CVE-2023-29116 PHP Information Disclosure in Enel X JuiceBox

Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained...

grou.ps Improper Access Control vulnerability OBB-1802803

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| grou.ps ---|--- Open Bug Bounty Program...

Online Grades 3.2.4 SQL Injection

0x01 Informations: Script : Online Grades 3.2.4 Download : http://www.onlinegrades.org Vulnerability : Auth Bypass - Php Info Disclosure Author : x0r Contact : [email protected] \ [email protected] Website : NULL 0x02 Bug: /parents/login.php $username = $POST'uname'; $pword = $POST'pass'; $mysqlquer...

Online Grades 3.2.4 - Authentication Bypass

Online Grades 3.2.4 - Authentication Bypass 0x01 Informations: Script : Online Grades 3.2.4 Download : http://www.onlinegrades.org Vulnerability : Auth Bypass - Php Info Disclosure Author : x0r Contact : [email protected] \ [email protected] Website : NULL 0x02 Bug: /parents/login.php $username =...

Online Grades 3.2.4 - Authentication Bypass

0x01 Informations: Script : Online Grades 3.2.4 Download : http://www.onlinegrades.org Vulnerability : Auth Bypass - Php Info Disclosure Author : x0r Contact : [email protected] \ [email protected] Website : NULL 0x02 Bug: /parents/login.php $username = $POST'uname'; $pword = $POST'pass'; $mysqlquer...

yourplace 1.0.2 - Multiple Vulnerabilities / Remote Code Execution

START 0x01 Informations: Script : YourPlace 0.5 beta 1 Download : http://www.hotscripts.com/jump.php?listingid=80545&jumptype=1 Vulnerability : DB Disclosure / Arbitrary Data Saving RCE EXPLOIT / Arbitrary File Upload / PHPInfo Disclosure / User Change Account Author : Osirys Contact :...

phpmynuke css and phpinfo() vuls

myphpnuke version 1.8.8final7 and prior that contain sysinfo are vulnerable to both css attack and phpinfo Disclosure. The problem is that unlike the rest of the scripts under /admin/, sysinfo's footer script called systemfooter.php does not check who the user is. Inside systemfooter.php the...