153 matches found
VulnCheck KEV: CVE-2019-8982
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF...
CVE-2021-42227
CVE-2021-42227 describes a cross‑site scripting (XSS) vulnerability in KindEditor 4.1.x . The weakness is triggered via the editor’s upload flow, specifically related to the file handling in the upload context (e.g., an upload_json.php path) and exposure through a Google search result pointing to...
UserPro <= 4.9.17 - Authentication Bypass
The userpro plugin has the ability to bypass login authentication for the user 'admin'. If the site does not use the standard username 'admin' it is not affected. 1 - Google Dork inurl:/plugins/userpro 2 - Browse to a site that has the userpro plugin installed. 3 - Append ?upautolog=true to the...
Joomla! Component JE Directory 1.7 - 'ditemid' SQL Injection
Exploit Title: Joomla! Component JE Directory Ads 1.7 - SQL Injection Google Dork: inurl:index.php?option=comjedirectory Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla Nice Ajax Poll 1.4.0 SQL Injection Vulnerability
Joomla Nice Ajax Poll component version 1.4.0 suffers from a remote SQL injection vulnerability. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0...
某通用型系统SQL注入+数据库下载
简要描述: 某通用型系统SQL注入+数据库下载 详细说明: 某通用型系统SQL注入+数据库下载。 源码地址:XYCMS生物科技公司源码 v3.3 http://down.chinaz.com/soft/33908.htm SQL注入:jobyp.asp?id= 可谷歌搜索:inurl:jobyp.asp?id= 实例: http://www.ys-org.com/jobyp.asp?id=1 http://ouzhouyulecheng.com/jobyp.asp?id=1 http://jinsanjiaoyulecheng.net/jobyp.asp?id=1...
博云非书论文管理系统存在通用型SQL注入
简要描述: 论文管理系统存在通用型SQL注入 详细说明: 注入点:dbid和docid 搜索关键字:inurl:/docinfo.action?dbid= http://202.195.136.150/docinfo.action?dbid=72&docid=40824 http://202.199.163.37/docinfo.action?dbid=72&docid=40619 http://paper.buaalib.com/docinfo.action?dbid=72&docid=5793...
Wordpress Theme U-Design Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Theme U-Design Arbitrary File Download Vulnerability Date: 18/01/2015 Exploit Author: t3rr0rist - GHC Georgian Hacking Community team Contact : email protected Tested on: Linux Google Dork:...
某大型政府服务系统Oracle注入(使用量大)
简要描述: rt,霍霍。为了生活费也是蛮拼的。。。。 详细说明: 问题厂商:深圳太极软件有限公司 一套专门的政务服务系统 用户量:大 影响:广 注入点 browsebgxz.do?method=dept&deptid=(deptid存注入) google关键字:inurl:browsebgxz.do?method= 案例: http://www.gygxzw.gov.cn:8066/browsebgxz.do?method=dept&deptid=556631684 http://61.189.156.73/browsebgxz.do?method=dept&deptid=0094204...
WordPress A.F.D. Theme Echelon Arbitrary File Download
Name: Wordpress A.F.D Theme Echelon / INURL - BRASIL Description: This exploit allows attacker to download any writable file from the server Usage info: Put the path of the file in the file's field of the exploit ,then click "Download" button then you get the file directly File download /etc/pass...
WordPress Html5 Mp3 Player Full Path Disclosure
WordPress - Html5 Mp3 Player with Playlist Plugin / || / / / / /\ /\ \ \ \ | / \ / http://h4x0resec.blogspot.com / \ | \ \ / // / \ / / / / Software info |App. : WordPress - html5-mp3-player-with-playlist Plugin |Software: https://wordpress.org/plugins/html5-mp3-player-with-playlist/...
vBulletin 4.0.x 4.1.2 - search.php?cat SQL Injection
vBulletin 4.0.x 4.1.2 - search.php?cat SQL Injection vBulletin 4.0.x = 4.1.2 AUTOMATIC SQL Injection exploit Author: D35m0nd142, Google Dork: inurl:search.php?searchtype=1 Date: 02/09/2014 Vendor Homepage: http://www.vbulletin.com/ Tested on: vBulletin 4.1.2 Usage: perl exploit.pl Tutorial video:...
JEECMS任意命令执行漏洞(涉及大量案例,Administrator权限)
简要描述: JEECMS任意命令执行漏洞(涉及大量案例,Administrator权限) 详细说明: 谷歌搜索:inurl:jeecms/ArtiSearch.do 涉及大量案例 http://www.wwxzfw.gov.cn/jeecms/ArtiSearch.do?count=10&searchKey=a%27+and+1%3D1&chnlId= http://www.cnfamily.com/family/jeecms/ArtiSearch.do?count=10&searchKey=%C1%BD%BB%E1...
J&W Communications SQL Injection
Title: J&W Communications Cms SQL Injection Vulnerability + Date: 2014-07-29 + Author: Hekt0r + Vendor Homepage: www.jw-com.com + Tested on: Windows7 & Kali Linux + Vulnerable Files: /rosters.php /team.php /scoresheet.php + Dork : intext:"designed by J&W Communications" inurl:/team.php.php?id=...
SoftBizScripts Dating Script SQL Injection Vunerability
No description provided by source. Exploit Title: SoftBizScripts Dating Script SQL Injection Vunerability Date: 29-4-2010 Author: 41.w4r10r Vendor Link : http://softbizscripts.com/ Version: Web Application Tested on: Apcahe/Unix CVE : if exists Dork : inurl:searchresults.php?browse=1 Code :...
Joomla Component com_prime Directory Traversal
No description provided by source. @=======================================@ @=Script : Joomla Component comprime @=Author : FL0RiX @=Bug Type : Directory Traversal @=Dork : inurl:index.php?option=comprime @=Note: Kimseye Hakettiginden Fazla Deger Vermeyeceksin...
Dream Flash website management system FCMS v6. 5 vulnerability-vulnerability warning-the black bar safety net
Author:roker xmlEditor/adminadd. asp !-- include file="Conn. ASP" - !-- include file="inc/md5. asp" - !-- include file="chkuser. asp" - % if request. cookies"key""super" then response. Write"script language=javascriptalert'you are not authorized to modify admin!'; this. history. go-1;/script"...
WordPress Folo Theme Cross Site Scripting
Title:Wordpress Folo Theme xss Vulnerability | / | /\ | | | | | | / | | \ / | / \ | | | | | | | | | | | | | |/| | / /\ \ | | | | | | | | | | | \ \ | | | |/ | || | || || | | | | || |// \/|||| || |/ Author:Darksnipper Email:[email protected] Home:- www.MadLeeTs.com Home:-...
Ajax Availability Calendar 3.X.X Multiple Vulnerabilties
Exploit for php platform in category web applications Ajax Availability Calendar 3.X.X Multiple Vulnerabilties ============================================================== .:. Author : AtT4CKxT3rR0r1ST email protected .:. Script : http://www.ajaxavailabilitycalendar.com/ .:. Dork : intitle:"Aja...
Fyblogs website management system vulnerability-vulnerability warning-the black bar safety net
Background universal password 'or'='or' The backend file management presence of the bypass. Lead to browse to where the letter information. Information leaked! admin/uploadfile. asp? currentFolder=/upfiles/../ Vulnerability to prove: Google: inurl:type. asp? id=1 News Center Or: inurl:downloadok...