Lucene search
K

11 matches found

Packet Storm
Packet Storm
added 2024/10/08 12:0 a.m.324 views

PHP-Nuke Top Module SQL Injection

Exploit Title: PHP-Nuke SQL injection Top Module + protection Bypass Google Dork: intext: Powered by PHP-Nuke Date: 2024-10-07 Exploit Author: Emiliano Febbi Vendor Homepage: https://phpnuke.org/ Software Link: https://sourceforge.net/projects/phpnuke/files/phpnuke/ Version: 6.x New concept of...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2024/02/26 2:19 a.m.2 views

Mozilla: Alert dialog could have been spoofed on another site

The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...

6.5CVSS7.3AI score0.00673EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2021/11/09 6:30 p.m.5 views

webkitgtk: Integer overflow leading to arbitrary code execution

A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by an integer overflow in the WebKit component. An attacker can execute arbitrary code on the system by persuading a victim to visit a speciall...

8.8CVSS7.8AI score0.0369EPSS
Exploits0References6
Exploit DB
Exploit DB
added 2020/10/16 12:0 a.m.554 views

CS-Cart 1.3.3 - authenticated RCE

Exploit Title: CS-Cart authenticated RCE Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.3 Vulnerability Type: authenticated RCE get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell edit ...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2019/05/28 8:24 a.m.45 views

Automattic: Denial of service to WP-JSON API by cache poisoning the CORS allow origin header

The WP-JSON implementation on some wordpress.com websites I've tested is vulnerable to denial of service where by an attacker can provide an arbitrary Origin header in the request, which is then echoed back in the response via the Access-Control-Allow-Origin header, which is cached and served to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

YourTube <= 2.0 Arbitrary Database Disclosure Exploit

No description provided by source. ? //= exploit : YourTube = 2.0 Remote SQL Database Disclosure //= info : http://www.ac4p.com //= DORK: powered by yourtube //= found by: Security Code Team - thanks for sniper code and Qabandi -- //= our home: WwW.Sec-Code.com //= greats 4 our members in our hom...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/07/01 12:0 a.m.35 views

Oxygen2PHP 1.1.3 - &#039;forumdisplay.php&#039; Blind SQL Injection

!/usr/bin/perl 0-Day Oxygen2PHP newGET = $Host; my $HTTP = new LWP::UserAgent; my $Referrer = "http://warwolfz.altervista.org/"; my $DefaultTime = request$Referrer; sub BlindSQLJnjection my $dec,$hex = @; return "./forumdisplay.php?fid=-1'+OR+1!=SELECT...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2009/02/18 12:0 a.m.18 views

SAS Hotel Management System Authentication Bypass

--------------------------------------------------------- Portal Name: SAS Hotel Management System Author : PouyaServer , [email protected] mailto:[email protected] Vulnerability : Auth Bypass SQL Injection Vulnerability --------------------------------------------------------- Auth...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2008/12/15 12:0 a.m.18 views

Flatnuke 3 Cookie Grabber Exploit

titolo" name="name" type="text" / Immagine File -- "alert69%3B...

Exploits0
0day.today
0day.today
added 2007/07/03 12:0 a.m.52 views

MyCMS <= 0.9.8 Remote Command Execution Exploit

Exploit for unknown platform in category web applications =============================================== MyCMS 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0;...

7.1AI score
Exploits0
Mozilla
Mozilla
added 2006/09/14 12:0 a.m.33 views

Frame spoofing using document.open() — Mozilla

shutdown demonstrated a way to inject content into a sub-frame of another site using targetWindow.framesn.document.open, making the attackers content look like it was part of the victim site. Similar in effect to MFSA 2005-51...

4.3CVSS4.6AI score0.02164EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder