EUVD-2018-8434

Malware in sbrugna...

CVE-2025-9662

A vulnerability was determined in code-projects Simple Grading System 1.0. This affects an unknown function of the file /login.php of the component Admin Panel. Executing manipulation can lead to sql injection. The attack may be performed from a remote location. The exploit has been publicly...

CVE-2017-15304

/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change...

CVE-2024-23733

The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before CoreFix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the...

Read The Manual Locker: A Private RaaS Provider

Read The Manual Locker: A Private RaaS Provider By Max Kersten · April 13, 2023 The underground intelligence was obtained by N074B07. Another day, another ransomware-as-a-service RaaS provider, or so it seems. We’ve observed the “Read The Manual” RTM Locker gang, previously known for their e-crim...

CVE-2022-29006

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication...

in marcoax/magutticms

Description RCE via 'upload file image or document' on maguttiCms 8.62 allows remote authenticated administrators to execute arbitrary PHP code Proof of Concept // PoC.req POST /admin/api/uploadifiveSingle HTTP/1.1 Host: 127.0.0.1:8000 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15;...

Hardcoded credentials

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. T...

CVE-2020-25752

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login passwords for the installer and Enphase accounts. The passwords for these accounts are hardcoded values derived from the MD5 hash of the username and serial number mixed with some static strings. T...

CVE-2020-8088

panellogin.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters...

Typo3 CMS pw_highslide_gallery 0.3.1 Database Disclosure

Exploit Title : Typo3 CMS pwhighslidegallery Extension 0.3.1 Database Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/01/2019 Vendor Homepage : typo3.org Software Download Link : extensions.typo3.org/extension/download/pwhighslidegallery/0.3.1/zip/...

Typo3 CMS YAG Themepack jQuery 1.3.2 Database Disclosure

Exploit Title : Typo3 CMS YAG Themepack jQuery Extension 1.3.2 Database Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/01/2019 Vendor Homepage : typo3.org yag-gallery.de Software Download Link :...

Typo3 CMS twwc_pages 8.7.x Database Disclosure

Exploit Title : Typo3 CMS twwcpages Extension 8.7.x Database Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 02/01/2019 Vendor Homepage : typo3.org Software Download Link : gosign.de/typo3-extension/twwcpages/ Tested On : Windows and Linux Category :...

WordPress cvp-irontec 4.8.3 Shell Upload

Exploit Title : WordPress cvp-irontec Themes 4.8.3 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...

WordPress Cvp-Adegrontec 4.8.3 Shell Upload

Exploit Title : WordPress Cvp-Adegrontec Themes 4.8.3 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...

CVE-2018-16627

panel/login in Kirby v2.5.12 allows Host header injection via the "forget password" feature...

WordPress CodeCanyon-5293356-Ajax-Store-Locator-Wordpress 1.2.0 Disclosure

Exploit Title : WordPress CodeCanyon-5293356-Ajax-Store-Locator-Wordpress Plugins 1.2.0 Multiple Vulnerabilities Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 10/12/2018 Vendor Homepage : wordpress.org codecanyon.net/item/ajax-store-locator-v-20/4106209?srank=1 ...

WordPress CSS And JavaScript Toolbox 8.4.1 Database Disclosure

Exploit Title : WordPress CSS & JavaScript Toolbox Plugins 8.4.1 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : css-javascript-toolbox.com wordpress.org/plugins/css-javascript-toolbox/ Software Download Link...

WordPress Real-Estate-Listing-Realtyna-Wpl 4.3.2 Database Disclosure

Exploit Title : WordPress Real-Estate-Listing-Realtyna-Wpl Plugins 4.3.2 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 08/12/2018 Vendor Homepage : realtyna.com wordpress.org/plugins/real-estate-listing-realtyna-wpl/ Software Download...

WordPress WP-Syntax Download Extension 1.1.1 Database Disclosure

Exploit Title : WordPress WP-Syntax Download Extension Plugins 1.1.1 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 06/12/2018 Vendor Homepage : wordpress.org/plugins/wp-syntax-download-extension/ +...