search[column] and switch parameters. Exploitation allows remote, authenticated users to execute arbitrary SQL commands on affected sites. Affected versions are We...

Ovidentia bulletindoc Module 2.9 - Multiple Remote File Inclusions

Title: Ovidentia Module bulletindoc 2.9 Multiple Remote File Inclusion Vulnerabilities Author: bd0rk eMail: bd0rkathackermail.com Twitter: twitter.com/bd0rk Tested on: Ubuntu-Linux Download:...

POLLSolved 1.5.2 SQL Injection / Authentication Bypass

Exploit Title : POLLSolved Authentication Bypass Exploit Author : Persian Hack Team Vendor Homepage : http://www.usolved.net/ Google Dork : intitle:POLLSolved Date: 2015/11/12 Version : v1.5.2 PoC: To bypass the login page enter '=' 'or' for username and password input. Login And Add Your Poll D:...

Quick.Cart 6.6 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Quick.Cart 6.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/07/2015 Disclosed to public: 10/07/2015 Release mode:...

mcGallery 'lang' Parameter Multiple Cross Site Scripting Vulnerabilities

背景： PhpForums.net mcGallery是一款网站图片管理脚本工具。 类型： xss 影响： 可注入任意web脚本或HTML 分析： PhpForums.net mcGallery 1.1版本中存在多个跨站脚本攻击漏洞。远程攻击者可以借助对 1admin.php, 2index.php, 3sess.php, 4stats.php, 5detail.php, 6resize.php, 7show.php的lang参数，注入任意web脚本或HTML。...

Nibbleblog 4.0.3 admin.php CSRF

No description provided by source. this." document.getElementById"myForm".submit;...

WDS CMS /wds_news/article.php SQL注入

Exploit : http:// Target/wdsnews/article.php?ID=-1+union+select+1,groupconcatusername,0x3a,password,3,4,5,6,7,8,9,10+from+cmsadmin-- Upload Shell : http://Target/wdsnews/admin.php?mode=listfile Shell Path : http://Target/wdsnews/filer/shell.php...

Cross site scripting

Cross-site scripting XSS vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified input to admin.php...