56796 matches found
Commercial pie ONex order management system reflective XSS
No description provided by source...
Fancier General-purpose ticket management system /ajax/cjrcard. ashx file id parameter SQL injection vulnerability
No description provided by source...
TikiWiki 14.1 Calendar Command Execution
No description provided by source...
subrion backend sql any implementation
No description provided by source...
Navis WebAccess - SQL injection vulnerability
No description provided by source. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Product - Navis WebAccess - SQL Injection Date - 8/8/2016 Author - bRpsd Skype: vegnox Vendor HomePage - http://www.navis.com/ Product Download - http://navis.com/prwebaccess.jsp currently under...
VBULLETIN 5.2.0/5.2.1/5.2.2 MEDIA UPLOAD SSRF PRIVILEGE ESCALATION
Author: c1tas, p0wd3r know Chong Yu 404 security lab CVE: CVE-2016-6483 A vulnerability overview vBulletin accepts the url parameters, it is not prohibited to jump transduction induced SSRF vBulletin need this function to access external connections, but this limit is not strict cause can trigger...
Meters in cms member\mypay.php after login, prepaid cards sql injection vulnerability
No description provided by source...
NUUO NVRmini 2 3.0.8 remote command execution
No description provided by source...
WordPress theme ypo-theme Arbitrary File Download Vulnerability
No description provided by source. !/usr/bin/env python -- coding: utf-8 -- from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = '92262' ssvid version = '1.0' author = 'cdxy' vulDate = '2016-08-09' createDate =...
Paviansystems product_detail.php parameters product_id SQL injection vulnerability
No description provided by source...
Navis WebAccess SQL Injection
No description provided by source...
Strongsoft /SystemManage/AjaxHandle/AjaxVertifyUserID. ashx parameters uid SQL injection vulnerability
No description provided by source...
Joomla v3. 2-3. 4. 4 com_contenthistory parameter list[select] SQL injection vulnerability
No description provided by source...
Caxita news_more.php parameter id SQL injection vulnerability
No description provided by source...
Fancier ERP /flight/Print_url_sel. aspx id parameter injection vulnerability
No description provided by source...
The wave of government approval platform ECGAP /FeedBack/ProcessValue. aspx file num parameter SQL injection vulnerability
No description provided by source...
Joomla com_videoflow v1. 1. 3-1. 1. 5 parameter searchword SQL injection vulnerability
No description provided by source...
Strongsoft AjaxMapCustomAction. ashx parameter param SQL injection vulnerability
No description provided by source...
The wave of government approval platform ECGAP /FeedBack/ProcessValue. aspx file num parameter SQL injection vulnerability
No description provided by source...
Fancier ERP /PiaoYou_root. aspx command execution vulnerability
No description provided by source...
Fancier /travel/Default. aspx parameters leixing injection vulnerability
No description provided by source...
Internet Explorer 11 VBScript engine memory corruption vulnerability
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Internet Explorer 11 VBScript Engine Memory Corruption", 'Description' = %q This module...
Samsung Security Manager 1.5 ActiveMQ Broker Service remote code execution vulnerability
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Samsung Security Manager 1.5 ActiveMQ Broker Service PUT Method Remote Code Execution",...
Pfister Norman journals system select_e. aspx the parameter content SQL injection vulnerability
No description provided by source...
Zabbix Agent 3.0.1 mysql. size shell command injection
CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection Affected products ================= At least Zabbix Agent 1:3.0.1-1+wheezy from http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions were not tested. Background ========== "Zabbix agent is deployed on a...
Joomla com_videoflow SQL injection Vulnerability
No description provided by source...
polycom-web-management-interface-os-command-injection
No description provided by source...
tnt CMS detail.php 参数id SQL注入漏洞
No description provided by source...
The wave of government approval platform ECGAP /Bulletin/DocmentDownload. aspx file ID parameter SQL injection vulnerability
No description provided by source...
New too openEAP enterprise application platform without the log file upload vulnerability
No description provided by source...
Halliburton LogView Pro 9.7.5 remote code execution vulnerability
No description provided by source...
The micro-engine technology /payment/unionpay/notify.php POST-injection
No description provided by source...
ask2 \control\message.php parameters messageid SQL injection
先来看看该套源码的整体防注入:GPC转义+360的防御正则 很粗暴有没有,不过这里利用的是数组全面绕过360的防御正则,然后找到一些没有单引号包含的点,从而绕过单引号转义,绕过这两个,自然可以无限制任意注入初始化过滤在D:\wamp\www\ask2V3.1.1\model\sowenda.class.php中initrequest函数,在大概第60行 $this-get = taddslashes$this-get, 1; $this-post = taddslashesarraymerge$GET, $POST; checkattack$this-post, 'post';...
WordPress WP Live Chat Support(6.2.03) plugin stored XSS
No description provided by source. !/usr/bin/python -- coding: utf-8 -- from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register from pocsuite.api.utils import randomStr import urllib import re class TestPOCPOCBase: name = 'WordPress WP Live Chat...
Oracle EBusiness US/po/OA_HTML/cabo arbitrary file read vulnerability
No description provided by source...
Limits of the OA system /inc/finger/use_finger.php file USER_ID parameter SQL injection vulnerability
No description provided by source...
Kingdee OA Office system /stock/cash/tree/get_part. jsp file ids parameter SQL injection vulnerability
No description provided by source...
Kingdee OA /stock/cash/tree/get_flow. jsp parameter ids time blind
No description provided by source...
Kingdee OA /stock/cash/tree/get_mail. jsp parameter node injection vulnerability
No description provided by source...
Vizyonnet index.php parameter use SQL blind injection vulnerability
No description provided by source...
票友机票预订系统 newslist.aspx 参数a SQL注入漏洞
No description provided by source...
B2B Clone news_desc.html 参数id SQL注入漏洞
No description provided by source...
Drupal v6. 22 /content/menucustom parameters menupereid SQL injection vulnerability
No description provided by source...
Joomla com_breezingforms arbitrary file upload vulnerability
No description provided by source...
whirOA /defaultroot/public/jsp/goodsphotoupload. jsp file upload vulnerability
No description provided by source...
whirOA download. jsp arbitrary File Download
No description provided by source...
FEI news router K1 information disclosure vulnerability
Reference source: FEI news mainstream router K1 loopholes and collect user information FEI news PSG1208K1is Fibonacci Telecommunications Company, the main push of a home router product, we through the analysis of a router firmware find there are a lot of problems. First, we use a firmware analysi...
ZTE enterprise gateway system modules/system/download.php arbitrary File Download vulnerability
No description provided by source...
Hsort the press management system /Admin/fileManage. aspx file value parameter arbitrary File Download vulnerability
No description provided by source...
nrss reader 0.3.9 logic denial of service vulnerability
No description provided by source. Exploit developed using Exploit Pack v5.4 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: NRSS RSS Reader Version: 0.3.9-1 Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org Program descriptio...