CVE-2018-25358

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

EUVD-2018-21880

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

CVE-2018-25358 D-Link DIR601 2.02NA Credential Disclosure via my_cgi.cgi

D-Link DIR601 2.02NA contains a credential disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration data by manipulating the tablename parameter in POST requests. Attackers can send requests to /mycgi.cgi with tablename values like adminuser,...

EUVD-2026-12138

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

SQL Injection

nocodb is vulnerable to SQL Injection. The vulnerability is due improper sanitization of the tablename parameter within VitessClient.ts, which allows an authenticated attacker with the create access permission to execute arbitrary SQL by escaping the query with a ' character within the tablename...

CVE-2021-40261

Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the 1 userusername and 2 category parameters in saveclass.php, the 3 firstname, 4 class, and 5 status parameters in studenttable.php, the 6 category and 7 classname parameters in...

Code injection

The security audit log of SAP HANA, versions 1.0 and 2.0, does not log SELECT events if these events are part of a statement with the syntax CREATE TABLE AS SELECT...

WordPress Polls 1.2.4 SQL Injection

Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Author : Manish Kishan Tanwar AKA error1046 https://twitter.com/IndiShell1046 Date : 22/10/2017 Vulnerable version: 1.2.4 Download Link : https://downloads.wordpress.org/plugin/polls-widget.1.2.4.zip Love to : zero cool,Team...

mysql-lite-administrator XSS vulnerabilities

Credits: hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-MYSQLLITEADMINISTRATOR0621.txt Vendor: ============================================= code.google.com/p/mysql-lite-administrator Product:...

Scripts Genie Hot Scripts Clone - showcategory.php?cid SQL Injection

Scripts Genie Hot Scripts Clone - showcategory.php?cid SQL Injection -+=--+=--+=--+=--+=--+=--+=--+=--+=--+=- + Security Flaw + -+=--+=--+=--+=--+=--+=--+=--+=--+=--+=- + + + /\ \ | | + +/ |/ / | | | |/ / / \ | + +\ \ / | || / /\ / / | + +|/||,\ / || +...

MYSQL File/Directory Enumerator

Enumerate files and directories using the MySQL loadfile feature, for more information see the URL in the references. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'yaml' class MetasploitModule 'MYSQL...

Flexap Control Panel 5.1 Blind SQL Injection Vulnerability

Exploit for php platform in category web applications ===================================================== Vulnerable software: Control Panel version 5.1 Vendor: http://www.flexap.am/ Vuln type: Blind SQL Injection Software License: Commercial Software: Control Panel version 5.1 Discovered and...

Discuz! X2 SQL injection vulnerability 0day-vulnerability warning-the black bar safety net

File: source\module\forum\forumattachment.php if! defined'INDISCUZ' exit'Access Denied'; define'NOROBOT', TRUE; @list$G'gpaid', $G'gpk', $G'gpt', $G'gpuid', $G'gptableid' = explode'|', base64decode$G'gpaid'; if! empty$G'gpfindpost' && $attach = DB::fetchfirst"SELECT pid, tid FROM ". DB::table...

Discuz! X2 SQL injection vulnerability-vulnerability warning-the black bar safety net

Detailed description: File: source\module\forum\forumattachment.php if! defined'INDISCUZ' exit'Access Denied'; define'NOROBOT', TRUE; @list$G'gpaid', $G'gpk', $G'gpt', $G'gpuid', $G'gptableid' = explode'|', base64decode$G'gpaid'; if! empty$G'gpfindpost' && $attach = DB::fetchfirst"SELECT pid, tid...