EUVD-2009-0466

Malware in sbrugna...

EUVD-2021-30079

Malicious code in bioql PyPI...

EUVD-2024-2138

Malicious code in bioql PyPI...

CVE-2021-43130

An SQL Injection vulnerability exists in Sourcecodester Customer Relationship Management System CRM 1.0 via the username parameter in customer/login.php...

PT-2024-18930 · Opencart · Opencart

Name of the Vulnerable Software and Affected Versions: opencart/opencart version 4.0.0.0 Description: A reflected XSS issue was identified in the redirect parameter of the "customer account/login" route. An attacker can inject arbitrary HTML and Javascript into the page response. This issue is...

WordPress plugin The Login as User or Customer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in the WordPress...

Car Rental System 1.0 SQL Injection

Car Rental System SQL Injection Author: D4rkP0w4r Note = Login to customer Injection Point = http://192.168.1.101:8080/CarRental/booking.php?id=1 Exploit Exploit with Sqlmap + Burp Suite Use Burp Suite capture request Then save as sqlicar.txt GET /CarRental/booking.php?id=1 HTTP/1.1 Host:...

Shopify: StoreFront API allows for a brute force attack on customer login by not timing out ALL attempts

It seems that the service used for login purposes could be brute forced. the system fails when the password is incorrect, after some unsuccessful attempts the following message is shown: "data":"customerAccessTokenCreate":null,"errors":"message":"Login attempt limit exceeded. Please try again...

VehicleWorkshop Authentication Bypass / SQL Injection

Type: Admin or Customer login bypass via SQL injection Author: Touhid M.Shaikh Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Mail: touhidshaikh22atgmaildotcom More info: https://blog.touhidshaikh.com/ ===================== PoC ================ Admin Login Page :...

VehicleWorkshop - Authentication Bypass

Type: Admin or Customer login bypass via SQL injection Author: Touhid M.Shaikh Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Mail: touhidshaikh22atgmaildotcom More info: https://blog.touhidshaikh.com/ ===================== PoC ================ Admin Login Page :...

VehicleWorkshop - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Type: Admin or Customer login bypass via SQL injection Author: Touhid M.Shaikh Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Mail: touhidshaikh22atgmaildotcom More info: https://blog.touhidshaikh.com/ ===================== PoC...

CVE-2009-0462

Multiple SQL injection vulnerabilities in customerlogincheck.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via 1 the txtEmail parameter aka E-MAIL field or 2 the txtPassword parameter aka password field to customerlogin.asp. NOTE: some of these details ar...

SalesCart - Authentication Bypass

SalesCart - Authentication Bypass ----C4TEAM.ORG---ByALBAYX----C4TEAM.ORG---- Author : ByALBAYX Website : WWW.C4TEAM.ORG Script :SalesCart Product Management Plugin Site :http://www.salescart.com Demo :http://www.salescart.com/scorderdemo/online/default.asp Details...