4673 matches found
ClipBucket <= 4.0.0 Multiple Vulnerabilities
ClipBucket is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oxygenz:clipbucket"; if...
WP Fastest Cache <= 0.8.7.4 - Blind SQL Injection
Improper escaping of user input when deleting the cache of specific pages leads to SQL injection vulnerability. escsql was used on input but the result was used unquoted in the constructed SQL query. Send GET request to "URL/wp-admin/admin-ajax.php?action=wpfcclearcachecolumn&id=1 PAYLOAD"...
Navarino Infinity Blind SQL Injection / Session Fixation
There is also a blog post about that on: https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3 Vulnerability Security Advisory ======================================================================= title: Multiple vulnerabilities product: All Navarino infinity products...
UserSpice 4.3 - Blind SQL Injection Exploit
Exploit for php platform in category web applications !/usr/env/python """ Application UserSpice PHP user management Vulnerability UserSpice = 4.3 Blind SQL Injection exploit URL https://userspice.com Date 1.2.2018 Author Dolev Farhi About the App: What makes userspice different from almost any...
UserSpice 4.3 - Blind SQL Injection
!/usr/env/python """ Application UserSpice PHP user management Vulnerability UserSpice = 4.3 Blind SQL Injection exploit URL https://userspice.com Date 1.2.2018 Author Dolev Farhi About the App: What makes userspice different from almost any other PHP User Management Framework is that it has been...
UserSpice 4.3 Blind SQL Injection
!/usr/env/python """ Application UserSpice PHP user management Vulnerability UserSpice = 4.3 Blind SQL Injection exploit URL https://userspice.com Date 1.2.2018 Author Dolev Farhi About the App: What makes userspice different from almost any other PHP User Management Framework is that it has been...
UserSpice 4.3 - Blind SQL Injection
UserSpice 4.3 - Blind SQL Injection !/usr/env/python """ Application UserSpice PHP user management Vulnerability UserSpice = 4.3 Blind SQL Injection exploit URL https://userspice.com Date 1.2.2018 Author Dolev Farhi About the App: What makes userspice different from almost any other PHP User...
ManageEngine OpManager / Applications Manager / IT360 -FailOverServlet Multiple Vulnerability
Exploit for multiple platform in category web applications Multiple vulnerabilities in FailOverServlet in ManageEngine OpManager, Applications Manager and IT360 Discovered by Pedro Ribeiro email protected, Agile Information Security...
ManageEngine OpManager / Social IT Plus / IT360 - Multiple Vulnerabilities
Exploit for multiple platform in category web applications Multiple vulnerabilities in ManageEngine OpManager, Social IT Plus and IT360 Discovered by Pedro Ribeiro email protected, Agile Information Security ========================================================================== Disclosure:...
CVE-2017-15546
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database...
Pornhub: Blind SQL injection in Hall of Fap
Summary: There is a blind SQL injection vulnerability in GET parameter topsort in page https://www.tube8.fr/ajax-hof/. Description: SQL functions can be injected into the SQL query. Using the sleep function, which makes the database sleep, we can notice the injection. PoC The following request wi...
Basic B2B Script SQL Injection
Exploit Title: Basic B2B Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/nC3F4570353/php-scripts/basic-b2b-script Demo: http://readymadeb2bscript.com/product/entrepreneur/ Version: N/A Category...
FS Amazon Clone - category_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: FS Amazon Clone - SQL Injection Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/amazon-clone/ Version: 23 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12...
Complain Management System Hard-Coded Credentials / Blind SQL Injection
Exploit Title : Complain Management System Blind SQL Injection Date: 10 October 2017 Exploit Author: havysec Tested on: ubuntu14.04 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied Download Software:...
Complain Management System - Hard-Coded Credentials Blind SQL injection
Complain Management System - Hard-Coded Credentials Blind SQL injection Exploit Title : Complain Management System Blind SQL Injection Date: 10 October 2017 Exploit Author: havysec Tested on: ubuntu14.04 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied...
OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection Vulnerability
Exploit for jsp platform in category web applications Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText Document Sciences xPressio...
OpenText Document Sciences xPression 4.5SP1 Patch 13 SQL Injection
Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression Exploit was...
Content Timeline <= 4.4.2 - Multiple Blind SQL Injection
Multiple Blind SQL injections in the premium 'Content Timeline' Plugin. One unauthenticated and two authenticated injections. Contacted the author twice without any response. History: 09-16-2017 Contacted the author 09-16-2017 Requested CVE-ID 09-18-2017 CVE-ID Received 09-18-2017 Contacted the...
CVE-2017-1002014
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/adminsetting.php via galleryname parameter...
CVE-2017-1002013
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/adminsetting.php...