43 matches found
Vaidya-Mitra 1.0 - Multiple SQL injection Vulnerability
Title: Vaidya-Mitra 1.0 - Multiple SQLi Author: nu11secur1ty Vendor: https://mayurik.com/ Software: free: https://www.sourcecodester.com/php/16720/free-hospital-management-system-small-practices.html, https://mayurik.com/source-code/P5890/best-hospital-management-system-in-php Reference:...
Server side request forgery (ssrf)
Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3...
Blind SSRF in the Mail app on avatar endpoint
None...
HackerOne: SQL Injection in CVE Discovery Search
Unsanitized user-controlled inputs in the CVE Discovery Search allowed for SQL injection, which could lead to the disclosure of data in the Analytics Database, including report, team, and asset data...
CVE-2023-22374: F5 BIG-IP Format String Vulnerability
While following up our previous work on F5's BIG-IP devices, Rapid7 found an additional vulnerability in the appliance-mode REST interface; the vulnerability was assigned CVE-2023-22374. We reported it to F5 on December 6, 2022, and are now disclosing it in accordance with our vulnerability...
CVE-2022-1188
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible...
CVE-2022-0249
A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked...
CVE-2021-3772
CVE-2021-3772 affects the Linux kernel SCTP stack: a blind attacker who knows IPs/ports and can spoof packets can kill an existing SCTP association by sending invalid chunks. The connected advisories confirm the issue and point to a patch in the Linux kernel (commit 32f8807a48ae55be0e76880cfe8607...
SQL Injection in tsolucio/corebos
Description coreBOS is vulnerable to Blind SQL Injections in parameter userviewtype which allows the attacker to execute SQL commands on the target database. it is a time-based attack in which the result of the query will be determined based on the time of the response. payload...
Ticket Booking 1.0 SQL Injection
Title: Ticket Booking 1.0 suffer from SQL - Injenction Author: nu11secur1ty Date: 12.14.2021 Vendor: https://code-projects.org/ticket-booking-in-php-with-source-code/ Software: https://code-projects.org/ticket-booking-in-php-with-source-code/ Description: The password parameter appears to be...
SUSE SLES15: kernel-azure / kernel-azure-devel / kernel-devel-azure / etc (SUSE-SU-2021:3641-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3641-1 advisory. The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...
Local Offices Contact Directory Site SQL Injection Vulnerability
Local Offices Contact Directory Site using PHP and SQLite Free Source Code suffers from a remote SQL injection vulnerability. Local Offices Contact Directory Site SQL Injection Vulnerability...
Doctor Appointment System SQL Injection Vulnerability
Sourcecodesterk Doctor Appointment System is a Sourcecodesterk open source application. Provides an appointment function . Doctor Appointment System version 1.0 suffers from an SQL injection vulnerability that originates from a remote blind SQL injection vulnerability in the name and email...
Podman / Varlink Remote Code Execution
!/usr/bin/python -- coding: UTF-8 -- pickletime.py Podman + Varlink Insecure Config Remote Exploit Jeremy Brown jbrown3264/gmail @ Oct 2019 ------- Details ------- Podman is container engine / platform similar to Docker supported by RedHat and Fedora with Varlink being a protocol to exchange...
Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String
Axis Communications MPQTPACS 5.20.x - Server-Side Include Daemon Remote Format String !/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following...
Axis Communications MPQT/PACS 5.20.x - Server Side Include (SSI) Daemon Remote Format String
Exploit for multiple platform in category remote exploits !/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based...
Axis Communications MPQT/PACS 5.20.x - Server-Side Include Daemon Remote Format String
!/usr/bin/env python2.7 SOF Remote Format String Exploit Axis Communications MPQT/PACS Server Side Include SSI Daemon Research and development by bashis 2016 This format string vulnerability has following characteristic: - Heap Based Exploiting string located on the heap - Blind Attack No output...
SDCMS 最新门户版 V3.0 储存型xss一枚 可盲打后台
简要描述: 严谨的说 是编辑器xss储存型漏洞 详细说明: 虚拟主机搭建测试: 需要条件: 开启会员注册默认开启 开启投稿功能(默认开启) 下载地址: http://www.sdcms.cn/product/portal.html 默认 开启会员注册 无需审核 原本想在demo上测试的 但是他开启审核了 ---------------------------------------- 注册个会员 找到在线投稿 选择文章模型 远程上传地址处 插入: " 提交 img...
damicms绕过防xss规则盲打后台(v4.9)
简要描述: damicms绕过防xss规则盲打后台v4.9 详细说明: 前台留言的地方,使用了getclientip ,代码如下。 使用了 removexss 来做过滤,但是可以这样来绕过 之后就可以弹窗了 漏洞证明:...
绕过startbbs防御继续盲打管理员(两种方法)
简要描述: startbbs已经对xss有过滤措施,但是有办法绕过。这里我依然以官方为demo作为测试,因为官方的是最新版。 详细说明: 问题出现在发帖的正文文本框:盲打的概率非常高的。 测试了常规的html代码,发现只剩下img标签,其他的都被过滤了,因此可以在img上能发挥作用的只有on系列的事件了。 测试尝试和之前那样 发布上面的代码,发现过滤成下面这样: 尝试用javascript:伪协议去触发:但是又被过滤成这样: 也就是常规的在敏感字符那加入x 来让事件等功能失效。 到了这一步,暂时没有了头绪。 过了几天之后忽然想到之前新浪邮箱的过滤方式也是如此。...