9 matches found
CVE-2025-58589 Information Disclosure Through Stacktrace
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application...
The vulnerability of the Templates sub-component of Oracle Application Technology, a system for automating business processes in enterprises, allows attackers to gain access to confidential information.
The vulnerability of the Templates sub-component in Oracle Application Technology, a system for automating business operations in enterprises, related to insufficient protection of operational data. Exploiting this vulnerability could allow unauthorized actors to gain access to confidential...
Best pos Management System v1.0 - SQL Injection Vulnerability
Exploit Title: Best pos Management System v1.0 - SQL Injection Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link: https://www.sourcecodester.com/sites/default/files/download/mayurik/kruxton.zip Version:...
Command Execution Vulnerability in Zero Degrees of Space at Jiangyin Leader Information Technology Co.
Jiangyin Leader Information Technology Co., Ltd. was founded in 2006 by visiting scholars from the University of Copenhagen, Denmark, is a high-tech enterprise specializing in the development of application management software and Internet application technology development. Jiangyin City Leader...
User Management System 1.0 - 'uid' SQL Injection
Exploit Title: User Management System 1.0 - 'uid' SQL Injection Google Dork: N/A Date: 29/1/2021 Exploit Author: Zeyad Azima Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-management-system-in-php-using-stored-procedure/ Version: V1 Tested on: Windows Identify...
OLX: SQL Injection https://www.olx.co.id
I found the SQL Injection security hole on the website https://www.olx.co.id, this is a critical finding. here is the POC from the findings that I got Affectect:https://www.olx.co.id/ajax/buybundle/getbundle/ POC: Request DATA POST /ajax/buybundle/getbundle/ HTTP/1.1 Host: www.olx.co.id User-Agen...
Symphony CMS 2.6.3 - Multiple SQL Injections
Symphony CMS 2.6.3 - Multiple SQL Injections ================================================================ Symphony CMS 2.6.3 – Multiple SQL Injection Vulnerabilities ================================================================ Information...
WordPress GigPress 2.3.8 SQL Injection Vulnerability
WordPress GigPress plugin version 2.3.8 suffers from a remote SQL injection vulnerability. Title: SQLi vulnerabilities in WordPress plugin "GigPress" Author: Adrián M. F. - adrimf85atgmaildotcom Date: 2015-05-25 Vendor Homepage: https://wordpress.org/plugins/gigpress/ Active installs: 20,000+...
Coremail官网SQL注入可读全库
简要描述: coremail官网存在注入,有防护,可绕过。 详细说明: 漏洞地址:http://www.coremail.cn/gjzc2/list117.aspx?lcid=412 漏洞证明: 有防护,直接用sqlmap加个tamper=chardoubleencode.py可以跑出来。 这个是sqlmap用的payload: Place: GET Parameter: lcid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: lcid=412 AND...