45 matches found
AVideo Unauthenticated SQL Injection Credential Dump
AVideo use auxiliary/gather/avideocatnamesqli msf auxiliaryavideocatnamesqli show actions ...actions... msf auxiliaryavideocatnamesqli set ACTION msf auxiliaryavideocatnamesqli show options ...show and set options... msf auxiliaryavideocatnamesqli run This module requires Metasploit:...
CVE-2026-28501
WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...
CVE-2026-28501
WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...
CVE-2026-28501 WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...
CVE-2026-28501 WWBN AVideo: Unauthenticated SQL Injection via JSON Request Bypass in objects/videos.json.php
WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...
CVE-2026-28501
WWBN AVideo is an open source video platform. Prior to version 24.0, an unauthenticated SQL Injection vulnerability exists in AVideo within the objects/videos.json.php and objects/video.php components. The application fails to properly sanitize the catName parameter when it is supplied via a...
SQL Injection
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the catName parameter in JSON-formatted POST requests to objects/videos.json.php and objects/video.php. An attacker can execute arbitrary SQL...
Curfew e-Pass Management System edit-category-detail.php file cross-site scripting vulnerability
Curfew e-Pass Management System is an electronic pass management system. Curfew e-Pass Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter catname in the file...
CVE-2025-12311
A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross site scripting. The attack can be launched remotely. The exploit is now public...
CVE-2025-12311
A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross site scripting. The attack can be launched remotely. The exploit is now public...
CVE-2025-12311 PHPGurukul Curfew e-Pass Management System edit-category-detail.php cross site scripting
A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross site scripting. The attack can be launched remotely. The exploit is now public...
CVE-2025-12311
The CVE-2025-12311 entry relates to a cross-site scripting (XSS) flaw in PHPGurukul Curfew e-Pass Management System 1.0, caused by unsafely handling the catname argument in edit-category-detail.php. Technical sources from CNVD, RH, NVD/CVE records, CNNVD, and others confirm the vulnerability stem...
CVE-2025-12311 PHPGurukul Curfew e-Pass Management System edit-category-detail.php cross site scripting
A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross site scripting. The attack can be launched remotely. The exploit is now public...
EUVD-2025-36345
A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results in cross site scripting. The attack can be launched remotely. The exploit is now public...
PHPGurukul Curfew e-Pass Management System 代码注入漏洞
Curfew e-Pass Management System is an electronic pass management system. Curfew e-Pass Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter catname in the file...
EUVD-2006-6717
Malware in sbrugna...
EUVD-2006-2818
Malware in sbrugna...
EUVD-2006-3029
Malware in sbrugna...
EUVD-2019-19026
Malware in sbrugna...
Notice Board System category.php file SQL injection vulnerability
Notice Board System is a bulletin board system. A SQL injection vulnerability exists in the Notice Board System, which originates from the lack of validation of externally entered SQL statements in the /category.php file with the parameter catname. An attacker can exploit this vulnerability to...