17 matches found
dzzoffice_upload
It is an offensive tool for web application exploitation. The re...
EUVD-2019-5201
Malware in sbrugna...
EUVD-2019-13382
Malware in sbrugna...
EUVD-2022-2445
Malicious code in bioql PyPI...
EUVD-2024-27297
Malicious code in bioql PyPI...
EUVD-2025-15093
Malicious code in bioql PyPI...
CVE-2019-13932
A vulnerability has been identified in XHQ All versions V6.0.0.2. The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack cou...
Feng Office 3.11.1.2 - SQL Injection
Exploit Title: Feng Office 3.11.1.2 - SQL Injection Date: 7/2024 Exploit Author: Andrey Stoykov Version: 3.11.1.2 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com SQL Injection: 1. Login to application 2. Click on "Workspaces" 3. Copy full URL 4. Paste the HTTP GET request into text...
Webmin Usermin 2.100 - Username Enumeration
Exploit Title: Webmin Usermin 2.100 - Username Enumeration Date: 10.02.2024 Exploit Author: Kjesper Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: = 2.100 Tested on: Kali Linux CVE: CVE-2024-44762...
University Registration System 1.0 Insecure Direct Object Reference
University Registration System version 1.0 suffers from an insecure direct object reference vulnerability that allows for information disclosure. Exploit Title: University Registration System - IDOR Leads to Information Disclosure Date: 2025-03-25 Exploit Author: wa03/td9l Telegram: @wa03/@td9l...
PT-2023-26107 · Geeklog · Geeklog
Name of the Vulnerable Software and Affected Versions: Geeklog version 2.2.2 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of "/admin/router.php" API endpoint. This enables the execution of...
JivoChat < 1.3.5.4 - Stored Cross-Site Scripting via CSRF
The plugin does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript. XSS will be triggered when...
Engineers Online Portal 1.0 - (id) SQL Injection Vulnerability
Exploit Title: Engineers Online Portal 1.0 - 'id' SQL Injection Exploit Author: Alon Leviev Category: Web application Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html Software Link:...
53kf跨站漏洞(测试中标无数)
简要描述: 微博求交流... 详细说明: 进入www.53kf.com的网站找到类似于http://www.53kf.com/products/xxxxx.html 接着看图片 接着看受害者的用户,因为太多人了,不知道哪个是管理,所以没有渗透到后台,小菜闹笑话了 截止发文章前1天时间已有531个受害者当然包括自己,哈哈,我表示该网站流量太大了,所以还是会被有心之人利用的。 https://images.seebug.org/upload/201212/0918074...
wmnews05.txt
ERNE ---- ERNEALiZM ---- BU ASK BiTMEZ---- WM-News v0.5 - Remote File Include Vulnerabilities site : http://www.comscripts.com/jump.php?action=script&id=203 Script : WM-News v0.5 Credits : ERNE Contact : [email protected] and irc.gigachat.net kurdhack Thanks : BLaCKWHITE, B0tan, FearLesS, B3g0k,...
BEA WebLogic Server 8.1 / WebLogic Express Administration Console - Cross-Site Scripting
source: https://www.securityfocus.com/bid/13400/info A remote cross-site scripting vulnerability affects BEA WebLogic Server and WebLogic Express administration console. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically...
MiniVend view_page.html Shell Metacharacter Arbitrary Command Execution
The version of MiniVend running on the remote host has an arbitrary command execution vulnerability. Input to the 'mvarg' parameter of viewpage.html is not properly sanitized. A remote attacker could exploit this to execute arbitrary commands on the system. %NASLMINLEVEL 70300 C Tenable Network...