Bangresto 1.0 - SQL Injection

Exploit Title: Bangresto 1.0 - SQL Injection Exploit Author: nu11secur1ty Date: 12.16.2022 Vendor: https://axcora.com/, https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html Demo: https://axcora.my.id/bangrestoapp/start.php Software: https://github.com/mesinkasir/bangresto...

Nextcloud Resource Management Error Vulnerability (CNVD-2023-04308)

Nextcloud is an open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. nextcloud Deck is vulnerable to a resource management error, which stems from a database error that can be generated when executed multiple times, leading to a DoS...

CVE-2023-22470

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that t...

Code injection

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that t...

CVE-2023-22470 Nextcloud Deck vulnerable to uncontrolled resource consumption

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that t...

CVE-2023-22470

CVE-2023-22470 affects Nextcloud Deck (kanban tool) used with Nextcloud. The vulnerability is a database error that can be exploited to cause a denial of service when the action is repeated; no specific exploitation steps are provided in the documents. Impact is described as potential DoS with mu...

PT-2023-18522 · Nextcloud · Nextcloud Deck

Name of the Vulnerable Software and Affected Versions: Nextcloud Deck versions prior to 1.6.5 Nextcloud Deck versions prior to 1.7.3 Nextcloud Deck versions prior to 1.8.2 Description: Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams...

Missing character limitation allows to put generate a database error

None...

Information disclosure

PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server...

osCommerce 跨站脚本漏洞

osCommerce is an open source online shopping e-commerce solution based on the GNUGPL license. osCommerce2 v2.3.4.1 previously had a security vulnerability that stemmed from a security issue with the function tepdberror. No detailed vulnerability details are available...

Student Grading System 1.0 SQL Injection

Title: Student Grading System v1.0 SQLi Author: nu11secur1ty Date: 03.14.2022 Vendor: https://www.sourcecodester.com/users/tips23 Software: https://www.sourcecodester.com/php/14522/student-grading-system-using-phpmysql-source-code.html Reference:...

Online Reviewer System 2.4.0 SQL Injection

Sourcecodester-Online-Reviewer-System-2.4.0 SQL - 4 types of injection vulnerability Vendor Description: The password parameter appears of the Online Reviewer System 1.0 to be vulnerable to SQL injection attacks - 4 types of injection vulnerability. A single quote was submitted in the password...

Online Reviewer System 2.4.0 SQL Injection Vulnerability

Sourcecodester-Online-Reviewer-System-2.4.0 SQL - 4 types of injection vulnerability Vendor Description: The password parameter appears of the Online Reviewer System 1.0 to be vulnerable to SQL injection attacks - 4 types of injection vulnerability. A single quote was submitted in the password...

Wowza Media Systems Wowza Streaming Engine 资源管理错误漏洞

Wowza Media Systems Wowza Streaming Engine is a powerful, customizable and scalable media server software from Wowza Media Systems, USA. It is used to reliably stream high-quality video and audio to any device, anywhere. A security vulnerability exists in Wowza Media Systems Wowza Streaming Engin...

Nextcloud: Database error shown to the user when using a long guest name in richdocuments

When sharing a file to a guest and the file is allow for editing, the user is asked to enter a guestname if you enter a really long value for that name you get a database error that displays sensitive information: An exception occurred while executing 'INSERT INTO...

WP DB Error Manager <= 2.1.6 - Reflected Cross-Site Scripting (XSS)

Reflected XSS in the file "admin/partials/wp-db-error-manager-login-display.php" in parameter "email" query string https://example.com/wp-content/plugins/wp-database-error-manager/admin/partials/wp-db-error-manager-login-display.php?email=%22%3E%3Cimg%20src%20onerror=alert/XSS/%3E...

WordPress WP Fanzone 3.1 SQL Injection Vulnerability

WordPress WP Fanzone theme version 3.1 suffers from a remote SQL injection vulnerability. Exploit Title : Built with WordPress and WP FanZone Themes 3.1 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Vendor Homepage : wordpress.org -...

Joomla Sumoku 3.9.8 SQL Injection

Exploit Title : Joomla Sumoku 3.9.8 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 12/10/2019 Vendor Homepage : blueorangegames.com/sumoku/ Affected Version : 3.9.8 Tested On : Windows and Linux Category : WebApps Exploit Risk : Medium Vulnerabili...

Joomla MisterEstate 1.5.26 SQL Injection

Exploit Title : Joomla MisterEstate 1.5.26 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 12/10/2019 Vendor Homepage : misterestate.com Affected Versions : 1.5.12/1.5.14/1.5.16/1.5.18/1.5.26 Tested On : Windows and Linux Category : WebApps Exploit...

Joomla SwPhotoGallery 1.5.26 SQL Injection

Exploit Title : Joomla SwPhotoGallery 1.5.26 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 12/10/2019 Vendor Homepage : joomla.org Affected Versions : 1.5.16 and 1.5.26 Tested On : Windows and Linux Category : WebApps Exploit Risk : Medium...