CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploit DB•added 2018/05/23 12:0 a.m.•36 views

MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting

Exploit Title: MySQL Smart Reports 1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-smart-reports-online-report-generator-with-existing-data/16836503 Version: 1.0 Category: Webapps...

0day.today•added 2018/05/23 12:0 a.m.•47 views

NewsBee CMS 1.4 - download.php SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: NewsBee CMS 1.4 - 'download.php' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Version: 1.4 / fourth updat...

exploitpack•added 2018/05/23 12:0 a.m.•10 views

MySQL Blob Uploader 1.7 - home-filet-edit.php SQL Injection

MySQL Blob Uploader 1.7 - home-filet-edit.php SQL Injection Exploit Title: MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...

0day.today•added 2018/05/23 12:0 a.m.•58 views

Feedy RSS News Ticker 2.0 - cat SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Feedy RSS News Ticker 2.0 - 'cat' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/feedy-rss-news-ticker/5818277 Version: 2.0 Category: Webapps Tested on: Kali linux PoC: SQLi:...

Exploit DB•added 2018/05/23 12:0 a.m.•27 views

MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection

Exploit Title: MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 Version: 1.7 - seventh update Category...

Exploit DB•added 2018/05/22 12:0 a.m.•32 views

NewsBee CMS 1.4 - 'download.php' SQL Injection

Exploit Title: NewsBee CMS 1.4 - 'download.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Version: 1.4 / fourth update Category: Webapps Tested...

Packet Storm•added 2018/05/22 12:0 a.m.•25 views

Feedy RSS News Ticker 2.0 SQL Injection

Exploit Title: Feedy RSS News Ticker 2.0 - 'cat' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor Homepage: https://codecanyon.net/item/feedy-rss-news-ticker/5818277 Version: 2.0 Category: Webapps Tested on: Kali linux PoC: SQLi: Parameter: cat Type:...

0.4AI score

exploitpack•added 2018/05/22 12:0 a.m.•14 views

NewsBee CMS 1.4 - download.php SQL Injection

NewsBee CMS 1.4 - download.php SQL Injection Exploit Title: NewsBee CMS 1.4 - 'download.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Version:...

exploitpack•added 2018/05/22 12:0 a.m.•14 views

Feedy RSS News Ticker 2.0 - cat SQL Injection

Feedy RSS News Ticker 2.0 - cat SQL Injection Exploit Title: Feedy RSS News Ticker 2.0 - 'cat' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/feedy-rss-news-ticker/5818277 Version: 2.0 Category: Webapps Tested on: Ka...

0.3AI score

Packet Storm•added 2018/05/22 12:0 a.m.•24 views

EasyService Billing 1.0 SQL Injection / Cross Site Scripting

------------------- Exploit 1 of 2: Exploit Title: EasyService Billing 1.0 - 'template.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor Homepage:...

0.5AI score

Exploit DB•added 2018/05/22 12:0 a.m.•47 views

PaulPrinting CMS Printing 1.0 - SQL Injection

Exploit Title: PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Date: 2018-05-19 Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365 Author: Mehmet Onder Key Version: 1.0 Tested On: Linux 1. Description Any visitor can run code to exploit css and sql...

Packet Storm•added 2018/05/22 12:0 a.m.•39 views

PaulPrinting CMS Printing 1.0 SQL Injection

0.9AI score

RedHat Linux•added 2018/05/03 5:6 a.m.•4 views

php: Invalid read when wddx decodes empty boolean element

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

9.8CVSS7.4AI score0.06974EPSS

Exploits0References4

RedHat Linux•added 2018/05/03 5:6 a.m.•1 views

php: Incorrect WDDX deserialization of boolean parameters leads to DoS

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c...

7.5CVSS7.2AI score0.06846EPSS

Exploits0References4

RedHat Linux•added 2018/05/03 5:6 a.m.•4 views

php: Null pointer dereference in php_wddx_push_element

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service invalid pointer access and out-of-bounds read or possibly have unspecified other impact via an incorrect boolean element in a wddxPacket XML document,...

7.5CVSS7.4AI score0.11402EPSS

Exploits1References4

Packet Storm•added 2018/04/26 12:0 a.m.•45 views

HRSALE The Ultimate HRM 1.0.2 SQL Injection

Exploit Title: HRSALE The Ultimate HRM v1.0.2 - 'awardid' SQL Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10256 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0.2 Tested on: Kali Linux 2.0 | Mac ...

0.1AI score0.02616EPSS

Exploits5

exploitpack•added 2018/04/25 12:0 a.m.•32 views

HRSALE The Ultimate HRM 1.0.2 - award_id SQL Injection

HRSALE The Ultimate HRM 1.0.2 - awardid SQL Injection Exploit Title: HRSALE The Ultimate HRM v1.0.2 - 'awardid' SQL Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10256 Vendor Homepage: https://codecanyon.net/ Software Link:...

6.5CVSS0.1AI score0.02616EPSS

Exploits5

Prion•added 2018/03/05 10:29 p.m.•23 views

Input validation

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...

6.8CVSS7.9AI score0.01221EPSS

Exploits0References3Affected Software3

Hacker One•added 2018/02/24 1:24 a.m.•149 views

Khan Academy: [critical] sql injection by GET method

Hey there, after tampering a bit with the values, since I figured out your backend is not php most likely django or nodejs, I found an SQL injection . You can view my steps to reproduce, if you need additional screenshots, please let me know. Regards Gabriel Kimiaie Impact If I dig deeper, I may ...