EUVD-2006-7083

Malware in sbrugna...

PT-2025-3096 · Unknown · Wukongcrm-11.0-Java

Name of the Vulnerable Software and Affected Versions: WukongCRM-11.0-JAVA version 11.3.3 Description: An arbitrary file upload vulnerability in the component /adminUser/updateImg allows attackers to execute arbitrary code via uploading a crafted file. This issue enables attackers to potentially...

CVE-2022-28496

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

Command injection

TOTOLink outdoor CPE CP900 V6.3c.566B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

TOTOLINK CP900 命令注入漏洞

The TOTOLINK CP900 is a wireless router from China-based TOTOLINK. A security vulnerability exists in the TOTOLINK CP900 due to a command injection issue in the adminuser and adminpassparameter parameters of the setPasswordCfg function...

PT-2023-12948 · Totolink · Totolink Outdoor Cpe Cp900

Name of the Vulnerable Software and Affected Versions: TOTOLink outdoor CPE CP900 version 6.3c.566 B20171026 Description: The issue concerns a command injection vulnerability in the setPasswordCfg function, which can be exploited via the adminuser and adminpass parameters. This allows attackers t...

Cross site request forgery (csrf)

CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add...

CVE-2019-7569

An issue was discovered in DOYO aka doyocms 2.320140425 update. There is a CSRF vulnerability that can add a super administrator account via admin.php?c=aadminuser&a=add&run=1...

Viral Pictures And Video Script 2.0.0 SQL Injection

Exploit Title: Flippy HotViral a Viral Pictures and Video Script v2.0.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy: https://www.flippyscripts.com/flippy-hotviral-viral-funny-pictures-and-video-script/ Demo:...

Ultimate Viral Media Script 1.0 - id SQL Injection

Ultimate Viral Media Script 1.0 - id SQL Injection Exploit Title: Flippy eXtremeViral – Ultimate Viral Media Script v1.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy:...

template creature (sql/dd) Multiple Vulnerabilities

No description provided by source. ASP Template Creature DD/SQL Multiple Remote Vuln. ---------------------------------------------------------- Discovered By: ZoRLu msn: [email protected] Home: www.z0rlu.blogspot.com N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA :...

Wordpress Cart66 Plugin 1.5.1.14 - Multiple Vulnerabilities

Exploit for php platform in category web applications Vulnerabilities: 1 CSRF 2 XSS Stored VULNERABILITY 1 CSRF Page affected: http://victimsite/wordpress/wp-admin/admin.php?page=cart66-products If the Wordpress admin were logged in and clicked on a link hosting code similar to the one in the PoC...

ESPCMS background login bypass bug-vulnerability warning-the black bar safety net

After a lapse of long time,children's shoes successively sent through the CMS vulnerabilities, today generally see, the problem there is that official or has been repaired loopholes. The problem is in the background files of adminsoft\control\adminuser. php file Code The problem is in the functio...

ESPCMS background login bypass vulnerability reference EXP-vulnerability warning-the black bar safety net

After a lapse of long time,children's shoes successively sent through the CMS vulnerabilities, today generally see, the problem there is that official or has been repaired loopholes. The problem is in the background files of adminsoft\control\adminuser. php file Code The problem is in the functio...

Amoy Empire system background cookie spoofing vulnerability and the background to get shell-vulnerability warning-the black bar safety net

The accidental discovery of Amoy Empire free version of the background can be a cookie trick Tools: the Veteran's cookies'cheat tool Keywords: classification - Mall - brand - woman - man - beauty - shoes and bags - digital - home - food First open the tool the cookie to COOKIEadminuser=admin;...

CVE-2012-4730

Request Tracker RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors...

Zhuo Xun intelligent site management system EmteEasySite vulnerability 0day-vulnerability warning-the black bar safety net

| Zhuo Xun intelligent site management system ,official website:http://www. emte. com. cn/ Google:technical support:Zhuo information technology the default background:/main/login. asp //directly into the backstage to see the copyright is not EmteEasy system Exploit:the default address database ca...

ewebeditor php&asp版本后台跳过认证漏洞

eWebEditor是一个所见即所得的在线编辑器。顾名思义，就是能在网络上使用所见即所得的编辑方式进行编辑图文并茂的文章、新闻、讨论贴、通告、记事等多种文字处理应用。 ../ewebeditor/admin/config.php文件 用户认证方式存在严重的安全漏洞，可以直接跳过认证获取到管理员权限。 php v3.8 asp v2.8 暂无 请参考官方补丁 首先当然要找到登陆后台,默认是../eWebEditor/admin/login.php,进入后台后随便输入一个用户和密码,当然会提示出错了. 这时候你清空浏览器的url,然后输入...

webscene-sql.txt

Webscene eCommerce level Remote Sql Injection vendor : http://www.webscenesolutions.com/ecommerce-shopping-websites-edinburgh.htm Bug Found By :Angela Chang 14-10-2008 contact: angelatch4ng.cc Greetz: nyubi & Vrs-Chk vuln file : productlist.php Input passed to the "level" is not properly verified...

Webscene eCommerce - productlist.php SQL Injection

Webscene eCommerce - productlist.php SQL Injection source: https://www.securityfocus.com/bid/31755/info Webscene eCommerce is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. A successful exploit may allow an attacker to compromise the...