EUVD-2026-36999

MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 through 10.0.0, the team join endpoint POST /multi-juicer/api/teams/team/join accepted requests with any Content-Type, including text/plain. Because tha...

PT-2026-49470

Name of the Vulnerable Software and Affected Versions MultiJuicer versions 8.0.0 through 10.0.0 Description The team join endpoint 'POST /multi-juicer/api/teams/team/join' accepts requests with any Content-Type, including text/plain. Since this content type does not trigger a Cross-Origin Resourc...

BIT-DISCOURSE-2024-36113 Discourse missing authorization checks for suspending admins/moderators

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch, version 3.3.0.beta3 on the beta branch, and version 3.3.0.beta4-dev on the tests-passed branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue i...

CVE-2020-7936

An open redirect on the login form and possibly other places in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site...

CVE-2018-19548

index.php?r=site%2Flogin in EduSec through 4.2.6 does not restrict sending a series of LoginFormusername and LoginFormpassword parameters, which might make it easier for remote attackers to obtain access via a brute-force approach...

CVE-2018-11535

An issue was discovered in SITEMAKIN SLAC Site Login and Access Control v1.0. The parameter "myitemsearch" in users.php is exploitable using SQL injection...

CVE-2018-11535

CVE-2018-11535 – SITEMAKIN SLAC v1.0 SQL Injection in the parameter my_item_search of users.php (SITEMAKIN SLAC) is documented with a SQL injection vulnerability. Connected CNVD-2018-10676 confirms a remote attacker can exploit this to execute arbitrary SQL commands in the backend. The vulnerabil...

LiveCRM SaaS Cloud SQL Injection Vulnerability in Joomla!

Joomla! is an open source content management system CMS developed by the Open Source Matters team in the U.S. The system provides RSS feeds, site search, etc. LiveCRM SaaS Cloud is an open source, cloud-based business management and customer relationship management component used in it. A SQL...

Expert: Three Quarters of Employees Duped by Phishing Scams

In the wake of the data breach at e-mail marketing firm Epsilon, the specter looms of widespread phishing attacks on hundreds of millions of e-mail users whose information was stolen from the firm. But according to Aaron Higbee, the Chief Technology Officer at Intrepidus Group, organizations had...

plxAutoReminder 3.7 - 'id' SQL Injection

plx Autoreminder v3.7 id R-Sql Ýnj ---------------------------------------------------------- Discovered By: ZoRLu msn: [email protected] Date: 04.01.09 Home: z0rlu.blogspot.com / www.experl.com N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : EN ONEMLi N0T: demolarI hackleyen top olsun top i...

PHPStore Car Dealers Remote File Upload Vulnerability

Exploit for unknown platform in category web applications ===================================================== PHPStore Car Dealers Remote File Upload Vulnerability ===================================================== PHP Store Auto Classifieds Remote File Upload Author: ZoRLu N0T: YALNIZLIK,...

zeejobsite-upload.txt

ZEEJOBSITE v2.0 remote file Upload author: ZoRLu msn: [email protected] home: www.z0rlu.blogspot.com dork: "[email protected]" date: 08/11/2008 aha simdi gönderiyorum saat 10:40 : first register to site you add this code your shell to head GIF89a; example yourshell.php: GIF89a; and...

SmartPPC Pay Per Click Script (idDirectory) Blind SQL Injection Vuln

Exploit for unknown platform in category web applications ==================================================================== SmartPPC Pay Per Click Script idDirectory Blind SQL Injection Vuln ====================================================================...