92 matches found
EUVD-2026-1957
A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been...
EUVD-2023-25683
Malicious code in bioql PyPI...
CVE-2017-9090
reg.php in Allen Disk 1.6 doesn't check if isset$SESSION'captcha''code'==1, which makes it possible to bypass the CAPTCHA via an empty $POST'captcha'...
Koha SQL Injection
Koha versions prior to 24.11.02 suffer from a remote SQL injection vulnerability in C4/Serials.pm. Koha CVE-2025-22954: SQL Injection in lateissues-export.pl Overview This repository contains a proof of concept for CVE-2025-22954, a critical severity CVSS 10.0 SQL injection vulnerability in Koha...
SmartAgent 1.1.0 SQL Injection
Exploit Title: SmartAgent v1.1.0 - Unauthenticated SQL Injection SQLi Date: 01-10-2024 Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can inject SQL queries through a POST request ...
PPDB ONLINE 1.3 Administrative Page Disclosure
==================================================================================================================================== | Title : PPDB ONLINE V.1.3 HTML Form in redirect page Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64...
CVE-2023-21515
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...
CVE-2023-21515
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...
Design/Logic Flaw
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store...
Beauty Parlour Management System 1.0 Cross Site Scripting
Exploit Title: Beauty Parlour Management System 1.0 - 'Add Services' Cross-Site Scripting Date: 19/2/2021 Exploit Author: Thinkland Security Team Vendor Homepage: https://phpgurukul.com/beauty-parlour-management-system-using-php-and-mysql/ Software Link:...
PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting
Exploit Title: PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting Date: 2021-02-11 Exploit Author: Anmol K Sachan Vendor Homepage: https://www.peel.fr/ Software Link: https://sourceforge.net/projects/peel-shopping/ Software: : PEEL SHOPPING 9.3.0 Vulnerability Type: Stored Cross-site...
vBulletin 'vb_test.php' Information Disclosure Vulnerability - Active Check
The remote host is disclosing information if the vBulletin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vbulletin:vbulletin";...
CentOS Web Panel Operating System Command Injection Vulnerability (CNVD-2020-43610)
CentOS Web Panel CWP is a free web hosting control panel. An operating system command injection vulnerability exists in the ajaxphppecl.php file in the CentOS Web Panel cwp-el7-0.9.8.891 release, which stems from failure to properly validate user-supplied strings before executing system calls. An...
Nuevomailer 6.0 - SQL Injection
Nuevomailer 6.0 - SQL Injection Exploit Title: Nuevo mailer version = 6.0 SQL Injection Exploit Author: ALEH BOITSAU Google Dork: inurl:/inc/rdr.php? Date: 2017-06-09 Vendor Homepage: https://www.nuevomailer.com/ Version: 6.0 and below Tested on: Linux Vulnerable script: rdr.php Vulnerable...
Nuevomailer < 6.0 - SQL Injection
Exploit Title: Nuevo mailer version = 6.0 SQL Injection Exploit Author: ALEH BOITSAU Google Dork: inurl:/inc/rdr.php? Date: 2017-06-09 Vendor Homepage: https://www.nuevomailer.com/ Version: 6.0 and below Tested on: Linux Vulnerable script: rdr.php Vulnerable parameter: r PoC:...
LocalTapiola: SQL Injection /webApp/oma_conf ctx parameter (viestinta.lahitapiola.fi)
Vulnerable script: /webApp/omaconf Vulnerable parameter: ctxvarsemail Database: PostgreSQL PoC http POST /webApp/omaconf HTTP/1.1 Host: viestinta.lahitapiola.fi Content-Type: application/x-www-form-urlencoded Content-Length: 1131...
LocalTapiola: Open Redirect (verkkopalvelu.lahitapiola.fi)
PoC: Open link and wait a full load https://verkkopalvelu.lahitapiola.fi//blackfan.ru/%2f../e2/kotivakuutus/vakuutuslaskuri/ Result: Redirect to another site - blackfan.ru Vulnerable script: https://verkkopalvelu.lahitapiola.fi/e2/kotivakuutus/vakuutuslaskuri/scripts/app.js js function ae...
bitrix.scan Bitrix 1.0.3 Path Traversal Vulnerability
bitrix.scan Bitrix module version 1.0.3 suffers from a path traversal vulnerability. Product: bitrix.xscan Bitrix module Vendor: Bitrix Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: November 18, 2015 without technical details Vendor Notification: Novemb...
mobilelib gold 3.0 - (auth bypass/sql) Multiple Vulnerabilities
No description provided by source. ------------------Mobilelib Gold v3 Auth Bypass/SQL Multiple Remote Vulnerabilities---------------------------- ---------------------------------------------------------------------------------------------------------------- Script : Mobilelib Gold version : 3.0...
AlstraSoft Template Seller Pro <= 3.25 Remote Code Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo AlstraSoft Template Seller Pro = 3.25 Remote Code Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love ; if $argc4 echo Usage: php...