13 matches found
PT-2025-19981 · Hashicorp · Terraform Windns Provider
Name of the Vulnerable Software and Affected Versions: Terraform WinDNS Provider versions prior to 1.0.5 Description: A security issue has been found in the Terraform WinDNS Provider, where the windns record resource did not sanitize the input variables, leading to authenticated command injection...
Terraform WinDNS Provider 命令注入漏洞
Terraform WinDNS Provider is a Norsk rikskringkasting open source tool for managing DNS records in Windows DNS servers using Terraform. A command injection vulnerability exists in Terraform WinDNS Provider versions prior to 1.0.5, which stems from failure to clean up input variables and could lea...
CVE-2025-22205 Extension - admiror-design-studio.com - Path traversal in the Admiror Gallery 4.x component for Joomla
Improper handling of input variables lead to multiple path traversal vulnerabilities in the Admiror Gallery extension for Joomla in version branch 4.x...
PHP Input Variables Exceeded
By default, PHP accepts a maximum of 1000 variables in a request. If there are more input variables than specified, an EWARNING is issued, and further input variables are truncated from the request depending on server configuration and application code, this can have various impacts such as...
CrackQL - GraphQL Password Brute-Force And Fuzzing Utility
CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits poor rate-limit and cost analysis controls to brute-force credentials and fuzz operations. How it works? CrackQL works by automatically batching a single GraphQL...
4images 1.8 SQL Injection
Exploit Title: 4images 1.8 - 'limitnumber' SQL Injection Authenticated Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.8 Tested on: Linux Source Analysis: Line 658 - User action defined if $action == "findimages" Line 661 - Vulnerable condition...
CVE-2018-16949
An issue was discovered in OpenAFS before 1.6.23 and 1.8.x before 1.8.2. Several data types used as RPC input variables were implemented as unbounded array types, limited only by the inherent 32-bit length field to 4 GB. An unauthenticated attacker could send, or claim to send, large input values...
DVWA learn PHP Common Vulnerabilities and repair method-vulnerability warning-the black bar safety net
“Security is a whole, to ensure that security is not to powerful where there is more powerful and that the real weakness of the place where the”--Kenshin From a lot of the penetration of large enterprises within the network of cases of view, the intruder most from on the Web to find the...
The establishment of the station star sitestar v2. 5 the file that contains the exploit and fix-vulnerability warning-the black bar safety net
Inadvertently found that the establishment of the station star sitestar a tasteless file contains vulnerabilities, WVS scan a friends website, find the prompt with the following file include vulnerability index. php? a=fullist&m=../../../../../../../../../../etc/passwd%00.jpg admin/index. php?...
CPCommerce 1.2.6 - URL Rewrite Input Variable Overwrite Authentication Bypass
CPCommerce 1.2.6 - URL Rewrite Input Variable Overwrite Authentication Bypass Author: girex Homepage: girex.altervista.org CMS: cpCommerce 1.2.6 Site: http://cpcommerce.cpradio.org/ Bug: URL Rewrite - Input variables overwrite PoC: Auth bypass - Shell upload Note: Works regardless php.ini setting...
cpCommerce 1.2.6 (URL Rewrite) Input variable overwrite / Auth bypass
Exploit for unknown platform in category web applications ===================================================================== cpCommerce 1.2.6 URL Rewrite Input variable overwrite / Auth bypass ===================================================================== Author: girex CMS: cpCommerce...
CVE-2005-0616
Multiple cross-site scripting XSS vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the 1 Program name, 2 File link, 3 Author name 4 Author e-mail address, 5 File size, 6 Version, or 7 Home page variables...
CVE-2003-1554
Cross-site scripting XSS vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the 1 username, 2 useremail, 3 aim, 4 msn, 5 sitename and 6 siteaddy variables...