29 matches found
uListing < 2.0.4 - Unauthenticated SQL Injection
An Unauthenticated SQL Injection vulnerability was discovered in the plugin. Vulnerable parameters: custom. SQL Injection types: Error-based, Boolean-based Blind, Time-based Blind. PoC 1 | Unauthenticated SQL Injection | Tables: sqlmap...
Laravel Nova 3.7.0 Denial Of Service
Exploit Title: Laravel Nova 3.7.0 - 'range' DoS Date: June 22, 2020 Exploit Author: iqzer0 Vendor Homepage: https://nova.laravel.com/ Software Link: https://nova.laravel.com/releases Version: Version v3.7.0 Tested on: Manjaro / Chrome v83 An authenticated user can crash the application by setting...
Laravel Nova 3.7.0 - 'range' DoS
Exploit Title: Laravel Nova 3.7.0 - 'range' DoS Date: June 22, 2020 Exploit Author: iqzer0 Vendor Homepage: https://nova.laravel.com/ Software Link: https://nova.laravel.com/releases Version: Version v3.7.0 Tested on: Manjaro / Chrome v83 An authenticated user can crash the application by setting...
CVE-2014-6313
Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php...
Cross site scripting
Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports page to wp-admin/admin.php...
Ushahidi 2.0.1 (range param) SQL Injection Vulnerability (post-auth)
Summary The Ushahidi Platform is a platform for information collection, visualization and interactive mapping. Description Input passed via the 'range' parameter to dashboard.php is not properly sanitised in application/controllers/admin/dashboard.php before being used in SQL queries. This can be...
CVE-2008-0932
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter...
DEBIAN-CVE-2008-0932
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter...
CVE-2008-0932
diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter...