Free School Management Software 1.0 Cross Site Scripting

Exploit Title: Free School Management Software 1.0 - 'multiple' Stored Cross-Site Scripting XSS Exploit Author: fuzzyap1 Date: 7-12-2021 Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/15073/free-school-management-software.html Software Link:...

Froxlor 0.10.29.1 SQL Injection

Exploit Title: Froxlor 0.10.29.1 - SQL Injection Authenticated Exploit Author: Martin Cernac Date: 2021-11-05 Vendor: Froxlor https://froxlor.org/ Software Link: https://froxlor.org/download.php Affected Version: 0.10.28, 0.10.29, 0.10.29.1 Patched Version: 0.10.30 Category: Web Application Teste...

Online Event Booking and Reservation System 1.0 - (reason) Stored Cross-Site Scripting Vulnerability

Exploit Title: Online Event Booking and Reservation System 1.0 - 'reason' Stored Cross-Site Scripting XSS Exploit Author: Alon Leviev Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html Software Link:...

WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection

WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection Exploit Title: Wordpress Plugin Import Export WordPress Users = 1.3.1 - CSV Injection Exploit Author: Javier Olmedo Contact: @jjavierolmedo Website: https://sidertia.com Date: 2018-08-22 Google Dork:...

WordPress JoomSport 3.3 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: JoomSport 3.3 – for Sports - SQL injection Google Dork: intext:powered by JoomSport - sport WordPress plugin Exploit Author: Pablo Santiago Vendor Homepage: https://beardev.com/ Software Link:...

CyberArk Enterprise Password Vault 10.7 XML External Entity Injection

Exploit Title: CyberArk XML External Entity XXE Injection in SAML authentication Date: 10/05/2019 Exploit Author: Marcelo Toran @spamv Vendor Homepage: https://www.cyberark.com Version: =10.7 CVE : CVE-2019-7442 -----------Product description The CyberArk Enterprise Password Vault is a privileged...

SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure Vulnerability

Exploit for php platform in category web applications Application: SAP NetWeaver Web Dynpro 6.4 to 7.5 - Information disclosure Versions Affected: SAP NetWeaver 6.4 - 7.5 Vendor URL: http://SAP.com Bugs: Information disclosure Enumerate users Date of Public Advisory: 09.02.2016 Reference: SAP...

WolfCMS 0.8.3.1 - Cross Site Request Forgery / Open Redirection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WolfCMS 0.8.3.1 Cross Site Request Forgery Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link:...

Real Estate MLM plan script 1.0 - srch SQL Injection

Real Estate MLM plan script 1.0 - srch SQL Injection Exploit Title: Real Estate MLM plan script v1.0 - 'srch' Parameter SQL Injection Date: 2017-09-28 Exploit Author: 8bitsec Vendor Homepage: http://www.mlmscript.in/ Software Link: http://www.mlmscript.in/real-estate-mlm-script.html Version: 1.0...

SAP POS Missing Authentication in XpressServer

Application: SAP POS Xpress Server Vendor URL: SAP Bug: Missing Authentication Check Reported: 15.05.2017 Vendor response: 16.05.2017 Date of Public Advisory: 11.07.2017 Reference: SAP Security Note 2520064 Author: Vladimir Egorov ERPScan VULNERABILITY INFORMATION Class: Missing Authentication...

SAP TREX RCE

Application: SAP TREX Versions Affected: SAP TREX 7.10 Vendor URL: SAP Bugs: RCE Reported: 23.01.2017 Vendor response: 24.01.2017 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2419592 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: Missing Authentication for...

Oracle PeopleSoft HCM 9.2 Cross Site Scripting Vulnerability

Exploit for windows platform in category local exploits Application: Oracle PeopleSoft Vendor: Oracle Bugs: XXS Reported: 31.10.2016 Vendor response: 1.11.2016 Date of Public Advisory: 17.01.2017 Reference: Oracle CPU Jan 2017 Authors: Vahagn Vardanyan, Dmitry Yudin 1. ADVISORY INFORMATION Title:...

SAP AS JAVA P4 MSPRuntimeInterface information disclosure

Application: SAP AS JAVA P4 Versions Affected: SAP AS JAVA P4 7.4 Vendor URL: SAP Bugs: Information disclosure Reported: 10.03.2016 Vendor response: 11.03.2016 Date of Public Advisory: 12.10.2016 Reference: SAP Security Note 2331908 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class...

SAP NetWeaver AS JAVA - SQL injection vulnerability

Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 – 7.5 Vendor URL: SAP Bugs: SQL injection Reported: 18.08.2015 Vendor response: 19.08.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2101079 Author: Vahagn Vardanyan ERPScan VULNERABILITY...

SAP xMII - directory traversal vulnerability

Application: SAP xMII Versions Affected: SAP MII 15.0 Vendor URL: SAP Bugs: Directory traversal Reported: 29.07.2015 Vendor response: 30.07.2015 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 2230978 Author: Dmitry Chastuhin ERPScan VULNERABILITY INFORMATION Class: CWE-36 Impact...

SAP JAVA AS icman - DoS vulnerability

Application: SAP JAVA AS Versions Affected: SAP JAVA AS 7.2 – 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 14.03.2016 Reference: SAP Security Note 2256185 Author: Dmitry Yudin ERPScan @ret5et Vulnerability Information Class:...

SAP Kernel - RCE and DoS vulnerability

Application: SAP NetWeaver Dispatcher Versions Affected: SAP Kernel 7.00 32BIT, 7.40 64BIT Vendor URL: http://www.sap.com Vulnerability: Buffer Overflow – RCE, Denial of Service Exploits: YES Reported: 25.08.2014 Vendor response: 25.08.2014 Date of Public Advisory: 15.12.2014 Reference: SAP...

Micro CMS 1.0 b1 - Persistent XSS Vulnerability

No description provided by source. Title : Micro CMS Persistent Cross-Site Scripting Vulnerability. Author : Veerendra G.G from SecPod Technologies www.secpod.com Vendor : http://www.micro-cms.com/ Advisory : http://secpod.org/blog/?p=135 http://secpod.org/advisories/SECPODMicroCMS.txt Version :...

SAP Router - Timing Attack Password Disclosure

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL:...

SpagoBI 4.0 - Persistent HTML Script Insertion

Exploit for php platform in category web applications SpagoBI1 is an Open Source Business Intelligence suite, belonging to the free/open source SpagoWorld initiative, founded and supported by Engineering Group2. It offers a large range of analytical functions, a highly functional semantic layer...