CVE-2023-3559 GZ Scripts PHP GZ Appointment Scheduling Script load.php cross site scripting

A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Affected by this vulnerability is an unknown functionality of the file /load.php. The manipulation of the argument firstname/secondname/phone/address1/country leads to cross site scripting...

Super Store Finder PHP Script 3.6 SQL Injection

Title : Super Store Finder PHP Script SQL Injection / Bypass admin login Researcher : Etharus Vendor : Joe Iz, https://superstorefinder.net/ Script Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.6 and below Date : 5 July 2023 FOFA Dork : "designed and buil...

Super Store Finder PHP Script 3.6 SQL Injection Vulnerability

Title : Super Store Finder PHP Script SQL Injection / Bypass admin login Researcher : Etharus Vendor : Joe Iz, https://superstorefinder.net/ Script Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.6 and below Date : 5 July 2023 FOFA Dork : "designed and buil...

Quicklancer 1.0 SQL Injection

Exploit Title: Quicklancer v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/quicklancer-freelance-marketplace-php-script/39087135 Demo Site: https://quicklancer.bylancer.com Tested on: Kali Linux CVE: N/A Request POST /php/user-ajax.php...

Quicklancer v1.0 - SQL Injection

Exploit Title: Quicklancer v1.0 - SQL Injection Date: 2023-05-17 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/quicklancer-freelance-marketplace-php-script/39087135 Demo Site: https://quicklancer.bylancer.com Tested on: Kali Linux CVE: N/A Request POST /php/user-ajax.php...

Quicklancer v1.0 - SQL Injection Vulnerability

Exploit Title: Quicklancer v1.0 - SQL Injection Exploit Author: Ahmet Ümit BAYRAM Vendor: https://codecanyon.net/item/quicklancer-freelance-marketplace-php-script/39087135 Demo Site: https://quicklancer.bylancer.com Tested on: Kali Linux CVE: N/A Request POST /php/user-ajax.php HTTP/1.1...

GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL Injection Vulnerabilities

Title: GaanaGawaana - Music Platform PHP Script-1.0 XSS-Reflected and SQLi Vulnerability Author: nu11secur1ty Vendor: https://www.codester.com/ Software: https://www.codester.com/items/27270/gaanagawaana-music-platform-php-script Reference XSS:...

GaanaGawaana Music Platform PHP Script 1.0 Cross Site Scripting / SQL Injection

Title: GaanaGawaana - Music Platform PHP Script-1.0 XSS-Reflected and SQLi Vulnerability Author: nu11secur1ty Date: 05.16.2023 Vendor: https://www.codester.com/ Software: https://www.codester.com/items/27270/gaanagawaana-music-platform-php-script Reference XSS:...

GaanaGawaana 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

GaanaGawaana 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

VOTAB Voting Quiz PHP Script 1.0 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

VOTAB Voting Quiz PHP Script 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

Code injection

Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on queryads endpoint. In the case of application, this...

Design/Logic Flaw

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a...

CVE-2022-3189

Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a...

New GoTrim Botnet Attempting to Break into WordPress Sites' Admin Accounts

A new Go-based botnet has been spotted scanning and brute-forcing self-hosted websites using the WordPress content management system CMS to seize control of targeted systems. "This new brute forcer is part of a new campaign we have named GoTrim because it was written in Go and uses ':::trim:::' t...

CVE-2022-46169 Unauthenticated Command Injection

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data...

CVE-2022-38254

Nagios XI before v5.8.7 was discovered to contain a cross-site scripting XSS vulnerability via the ajax.php script in CCM 3.1.5...

Ubuntu: Security Advisory (USN-55-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Matrimonial PHP Script 1.0 SQL Injection

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...