29 matches found
EUVD-2015-9331
Malware in sbrugna...
EUVD-2007-5087
Malware in sbrugna...
EUVD-2022-51987
Malicious code in bioql PyPI...
Stored Cross-Site Scripting (XSS)
thinkcmf/thinkcmf is vulnerable to Cross-Site Scripting XSS attacks. The vulnerability is due to a lack of sanitization in the userlogin parameter in the /admin/user/addpost endpoint, allowing an attacker to inject and execute malicious javascript on a victim's browser...
ThinkCMF Cross-Site Scripting Vulnerability
ThinkCMF is a CMS Content Management System based on ThinkPHP. A cross-site scripting vulnerability exists in ThinkCMF version 5.1.5, which stems from the lack of effective filtering and escaping of user-supplied data in the file UserController.php, and can be exploited by an attacker to execute...
ThinkCMF Cross-site Scripting Vulnerability
Cross Site Scripting XSS vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted userlogin...
CVE-2020-25915
Cross Site Scripting XSS vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted userlogin...
Authentication Bypass
moodle/moodle is vulnerable to authentication bypass. The vulnerability exists in the userlogin function of auth.php due to a type juggling, which allows an attacker to access restricted domains via the external database authentication...
Sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument userlogin with the input email protected' OR SELECT 9084 FROMSELECT COUNT,CONCAT0x7178767871,SELECT...
CVE-2015-9482
The ThemeMakers Car Dealer / Auto Dealer Responsive theme through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information such as userlogin, userpass, and useremail values via a direct request for the wp-content/uploads/tmmdbmigrate/wpusers.dat URI...
lawyersclubindia.com XSS vulnerability
Vulnerable URL: http://www.lawyersclubindia.com/userlogin.asp?redirect=/experts/expertsubscribe.asp?groupid=458191"'--!alert/Y4R4G/...
Studio Manolibera Listarivisteuk SQL Injection
Exploit Title: Listarivisteuk SQL Injection Author: Th4 MasK Contact to ; [email protected] Date : 27.01.2012 Platform : Php Dork: listarivisteuk.php?Id?= Demo Site : http://www.fgda.org/listarivisteuk.php?Id=1 Exploit :...
WordPress Plugin SermonBrowser 0.43 - SQL Injection
WordPress Plugin SermonBrowser 0.43 - SQL Injection alert0 FPD : http://site/wp/wp-content/plugins/sermon-browser/sermon.php -== Start ==- "; $t=array"dbusr"="user","dbver"="version","dbnam"="database","usrnm"="userlogin","passwd"="userpass"; function text2hex$string $hex = ''; $len = strlen$stri...
SAS Hotel Management System - notfound SQL Injection
SAS Hotel Management System - notfound SQL Injection 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
WordPress and Pyrmont V2. SQL Injection Vulnerability
Exploit for unknown platform in category web applications ===================================================== WordPress and Pyrmont V2. SQL Injection Vulnerability ===================================================== WordPress and Pyrmont V2. SQL Injection Vulnerability Plugin Home:...
MyWeight 1.0 Cross Site Scripting
-----------------------------I AM MUSLIM !!------------------------------ ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | IN THE NAME OF // \ || || // \ || ||...
Phenotype CMS 2.8 - login.php?user Blind SQL Injection
Phenotype CMS 2.8 - login.php?user Blind SQL Injection Phenotype v2.8 Blind Sql Injection AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://ircrash.com My Official WebSite : http://r3dw0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina...
CVE-2008-4106
WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the userlogin column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's...
Pligg CMS 9.9.0 - 'story.php' SQL Injection
|| | | Pligg Beta 9.9.0 id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script : http://www.pligg.com/ | | DorK : Powered By Pligg | Legal: License...
DreamNews Manager (id) Remote SQL Injection Vulnerability
No description provided by source. dreamnews rss Remote SQL Injection Vulnerability ======================================================== Author: Hussin X = = Home : www.tryag.cc/cc = = email: darkangelg85atYahooDoTcom = = ========================================================= script :...