Cross Site Scripting (XSS)

silverstripe/framework is vulnerable to Cross Site Scripting. The vulnerability is due to a lack of adminusername and adminpassword sanitation within the setup form...

GHSA-MQF5-275H-GF6R Silverstripe framework is vulnerable to XSS in install.php

During installation, certain parameters adminusername and adminpassword are not escaped in the setup form. This issue is resolved in 3.1.14 stable, although existing users are advised to remove this file prior to deploying to a production server...

Cross site request forgery (csrf)

Incorrect access control in formPasswordSetup in TOTOLINK A3002RU version 1.0.8 allows attackers to change the admin user's password via an unauthenticated POST request...

Advanced Matrimonial Script 2.0.3 - SQL Injection

Advanced Matrimonial Script 2.0.3 - SQL Injection Exploit Title: Advanced Matrimonial Script v2.0.3 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/advanced-matrimonial/ Demo:...

MLM Membership Plan Script 2.0.5 - SQL Injection

MLM Membership Plan Script 2.0.5 - SQL Injection Exploit Title: MLM Membership Plan Script v2.0.5 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-membership-plan-script/ Demo:...

CVE-2015-6528

Multiple cross-site scripting XSS vulnerabilities in installclassic.php in Coppermine Photo Gallery CPG 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername, 2 adminpassword, 3 adminemail, 4 dbserver, 5 dbname, 6 dbuser, 7 dbpass, 8 tableprefix, or 9 impath...

CVE-2015-5063

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter to install.php...

CVE-2015-5063

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter to install.php...

CVE-2014-9571

Cross-site scripting XSS vulnerability in admin/install.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter...

Uiga Personal Portal index.php (view) SQL Injection

No description provided by source. Exploit Title: Uiga Personal Portal index.php view SQL Injection Vulnerability Date: 27-4-2010 Author: 41.w4r10r Software Link : http://www.scriptdevelopers.net/download/uigapersonalportal.zip Version: Web Application Tested on: Apcahe/Unix CVE : if exists Dork ...

Video Games Rentals Script - SQL Injection Vulnerability

No description provided by source. Exploit Title: video games rentals Script SQL injection Vulnerability Date: 11/02/2010 Author: JaMbA Software Link: N/A Version: all version Tested on: Windows & Linux CVE : ::::::::::::::::::::::::: Exploit Title : video games rentals Script SQL injection...

ASMAX AR 1004g Authentication Bypass Vulnerability

Exploit for hardware platform in category web applications Exploit Title: ASMAX AR 1004g Authentication Bypass Date: 30.01.2013 Exploit Author: lucyoa Vendor Homepage: asmax.pl ASMAX AR 1004g is the most popular router device from asmax. ------------------- Device Info --------------------------...

Uiga Fan Club index.php SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================== Uiga Fan Club index.php SQL Injection Vulnerability ===================================================...

Uiga Personal Portal - index.php SQL Injection

Uiga Personal Portal - index.php SQL Injection ----------------------------Information------------------------------------------------ +Name : Uiga Personal Portal index.php SQL Injection +Autor : Easy Laster +Date : 28.02.2010 +Script : Uiga Personal Portal +Language :PHP +Discovered by Easy...

AJ HYPE PRIME SQL Injection

/ AJ HYPE PRIME id Remote SQL Injection Vulnerability Discovered by : MizoZ Contact : [email protected] Team : EvilWay Date : July 29 2009 Greetings : Moudi , Zuka, All friends / SQL Injection welcome.php GET : id : HOST/PATH/forum/welcome.php?id=SQL CODE SQL CODE :...

AJ HYPE ACME SQL Injection

/ AJ HYPE ACME bSQLi/SQLi Multiple Remote Vulnerabilities Discovered by : MizoZ Contact : [email protected] Date : July 29 2009 Greetings : Moudi , Zuka, All friends / SQL Injection news.php GET : id : HOST/PATH/news.php?id=SQL CODE SQL CODE :...

CRE Loaded 6.2 (products_id) SQL Injection Vulnerability

No description provided by source. +-------------------------------------+ + Homepage: http://www.creloaded.com/ + Product: CRE Loaded v6.2 + File: productinfo.php + Parameter: productid +-------------------------------------+ + SQL Injection: +...

CRE Loaded 6.2 SQL Injection

+-------------------------------------+ + Homepage: http://www.creloaded.com/ + Product: CRE Loaded v6.2 + File: productinfo.php + Parameter: productid +-------------------------------------+ + SQL Injection: +...

CRE Loaded 6.2 (products_id) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================== CRE Loaded 6.2 productsid SQL Injection Vulnerability ======================================================== +-------------------------------------+ + Homepage:...

Social Engine 3.06 - category_id SQL Injection

Social Engine 3.06 - categoryid SQL Injection ================================================================================================================== = SSSSS NN N AA K K EEEEE SSSSS TTTTTTTTT EEEEE AA MM MM = = S N N N A A K K E S T E A A M M M M = + SSSSS N N N AAAAAA KKK EEEEE SSSSS ...