14 matches found
CVE-2025-10878
A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated attackers to bypass authentication completely. Successful exploitation grants full...
CVE-2024-47617 Reflected XSS Vulnerability in Sulu Media Bundle
Sulu is a PHP content management system. This vulnerability allows an attacker to inject arbitrary HTML/JavaScript code through the media download URL in Sulu CMS. It affects the SuluMediaBundle component. The vulnerability is a Reflected Cross-Site Scripting XSS issue, which could potentially...
PHPJabbers Rental Property Booking 2.0 - Reflected XSS
Exploit Title: PHPJabbers Rental Property Booking 2.0 - Reflected XSS Exploit Author: CraCkEr Date: 22/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/rental-property-booking-calendar/ Version: 2.0 Tested on: Windows 10 Pro Impact:...
PHPJabbers Rental Property Booking 2.0 Cross Site Scripting
Exploit Title: PHPJabbers Rental Property Booking 2.0 - Reflected XSS Exploit Author: CraCkEr Date: 22/07/2023 Vendor: PHPJabbers Vendor Homepage: https://www.phpjabbers.com/ Software Link: https://www.phpjabbers.com/rental-property-booking-calendar/ Tested on: Windows 10 Pro Impact: Manipulate t...
Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS Vulnerability
Exploit Title: Joomla VirtueMart Shopping-Cart 4.0.12 - Reflected XSS Exploit Author: CraCkEr Vendor: VirtueMart Team Vendor Homepage: https://www.virtuemart.net/ Software Link: https://demo.virtuemart.net/ Joomla Extension Link:...
Listplace Directory Listing Platform 3.0 Cross Site Scripting
Exploit Title: Listplace Directory Listing Platform 3.0 - Stored XSS Exploit Author: CraCkEr Date: 12/07/2023 Vendor: Bug Finder Vendor Homepage: https://bugfinder.net/ Software Link: https://bugfinder.net/product/listplace-a-complete-directory-listing-platform/22 Tested on: Windows 10 Pro Impact...
Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting Vulnerability
Exploit Title: Time Slot Booking Calendar 1.8 - Stored XSS Exploit Author: CraCkEr Vendor: GZ Scripts Vendor Homepage: https://gzscripts.com/ Software Link: https://gzscripts.com/time-slot-booking-calendar-php.html Version: 1.8 Tested on: Windows 10 Pro Impact: Manipulate the content of the site...
NodCMS 3.4.1 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Event Booking Calendar 1.8 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Active eCommerce CMS 6.5.0 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
PHPJabbers Forum Script 3.0 Persistent Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
Instacart: Full access to any list
Overview == The endpoint for adding a list collaborator lacks authorization checks. A regular Instacart user can add themselves as a collaborator to any list and thus get full control over that list. How to Reproduce == 1. Choose a list that you want to edit, for example the one with id = 10. 2...
CanadianISP.ca SQL Injection
Title: ====== Canadian ISP Website - SQL Injection Vulnerability Date: ===== 2011-09-23 VL-ID: ===== 282 Reference: ========== http://www.vulnerability-lab.com/getcontent.php?id=282 Introduction: ============= Canadianisp.ca - Is a wholly owned project of Marc Bissonnette / InternAlysis. It was...
Apple iPhone多个安全漏洞
CVECAN ID: CVE-2007-2399,CVE-2007-2400,CVE-2007-2401,CVE-2007-3742,CVE-2007-3944 iPhone是蒴果公司开发的智能手机。 iPhone的实现上存在多个安全漏洞,可导致恶意操作浏览器或信息泄露。 具体漏洞条目如下: CVE-2007-2400 Safari处理JavsScript的实现上存在漏洞,远程攻击者可能利用此漏洞绕过同源策略非授权操作其他网页。 CVE-2007-3944...