COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass Vulnerability

Exploit Title: COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass Vendor: COMMAX Co., Ltd. Prodcut web page:...

COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass

Exploit Title: COMMAX Smart Home IoT Control System CDP-1020n - SQL Injection Authentication Bypass Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX Smart Home IoT Control System CDP-1020n SQL Injection Authentication Bypass Vendor: COMMAX Co., Ltd. Prodc...

SSDWLAB 6.1 - Authentication #Bypass Vulnerability

Exploit for asp platform in category web applications Exploit Title: SSDWLAB 6.1 - Authentication Bypass Exploit Author: Luis Buendía exoticpayloads Vendor Homepage: http://www.sbpsoftware.com/ Version: 6.1 Tested on: IIS 7.5 CVE : Pending Description: By injection on the SOAP function in the...

SSDWLAB 6.1 - Authentication Bypass

Exploit Title: SSDWLAB 6.1 - Authentication Bypass Date: 2019-10-01 Exploit Author: Luis Buendía exoticpayloads Vendor Homepage: http://www.sbpsoftware.com/ Version: 6.1 Tested on: IIS 7.5 CVE : Pending Description: By injection on the SOAP function in the EditUserPassword function, it is possibl...

SSDWLAB 6.1 Authentication Bypass

Exploit Title: SSDWLAB 6.1 - Authentication Bypass Date: 2019-10-01 Exploit Author: Luis Buendía exoticpayloads Vendor Homepage: http://www.sbpsoftware.com/ Version: 6.1 Tested on: IIS 7.5 CVE : Pending Description: By injection on the SOAP function in the EditUserPassword function, it is possibl...

Starbucks: XXE at ecjobs.starbucks.com.cn/retail/hxpublic_v6/hxdynamicpage6.aspx

Description: Hi,guys,when i was visited the jobs of starbucks websites in Chinahttps://ecjobs.starbucks.com.cn, i found a features of uploaded user's photo.Thought the bypass the security restrictions of upload,i can upload html|xhtml|xml|config files etc.The uploaded html file can realize the...

CVE-2018-17891

Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a...

Code injection

Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a...

CVE-2018-17891

Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a...

Carestream Vue RIS

1. EXECUTIVE SUMMARY CVSS v3 3.7 ATTENTION: Exploitable remotely Vendor: Carestream Equipment: Carestream Vue RIS Vulnerability: Information Exposure Through an Error Message 2. RISK EVALUATION An attacker with access to the network of the affected system can passively read traffic. 3. TECHNICAL...

V5shop 在cart.aspx处的参数spikeid存在SQL注入漏洞

举例： 通过谷歌搜索inurl:productpic.aspx,因为cart.aspx是需要登录才可以正常访问，但是注入的时候毫无影响。 案例： http://www.wolifu.com/cart.aspx?act=spikebuy&spikeid=3 D:\sqlmappython sqlmap.py -u "http://www.wolifu.com/cart.aspx?act=spikebuy&spik eid=3" -p "spikeid" | | 1.0-dev-nongit-20150806 | -| . | | | .'| . | || |||||,| | || ||...

某管理系统通用型SQL注入

简要描述： 某管理系统通用型SQL注入 详细说明： 厂商：南京苏亚星资讯科技开发有限公司 资源库管理系统 搜索引擎关键字：帮助 正在读取数据... 注册用户 系统用户 用户名: 密码: 南京苏亚星资讯科技开发 有一部分是内网使用，好不容易找到5个案例。...

Microsoft IIS 7.5 Cross Site Scripting

Hello everyone, I found some weird HTML code injection in an IIS error message. IIS spits out some part of the user input that generated the error message, but will only display 20 characters at most. My question is: is it possible to actually exploit an XSS with this ? Here is an example: HTTP...

EasyPage SQL Injection Vulnerability

No description provided by source. Title : EasyPage SQL Injection Vulnerability Author : Red Security TEAM Date : 19/01/2012 Risk : High Vendor : http://karait.com/ Tested On : Windows Server 2008 Microsoft-IIS/7.5 Dork : inurl:default.aspx?page=Document&app=Documents&docId= Contact : Info 4t...

ARYADAD Multiple Vulnerabilities

No description provided by source. Title : ARYADAD Multi Vulnerability Author : Red Security TEAM Date : 21/01/2012 Vendor : http://cms.aryadad.com/ Tested On : Windows Server 2008 IIS 7.5 Dork : Powered by ARYADAD Corporation Contact : Info 4t RedSecurity d0t COM Home : http://RedSecurity.COM...

microsoft iis 6.0 and 7.5 - Multiple Vulnerabilities

No description provided by source. THIS IS A GENUINE ISOWAREZ RELEASE ------------------------------------------------------------------------------------------------------------------------------------------------------------ Title: Microsoft IIS 6.0 with PHP installed Authentication Bypass...

Windows 7 IIS7.5 FTPSVC UNAUTH'D Remote DoS PoC

No description provided by source. import socket, sys print \n print ---------------------------------------------------------------- print | Windows 7 IIS7.5 FTPSVC UNAUTH'D REMOTE DOS POC | print | Matthew Bergin, Bergin Penetration Testing | print | Win7 Ultimate v6.1 build 7600, IIS...

Microsoft IIS 6. 0 and 7. 5 multiple vulnerabilities and the use of method-vulnerability warning-the black bar safety net

Microsoft IIS 6.0 install PHP to bypass authentication vulnerability Microsoft IIS with PHP 6.0, which is on PHP5 in Windows Server 2 0 0 3 SP1 test detail: An attacker can send a special request is sent to the IIS 6.0 Service, successfully bypass access restrictions The attacker can access the...

CVE-2012-2531

Microsoft Internet Information Services IIS 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."...

Cross site scripting

Microsoft Internet Information Services IIS 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."...