CVE-2024-1247 Concrete CMS version 9 before 9.2.5 vulnerable to stored XSS via the Role Name field

Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...

Electrolink FM/DAB/TV Transmitter Vertical Privilege Escalation

Summary Since 1990 Electrolink has been dealing with design and manufacturing of advanced technologies for radio and television broadcasting. The most comprehensive products range includes: FM Transmitters, DAB Transmitters, TV Transmitters for analogue and digital multistandard operation, Bandpa...

EuroTel ETL3100 Transmitter Authorization Bypass (IDOR)

Summary RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter...

Exploit for Path Traversal in Thruk

Thruk-CVE-2023-34096 Thruk Monitoring Web Interface versions...

Exploit for Code Injection in Apache Commons_Text

CVE-2022-42889-POC Proof of Concept for the Apache commons-tex...

Exploit for Injection in Forgerock Openam

CVE-2021-29156 done right This Proof of Concept is realized b...

myBloggie 2.1.6 - Multiple Remote SQL Injection Vulnerabilities

No description provided by source. netVigilance Security Advisory 40 myBloggie version 2.1.6 Multiple SQL Injection Vulnerability Description: myBloggie http://mywebland.com/mybloggie/ is considered one of the most simple, user-friendliest yet packed with features Weblog system available to date...

PHPizabi v0.848b C1 HFP1-3 Remote Command Execution Exploit

No description provided by source. !/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL keyword, and actually...

Yaws < 1.80 (multiple headers) Remote Denial of Service Exploit

No description provided by source. !usr/bin/perl -w Yaws before 1.80 allows remote attackers to cause a denial of service memory consumption and crash via a request with a large number of headers. Refer: http://yaws.hyber.org/ http://www.securityfocus.com/bid/33834/discuss...

mybloggie-sql.txt

netVigilance Security Advisory 40 myBloggie version 2.1.6 Multiple SQL Injection Vulnerability Description: myBloggie http://mywebland.com/mybloggie/ is considered one of the most simple, user-friendliest yet packed with features Weblog system available to date. Built using PHP & mySQL, web most...

faname10-sql.txt

netVigilance Security Advisory 42 Fa Name version 1.0 SQL Injection Vulnerability Description: Fa Name http://webscripts.softpedia.com/script/Content-Management/Fa-Name-41229.html is useful portal CMS for .name websites. You can have a simple portal but useful one for you domain names and by usei...

myBloggie 2.1.6 Multiple Remote SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ============================================================= myBloggie 2.1.6 Multiple Remote SQL Injection Vulnerabilities ============================================================= netVigilance Security Advisory 40 myBloggie version...

SimpNews version 2.41.03 File Content Disclosure Vulnerability

netVigilance Security Advisory 69 SimpNews version 2.41.03 File Content Disclosure Vulnerability Description: SimpNews is a news system written in PHP. Features: Data stored in MySQL, admin interface, support for multiple languages, support for multiple instances in one database, own header,...

Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities

netVigilance Security Advisory 38 Calendarix version 0.7. 20070307 Multiple SQL Injection Vulnerabilities Description: Calendarix is a powerful and easy to use calendar based on PHP and MySQL. It has been developed with ease of use and quick access to information in mind. It provides the user wit...

Calendarix version 0.7. 20070307 Multiple XSS Attacks

netVigilance Security Advisory 37 Calendarix version 0.7. 20070307 Multiple XSS Attacks Description: Calendarix is a powerful and easy to use calendar based on PHP and MySQL. It has been developed with ease of use and quick access to information in mind. It provides the user with the quickest...

MyNews version 0.10 SQL Injection Vulnerability

netVigilance Security Advisory 25 MyNews version 0.10 SQL Injection Vulnerability Description: MyNews is very easy to include into any website news publishing, just as simple as using the include tag and calling the function to display the news. BBCode has been added to this feature, so now you d...

DGNews version 2.1 Path Disclosure Vulnerability

netVigilance Security Advisory 21 DGNews version 2.1 Path Disclosure Vulnerability Description: DGNews is small and simple but powered news publishing. Easy installation, no programing required. But you can still change whatever you want for advanced users. Features: add unlimited categories,...

jetbox-sql.txt

netVigilance Security Advisory 28 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities Description: Jetbox CMS is seriously tested on usability & has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully separated from...

[Full-disclosure] Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities

netVigilance Security Advisory 28 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities Description: Jetbox CMS is seriously tested on usability & has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully separated from...

[Full-disclosure] MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities

netVigilance Security Advisory 17 MyBB version 1.2.4 Multiple Path Disclosure Vulnerabilities Description: MyBB is a powerful, efficient and free forum package developed in PHP and MySQL. Full control over your discussion system is presented right at the tip of your fingers, from multiple styles...