CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1414 matches found

Hacker One•added 2017/10/31 8:46 a.m.•36 views

International Islamic University Chittagong: SQL injection in http://119.18.148.140/hrd/js/makeemployeeid.php

Hello, The mentioned page takes at least two GET parameters, namely q and departmentname. The two parameters are vulnerable to SQL injection as both are placed into SQL query strings without proper sanitization. It seems like the PHP script uses the affected parameters into two SQL queries, since...

8AI score

Exploits0

NVD•added 2017/10/31 7:29 a.m.•20 views

CVE-2017-15978

AROX School ERP PHP Script 1.0 allows SQL Injection via the officeadmin/ id parameter...

9.8CVSS10AI score0.02652EPSS

Exploits5References1

Cvelist•added 2017/10/31 7:0 a.m.•18 views

CVE-2017-15978

AROX School ERP PHP Script 1.0 allows SQL Injection via the officeadmin/ id parameter...

10AI score0.02652EPSS

Exploits5References1

CVE•added 2017/10/31 7:0 a.m.•64 views

CVE-2017-15978

CVE-2017-15978 affects AROX School ERP PHP Script 1.0. The vulnerability is an SQL injection via the GET parameter id in office_admin/ (as shown in multiple sources, including Exploit-DB and CVE records). PoCs indicate time-based blind payloads (e.g., id parameter manipulation with AND SLEEP) to ...

9.8CVSS9.9AI score0.02652EPSS

Exploits5References1Affected Software1

Exploit DB•added 2017/10/30 12:0 a.m.•27 views

AROX School ERP PHP Script - 'id' SQL Injection

Exploit Title: AROX School ERP PHP Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://arox.in/ Software Link: https://www.codester.com/items/4908/arox-school-erp-php-script Demo: http://erp1.arox.in/ Version: CVE-2017-15978 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...

9.8CVSS9.7AI score0.02652EPSS

Exploits5

Exploit DB•added 2017/10/30 12:0 a.m.•37 views

Website Broker Script - 'status_id' SQL Injection

Exploit Title: Website Broker Script - 'statusid' Parameter SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/UwCG4464436/php-scripts/website-broker-script Demo:...

9.8CVSS9.7AI score0.02652EPSS

Exploits5

0day.today•added 2017/10/30 12:0 a.m.•31 views

Online Exam Test Application - sort SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Online Exam Test Application - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/1z2e4672468/php-scripts/online-exam-test-application...

7.5CVSS9.2AI score0.02652EPSS

Exploits5

0day.today•added 2017/10/30 12:0 a.m.•33 views

Website Broker Script - status_id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Website Broker Script - 'statusid' Parameter SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link:...

7.5CVSS0.1AI score0.02652EPSS

Exploits5

exploitpack•added 2017/10/30 12:0 a.m.•18 views

AROX School ERP PHP Script - id SQL Injection

AROX School ERP PHP Script - id SQL Injection Exploit Title: AROX School ERP PHP Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://arox.in/ Software Link: https://www.codester.com/items/4908/arox-school-erp-php-script Demo: http://erp1.arox.in/ Version: CVE-2017-15978...

7.5CVSS10AI score0.02652EPSS

Exploits5

exploitpack•added 2017/10/30 12:0 a.m.•32 views

Online Exam Test Application - sort SQL Injection

Online Exam Test Application - sort SQL Injection Exploit Title: Online Exam Test Application - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/1z2e4672468/php-scripts/online-exam-test-application Demo:...

7.5CVSS10AI score0.02652EPSS

Exploits5

Exploit DB•added 2017/10/04 12:0 a.m.•67 views

ClipBucket 2.8.3 - Remote Code Execution

Exploit Title: ClipBucket PHP Script Remote Code Execution RCE Date: 2017-10-04 Exploit Author: Esecurity.ir Vendor Homepage: https://clipbucket.com/ Version: 2.8.3 Exploit Code By : Meisam Monsef - Email : [email protected] - TelgramID : @meisamrce Usage Exploit : exploit.py...

7.4AI score

Exploits0

exploitpack•added 2017/09/28 12:0 a.m.•13 views

Easy Blog PHP Script 1.3a - id SQL Injection

Easy Blog PHP Script 1.3a - id SQL Injection Exploit Title: Easy Blog PHP Script v1.3a - SQL Injection Date: 2017-09-27 Exploit Author: 8bitsec Vendor Homepage: https://www.codester.com/ Software Link: https://www.codester.com/items/4616/easy-blog-php-script Version: 1.3a Tested on: Kali Linux 2....

8.7AI score

Exploits0

Saint•added 2017/09/25 12:0 a.m.•523 views

Trend Micro Control Manager importFile directory traversal

Added: 09/25/2017 BID: 96131 Background Trend Micro Control Manager streamlines administration of Trend Micro security solutions. Problem A directory traversal vulnerability in the importFile.php script allows remote attackers to upload files containing arbitrary PHP script under the document roo...

7.3AI score

Exploits0

Saint•added 2017/09/25 12:0 a.m.•555 views

Trend Micro Control Manager importFile directory traversal

0.9AI score

Exploits0

Packet Storm•added 2017/09/22 12:0 a.m.•26 views

PHP Auction Ecommerce Script 1.6 SQL Injection

Exploit Title: PHP Auction Ecommerce Script v1.6 - SQL Injection Date: 2017-09-22 Exploit Author: 8bitsec Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.phpscriptsmall.com/product/php-auction-ecommerce-script/ Version: 1.6 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Emai...

0.5AI score

Exploits0

0day.today•added 2017/09/15 12:0 a.m.•32 views

Consumer Review Script 1.0 SQL Injection Vulnerability

Consumer Review Script version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: Consumer Review Script v1.0 - SQL Injection Exploit Author: 8bitsec Vendor Homepage: http://www.phpscriptsmall.com/product/consumer-review-script/ Software Link:...

0.4AI score

Exploits0

Exploit DB•added 2017/09/14 12:0 a.m.•30 views

Theater Management Script - SQL Injection

Exploit Title: Theater Management Script - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/8o2b4417538/php-scripts/theater-management-script Demo: http://198.38.86.159/dineshkumarwork/demo/movie/ Versio...

7.4AI score

Exploits0

Packet Storm•added 2017/09/14 12:0 a.m.•21 views

ICHelpDesk 1.1 SQL Injection

Exploit Title: Support Tickets Helpdesk PHP Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/support-tickets-helpdesk-script.htm Demo: http://icloudcenter.net/demos/ichelpdesk/ Version: 1.1 Category:...

7.4AI score

Exploits0

Exploit DB•added 2017/09/14 12:0 a.m.•17 views

Justdial Clone Script - 'fid' SQL Injection

Exploit Title: Justdial Clone Script - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/z1mt4303451/php-scripts/justdial-clone-script Demo: http://74.124.215.220/jusdil/ Version: N/A Category: Webapps...

7AI score

Exploits0

exploitpack•added 2017/09/13 12:0 a.m.•14 views

ICHelpDesk 1.1 - pk SQL Injection

ICHelpDesk 1.1 - pk SQL Injection Exploit Title: Support Tickets Helpdesk PHP Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/support-tickets-helpdesk-script.htm Demo:...

8.6AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by