Search & Replace < 3.2.2 - Admin+ SQL injection

Description The plugin does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks such as within a multi-site network. 1. Go to the Tools parameter 2. Select Search & Replace 3. Click "Do Search & Replace" 4. Change the parameters...

Honeywell PM43 Remote Code Execution

Exploit Title: Honeywell PM43 ' if htmlstartindex != -1: return responsetext:htmlstartindex else: return responsetext except requests.exceptions.RequestException as e: return f"Error: e" def main: parser = argparse.ArgumentParserdescription='Command Injection PoC for Honeywell PM43 Printers'...

Exploit for Command Injection in Python

Python CVE-2018-1000802 Proof-of-Concept This is a PoC for th...

Joomla! Component com_joomgalaxy 1.2.0.4 - Multiple Vulnerabilities

Exploit Title: Joomla joomgalaxy 1.2.0.4 Multiple Vulnerabilites dork: inurl:comjoomgalaxy Date: 01-08-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R site: http://poisonsecurity.wordpress.com/ Vendor: http://www.joomgalaxy.com/ Version: 1.2.0.4 last update on Jul 27, 2012 License:...

Webify Link Directory - SQL Injection

Exploit Title: Webify Link Directory / SQL Injection Date: 04/07/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Sofware web: http://webify.ws/index.php?page=getapp&id=10 Tested on: Linux Dork: allinurl: index.php?page=browse&id=...

SN News 1.2 - &#039;/admin/loger.php&#039; Authentication Bypass

SN News Date: 06/06/2012 Version: 1.2 Software Link: http://phpbrasil.com/script/JHnpFRmSBqlf/sn-news ISRAEL Author will be not responsible for any damage. Vulnerable Code - /admin/logar.php 4-15: 4.$login = $POST"login"; 5.$senha = $POST"senha"; 6.$sql = "select from newsadm where login='$login'...

SN News 1.2 - adminloger.php Authentication Bypass

SN News 1.2 - adminloger.php Authentication Bypass SN News Date: 06/06/2012 Version: 1.2 Software Link: http://phpbrasil.com/script/JHnpFRmSBqlf/sn-news ISRAEL Author will be not responsible for any damage. Vulnerable Code - /admin/logar.php 4-15: 4.$login = $POST"login"; 5.$senha = $POST"senha";...

NewsAdd 1.0 - &#039;lerNoticia.php?id&#039; SQL Injection

NewsAdd Date: 31/05/2012 Version: 1.0 Software Link: http://phpbrasil.com/script/3tCyUs1JeL1M/newsadd--mysql ISRAEL Author will be not responsible for any damage. YOU SHOULD BE LOGGED IN | YOU SHOULD BE LOGGED IN Vulnerable Code - lerNoticia 15-22: 21.if $GET 22. 23. $id = $GET'id'; 24. 25. $quer...

Supernews <= 2.6.1 (noticias.php cat) SQL Injection

Exploit for php platform in category web applications Supernews Date: 31/05/2012 Version: 2.6.1 Software Link: http://phpbrasil.com/script/vT0FaOCySSH/supernews ISRAEL Author will be not responsible for any damage. Vulnerable Code - noticias.php 30-31: 30. $idcategoria = formatDados$GET'cat'; 31...

Supernews 2.6.1 - noticias.php?cat SQL Injection

Supernews 2.6.1 - noticias.php?cat SQL Injection Supernews Date: 31/05/2012 Version: 2.6.1 Software Link: http://phpbrasil.com/script/vT0FaOCySSH/supernews ISRAEL Author will be not responsible for any damage. Vulnerable Code - noticias.php 30-31: 30. $idcategoria = formatDados$GET'cat'; 31. $que...

Web2Project 2.3 - SQL Injection

------------------------------------------------------------------------ Software................Web2Project 2.3 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://forums.web2project.net/ Discovery Date..........4/21/2011 Tested...

PhpMyAdmin Client Side 0Day Code Injection and Link Falsification

Exploit for php platform in category web applications ================================================================= PhpMyAdmin Client Side 0Day Code Injection and Link Falsification ================================================================= Credits: Emanuele 'emgent' Gentili Marco...

enano CMS 1.1.7pl1 - Multiple Vulnerabilities

Vulnerability ID: HTB22709 Reference: http://www.htbridge.ch/advisory/sqlinjectioninenanocms.html Product: Enano CMS Vendor: enanocms.org http://enanocms.org/ Vulnerable Version: 1.1.7pl1 Vendor Notification: 16 November 2010 Vulnerability Type: SQL Injection Status: Fixed by Vendor Risk level:...

webERP 3.11.4 - Multiple Vulnerabilities

Title: webERP Multiple Vulnerabilities Author: ADEO Security Published: 30/06/2010 Version: 3.11.4 Possible all versions Vendor: http://www.weberp.org Description: "webERP is a complete web based accounting/ERP system that requires only a web-browser and pdf reader to use. It has a wide range of...

Opencourrier 2.03beta &#40;RFI/LFI&#41; Multiple File Include Vulnerability

=================================================================== Opencourrier 2.03beta RFI/LFI Multiple File Include Vulnerability =================================================================== + Opencourrier 2.03beta RFI/LFI Multiple File Include Vulnerability...

Mambo Component Hestar - SQL Injection

comhestar 1.0.0 Author : M3NW5 M3NW5athackermaildotcom Homepage : http://www.indonesiancoder.com Date : Monday, Semptember 07, 2009 ------------------------------------------------------------------------------------------------------- | |.-----..--| |.-----..-----..-----..-----.||.---.-..-----. ...

phpShop 0.8.1 - SQL Injection / Filter Bypass

Vendor : PHPShop Webiste : http://www.phpshop.org Version : v0.8.1 Author: the redc0ders / theredc0dersatgmaildotcom Condition: magicquotegpc = off , in php.ini setting Details : ========== Vulnerable Code in index.php near lines 98 - 128 code // basic SQL inject detection $myinsecurearray =...

igwad.txt

Aria-Security Team Advisory Original Advisory : http://aria-security.net/advisory/igwad.txt ----------------------------------------------------------- Software: Image gallery with Access Database Method : SQL Injection PoC: http://target/path/dispimage.asp?id=SQL Injection...