CVE-2026-3672

A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...

Dolibarr ERP/CRM 'test_sql_and_script_inject' function cross-site scripting vulnerability

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in the...

Script Upload Up Your Shell (Sql Inject)

No description provided by source...

DUware DUamazon Pro 3.0/3.1 productEdit.asp iCat Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

PHPDomainRegister 0.4a-RC2-dev - Multiple Vulnerabilities

No description provided by source. Title = PHPDomainRegister v0.4a-RC2-dev = SQL AuthSQL InjectXSS Author = Or4nG.M4n Download = http://garr.dl.sourceforge.net/project/phpdr/v0.4b%20-%20RC2.rar This Bug Powered By : GooGLe Thnks : +----------------------------------+ | xSs m4n i-Hmx Cyber-Crystal...

mySeatXT 0.2134 - SQL Injection

No description provided by source. + Exploit: mySeatXT 0.2134 + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/myseat 1 Sql Injection PoC: http://localhost/mySeatXT/web/ajax/autocompleteres.php?term=99' 'SQL INJECT' Vulnerable...

DUware DUamazon Pro 3.0/3.1 productDelete.asp iCat Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/14033/info DUamazon Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

WordPress Plugin SendIt 1.5.9 - Blind SQL Injection

WordPress Plugin SendIt 1.5.9 - Blind SQL Injection Exploit Title: WordPress SendIt plugin getvar"SELECT COUNT FROM $tableemail where email ='$POSTemailadd' and idlista = '$POSTlista';"; As you can see, $POSTlista parameter is nor validated neither escaped, so you can blind sql inject it using...

How to make your own injection tool to hack websites-vulnerability warning-the black bar safety net

Usually we encounter injection vulnerability class of website most of the people are NBSI Or al D kind of injection tools. But some of the sites of the injection point is very difficult to construct, or that the injection of the statement special. If by hand to the injection while time-consuming...

Simple Forum (for WordPress) sql-inject exploit (public version)

No description provided by source. !/usr/bin/perl use IO::Socket; if @ARGV 4 print q Simple Forum for WordPress sql-inject exploit public version Tested on SF version 1.0, 1.1, 1.9 and WordPress 2.1.0, 2.1.1, 2.1.2 This exploit gives you selected user passwd hash, for more features use Private...

Simple Forum (for WordPress) sql-inject exploit (public version)

Добрый день. Я нашел уязвимость в форме Simple Forum для движка WordPress. Решил первыми осведомить вас! : Через пару минут буду отсылать на milw0rm...

Simple Forum (for WordPress) sql-inject exploit (public version)

Добрый день. Я нашел уязвимость в форме Simple Forum для движка WordPress. Решил первыми осведомить вас! : Через пару минут буду отсылать на milw0rm...

joomlaeventlist-sql.txt

Title : Joomla Component EventList = 0.8 did Remote Blind SQL Injection Vulnerability Author : ajann Contact : : S.Page : http://www.schlu.net/ $$ : Free Dork : intext:"Event List 0.8 Alpha by schlu.net " DorkEx :...

PHP-Ring Webring System 0.9 - SQL Injection

PHP-Ring Webring System 0.9 - SQL Injection Y! Underground Group http://2600.ir -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=- Portal.......: uPHPringwebsite Download.....: http://www.undoweb.frih.net ,...

HotPlugCMS_1.0 - SQL Injection Vulnerability

HotPlugCMS doesn't check input field values, so logging in on /hotplugcms/administration/tblcontent is very easy with ' OR 1=1 / and a SQL-inject will bypass the entire authentication process. Typical, very simple SQL Injection. peda...

Pentacle In-Out Board <= 6.03 (newsdetailsview) Remote SQL Injection

No description provided by source. !/usr/bin/perl Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Usage: penta.pl victim directory Original Advisory: http://www.nukedx.com/?viewdoc=14 use IO::Socket; if@ARGV 3 print " ++ +Pentacle In-O...

SUSE-SA:2005:019: mysql

The remote host is missing the patch for the advisory SUSE-SA:2005:019 mysql. MySQL is an Open Source database server, commonly used together with web services provided by PHP scripts or similar. This security update fixes a broken mysqlhotcopy script as well as several security related bugs: -...