70 matches found
CVE-2017-17584
CVE-2017-17584 affects FS Makemytrip Clone 1.0. The vulnerability is a SQL injection in show-flight-result.php, exploitable via the fl_orig or fl_dest parameters. The CNVD entry confirms a remote attacker can inject SQL commands, suggesting high impact on confidentiality, integrity, and availabil...
FS Expedia Clone 1.0 - fl_orig fl_dest id SQL Injection
FS Expedia Clone 1.0 - florig fldest id SQL Injection Exploit Title: FS Expedia Clone 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/expedia-clone/ Demo: http://expedia-clone.demonstration.co.in/ Versio...
mycarer.com.au XSS vulnerability
Open Bug Bounty ID: OBB-432156 Description| Value ---|--- Affected Website:| mycarer.com.au Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...
XML External Entity (XXE) Processing
zendframework/zendRest and zendframework/zendservice-amazon are vulnerable to XML external entity XXE processing attacks. The attacks exist because they do not properly scan the validity of the XML result data string in the construct function of Result.php and the validity of the http response bo...
koolfeedback.com XSS vulnerability
Vulnerable URL: http://koolfeedback.com/beta/search-result.php?keywords=Banking+Finance+Legal=Home+Loans=%27%22/%3E%3Cscript%3Ealert/OPENBUGBOUNTY/;%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 19.01.2018 Vulnerability type:| XSS Vulnerability status:|...
purebus.com XSS vulnerability
Vulnerable URL: http://www.purebus.com/bus-search-result.php?depart=19/08/2015=%27%22/%3E%3Cscript%3Ealert/OPENBUGBOUNTY/;%3C/script%3Etype==117=242 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 19.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly...
app.septa.org XSS vulnerability
Vulnerable URL: http://app.septa.org/nta/result.php?loca=30th+Street+Stationz=1/-///'/"//--...
MyClassifiedScript 5.1 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Classified Portal Software 5.1 - SQL Injection Google Dork: N/A Date: 11.04.2017 Vendor Homepage: http://www.myclassifiedscript.com/ Software: http://www.myclassifiedscript.com/demo.html Demo: http://www.clpage.com/ Version: 5.1...
MyClassifiedScript 5.1 - SQL Injection
MyClassifiedScript 5.1 - SQL Injection Exploit Title: Classified Portal Software 5.1 - SQL Injection Google Dork: N/A Date: 11.04.2017 Vendor Homepage: http://www.myclassifiedscript.com/ Software: http://www.myclassifiedscript.com/demo.html Demo: http://www.clpage.com/ Version: 5.1 Tested on: Win...
interhome.co.th XSS vulnerability
Vulnerable URL: http://interhome.co.th/result.php?resulttype=Search="'--!confirmOPENBUGBOUNTY...
ke.discountflights.com XSS vulnerability
Vulnerable URL: http://www.ke.discountflights.com/dynamic-flight-result.php?air-radio=on=%27%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E%22==%27%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E%22==03%2F12%2F17=03%2F12%2F17=1=0=0=Economylanguage=en-UScurrency=USD=2 Details:...
fi.discountflights.com XSS vulnerability
Vulnerable URL: http://www.fi.discountflights.com/dynamic-flight-result.php?air-radio=on=%27%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E%22==%27%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E%22==03%2F12%2F17=03%2F12%2F17=1=0=0=Economylanguage=en-UScurrency=USD=2 Details:...
discountflights.com.tw XSS vulnerability
Vulnerable URL: http://www.discountflights.com.tw/dynamic-flight-result.php?air-radio=on=%27%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E%22==%27%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E%22==03%2F12%2F17=03%2F12%2F17=1=0=0=Economylanguage=en-UScurrency=USD=2 Details:...
discountflights.co.kr XSS vulnerability
Vulnerable URL: http://www.discountflights.co.kr/dynamic-flight-result.php?air-radio=on=%27%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E%22==%27%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E%22==03%2F12%2F17=03%2F12%2F17=1=0=0=Economylanguage=en-UScurrency=USD=2 Details:...
tampahumidor.com XSS vulnerability
Vulnerable URL: http://www.tampahumidor.com/search-result.php?srch="= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2135010 Google Pagerank| 2 VIP website status:| No Check...
WAN Emulator 2.3 Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'WAN Emulator v2.3 Command Execution',...
CVE-2010-2683
CVE-2010-2683 relates to a SQL injection in the Customer Paradigm PageDirector CMS, specifically in result.php via the sub_catid parameter. The vulnerability allows remote attackers to execute arbitrary SQL commands. The issue affects PageDirector CMS and is described with a CVSSv2 score of 7.5 (...
PageDirector CMS - 'result.php' SQL Injection
/ / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID -----------------------------------------------------------------------...
PageDirector CMS - result.php SQL Injection
PageDirector CMS - result.php SQL Injection / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ .WEB.ID...
Cross site scripting
Cross-site scripting XSS vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter...