14 matches found
CVE-2019-25438
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...
CVE-2019-25438
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...
CVE-2019-25438
CVE-2019-25438 affects LabCollector 5.423. The vulnerability is multiple SQL injection flaws exploitable by unauthenticated attackers through POST parameters, specifically login.php (login) and retrieve_password.php (user_name), enabling extraction of sensitive database information. No remediatio...
CVE-2019-25438 LabCollector 5.423 SQL Injection via login.php
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...
PT-2026-21315
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user name parameter o...
Tutor LMS < 2.0.10 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape the resetkey and userid parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2021-21319
Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround this is the default state...
CVE-2021-21319
Galette is a membership management web application geared towards non profit organizations. In versions prior to 0.9.5, malicious javascript code can be stored to be displayed later on self subscription page. The self subscription feature can be disabled as a workaround this is the default state...
Red Hat Keycloak Password Reset Vulnerability
Red Hat Keycloak SSO is the United States Red Hat Red Hat company's open source for modern applications and services in the authentication and access management software. A security vulnerability exists in the Retrieve Password page in versions of Red Hat Keycloak SSO prior to 2.x. The...
shop363 online program really pass to kill the vulnerability 0day exploit-vulnerability warning-the black bar safety net
This app security is not very good, but one of the replace()function to write well, but did not find is how to write, and the injection of“space, select,%2 0, a+number, and//, etc. filter is empty. In searching out the loopholes in the statements a lot of trouble, I also do not write, directly to...
CeleronDude 5.3.0 Shell Upload / Database Password
Uploader by CeleronDude 5.3.0 - Upload Vulnerability Discovered by : Stink' Date : 2009-12-17 for upload. 2010-01-17 for Settings.db retrieve password. Dork : "Uploader by CeleronDude." Website Publisher : http://www.celerondude.com/php-uploader-v5 -- Upload Vulnerability -- Rename your shell.php...
Speed up,Butler BA SQL Server account Set Password of the PJ method-vulnerability warning-the black bar safety net
Generally refers to the use of SQL Server password authentication mode, the sa or admin user password forget. First, open the Registry Editor,“run”, enter regedit findHKEYLOCALMACHINE\\SOFTWARE\\MICROSOFT\\MSSQLSERVER\\MSSQLSERVER, This item which has a key value LoginMode, now the value is 1,...
CVE-2009-0711
Summary: CVE-2009-0711 affects PHPFootball 1.6 and earlier via filter.php , enabling remote attackers to obtain password hashes by a crafted request using an Accounts value for the dbtable parameter and a Password value for the dbfield parameter. The underlying issue is improper handling of user-...
XPSHOP Shopping Mall system vulnerabilities-vulnerability warning-the black bar safety net
XPSHOP Shopping Mall system vulnerabilities Accidentally found this loophole..official now also don't know...I'm not elsewhere in the published Oh.. This vulnerability is bad...to the straight pull change people the administrator password!! A little bit wicked!!!... But for the sake of our networ...