CVE-2024-5369

A vulnerability was found in Kashipara College Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file submitadmin.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be launched...

CVE-2023-6904 Jahastech NxFilter config,admin.jsp cross-site request forgery

A vulnerability classified as problematic was found in Jahastech NxFilter 4.3.2.5. This vulnerability affects unknown code of the file /config,admin.jsp. The manipulation of the argument adminname leads to cross-site request forgery. The attack can be initiated remotely. VDB-248266 is the...

NxFilter Cross-Site Request Forgery Vulnerability

NxFilter is a lightweight DNS filter from NxFilter, Inc. A cross-site request forgery vulnerability exists in NxFilter version 4.3.2.5, which stems from the parameter adminname in the file /config,admin.jsp that can lead to cross-site request forgery...

Iwebsns最新版SQL注入第十枚

简要描述： Iwebsns最新版SQL注入第十枚 详细说明： 在wooyun上看到雨牛提了5个iwebsns的漏洞了（ WooYun: Iwebsns sql 第五枚。 ），我来捡捡漏儿吧，已对比，不重复，下载Iwebsns最新的1.1.0来看看。 为了使审核的大大们容易确认是否有重复，我先把存在漏洞的文件和注入参数分别写在这里：/action/share/share.action.php stype 下面看看漏洞是怎么产生的 /action/share/share.action.php 无关代码 $userid=getsessuserid;...

Iwebsns最新版SQL注入第一枚

简要描述： Iwebsns最新版SQL注入第一枚 详细说明： 在wooyun上看到雨牛提了5个iwebsns的漏洞了（ WooYun: Iwebsns sql 第五枚。 ），我来捡捡漏儿吧，已对比，不重复，下载Iwebsns最新的1.1.0来看看。 为了使审核的大大们容易确认是否有重复，我先把存在漏洞的文件和注入参数分别写在这里：/action/album/photouplflash.action.php sesscode 下面看看漏洞是怎么产生的/action/album/photouplflash.action.php 无关代码 //变量定义区...

Video Games Rentals Script - SQL Injection Vulnerability

No description provided by source. Exploit Title: video games rentals Script SQL injection Vulnerability Date: 11/02/2010 Author: JaMbA Software Link: N/A Version: all version Tested on: Windows & Linux CVE : ::::::::::::::::::::::::: Exploit Title : video games rentals Script SQL injection...

Uiga Personal Portal index.php (view) SQL Injection

No description provided by source. Exploit Title: Uiga Personal Portal index.php view SQL Injection Vulnerability Date: 27-4-2010 Author: 41.w4r10r Software Link : http://www.scriptdevelopers.net/download/uigapersonalportal.zip Version: Web Application Tested on: Apcahe/Unix CVE : if exists Dork ...

Feifei television system(PHP) v1. 9 injection vulnerability and fix-vulnerability warning-the black bar safety net

Method of use: http://www.xxxx.com /? s=vod-read-id-1%20and%2 0 1=2%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat0x40,adminid,0x40,adminname,0x40,adminpwd,0x40,2 8,29%20from%20ppadmin--.html And then broke account password,back to their own guess...

Pico overseas game currency leveling system 0day-vulnerability warning-the black bar safety net

漏洞 文件 :index.php code......） hhadmin/up.php an arbitrary upload vulnerability Default background address:hhadmin exp http://hack58.com/index.php?mainpage=buyitems&gid=-10 union select 1,adminname from yuadmin/qing http://hack58.com/index.php?mainpage=buyitems&gid=-10 union select 1,adminpwd from...

Uiga Personal Portal - index.php SQL Injection

Uiga Personal Portal - index.php SQL Injection ----------------------------Information------------------------------------------------ +Name : Uiga Personal Portal index.php SQL Injection +Autor : Easy Laster +Date : 28.02.2010 +Script : Uiga Personal Portal +Language :PHP +Discovered by Easy...

Uiga Fan Club index.php SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================== Uiga Fan Club index.php SQL Injection Vulnerability ===================================================...

Softbiz Auktios Script - Multiple SQL Injections

Softbiz Auktios Script - Multiple SQL Injections ----------------------------Information------------------------------------------------ +Name : softbiz auktios script sql injection viewitems.php +Autor : Easy Laster +Date : 24.02.2010 +Script : softbiz auktios script +Download : ----- +Demo :...

DZOIC Handshakes - Authentication Bypass

DZOIC Handshakes - Authentication Bypass ? ?????????????????????????In The Name Of Allah The Mercifull?????????????????????? ? Tybe: DZOIC Handshakes suffer from auth bypass remote sql injection Vendor: www.dzoic.com ? Software: DZOIC Handshakes - ? author: R3d-D3v!L ? TEAM: ArAB!AN !NFORMAT!ON...

Realty Web-Base 1.0 - Authentication Bypass

--------------------------------------------------------------- ------------------------------------------------------------ Realty Web-Base v1.0 Auth bypass SQL Injection Vulnerability --------------------------------------------------------------- Founder : ThE g0bL!N Home:WwW.h4ckF0u.CoM...

faqmanager-sql.txt

+---------------------------------------------------------------------------------------+ | | | FAQ Manager 1.2 categorie.php catid Remote SQL Injection Vulnerability | | Bug found by cOndemned | | | | Script site : http://www.4yoursite.nl/scriptfaqmanager.php | | | | Greetz: ZaBeaTy, str0ke,...

PozScripts Classified Ads Script (cid) SQL Injection Vulnerability

No description provided by source. || | | Classified Ads cid Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | script :...

PozScripts Classified Ads Script - cid SQL Injection

PozScripts Classified Ads Script - cid SQL Injection || | | Classified Ads cid Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | script :...

Softbiz Auctions Script - product_desc.php SQL Injection

Softbiz Auctions Script - productdesc.php SQL Injection Softbiz Auctions Script Sql Injection BY IRCRASH AUTHOR : IRCRASH Dr.Crash Script Download : http://www.softbizscripts.com/ Google Dork : "Starting bid" "Powered by SoftbizScripts" Injection Adress : http://sitename/productdesc.php?id= SQL...

CVE-2004-2023

SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the 1 adminname or 2 adminpass parameters...