WordPress Dance Studio 1.0.0 Shell Upload

Exploit Title : Wordpress Themes dance-studio - Arbitrary Shell Upload vulnerbility Author : xBADGIRL21 Google Dork: inurl:/wp-content/themes/dance-studio Date: 12-11-2017 Vendor Homepage: http://themes.cmsmasters.net/?theme=dance-studio by looplava Version: 1.0.0 Tested on: Win 7 MyBlog :...

blog.zimbra.com XSS vulnerability

Open Bug Bounty ID: OBB-212332 Description| Value ---|--- Affected Website:| blog.zimbra.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Sql injection

Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in an activateaddress address controller action, 2 title parameter in a show blog controller action, or 3 contentid parameter in a showComments...

CVE-2016-7400

Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in an activateaddress address controller action, 2 title parameter in a show blog controller action, or 3 contentid parameter in a showComments...

CVE-2016-7400

Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in an activateaddress address controller action, 2 title parameter in a show blog controller action, or 3 contentid parameter in a showComments...

Easy Support Tools 1.0 SQL Injection

Exploit Title: Easy Support Tools - FAQs, Help Articles, Blog and Feedback Script v1.0 - SQL Injection Google Dork: N/A Date: 07.02.2017 Vendor Homepage: http://nelliwinne.net/ Software Buy: https://codecanyon.net/item/easy-support-tools-faqs-help-articles-blog-and-feedback/17864522 Demo:...

emlog personal blog system background there is privilege elevation vulnerability

Impact version emlog = 5.1.2 Prerequisites: need to log in the background Exploit Log in the background after a visit to admin/? action=phpinfo page, get website physical path In the database backup page to back up the database, export to a local computer, and then edit the exported . sql format ...

oknation.nationtv.tv XSS vulnerability

Vulnerable URL: http://oknation.nationtv.tv/blog/searchblogindex.php?keyword=tsetprompt/OPENBUGBOUNTY/...

domo.com XSS vulnerability

Vulnerable URL: https://www.domo.com/blog/?s=alert/OPENBUGBOUNTY/...

Zomato: test.zba.se is vulnerable to SSL POODLE

test.zba.se is vulnerable to ssl poodle Steps to reproduce: 1.nmap -sV --version-light --script ssl-poodle -p 443 example.com 2.curl -v3 -X HEAD https://www.example.com 3.or script given at https://access.redhat.com/node/1232123/40/0 command: ./poodle.sh example.com Result from these all 3 comman...

Linux/x86_64 - execve /bin/sh Shellcode (22 bytes)

;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software”, ;to deal in the Software without restriction, including without limitation ;the rights to use,...

tothenew.com XSS vulnerability

Vulnerable URL: http://www.tothenew.com/blog/day-1-of-gr8conf-in-2017-a-groovy-start-to-the-year?'alert/OPENBUGBOUNTY/...

Mini Blog 1.1 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: IC-Mini Blog Script - Authentication Bypass Google Dork: N/A Date: 20.01.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Buy: http://www.icloudcenter.com/miniblog.htm Demo: http://www.icloudcenter.net/demos/miniblog/...

Ghost Blog 0.11.3 Cross Site Scripting Vulnerability

Tempest Security Intelligence Advisory ADV-9/2017 - Ghost Blog version 0.11.3 suffers from a persistent cross site scripting vulnerability. Persistent Cross-Site Scripting XSS in Ghost ------------------------------------------------------- Author: - Patrick Costa Tempest Security Intelligence -...

Ghost Blog 0.11.3 Cross Site Scripting

===== Tempest Security Intelligence - ADV-9/2017 ======================== Persistent Cross-Site Scripting XSS in Ghost ------------------------------------------------------- Author: - Patrick Costa Tempest Security Intelligence - Recife, Pernambuco - Brazil ===== Table of Contents...

Mini Blog 1.1 - Authentication Bypass

Exploit Title: IC-Mini Blog Script - Authentication Bypass Google Dork: N/A Date: 20.01.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Buy: http://www.icloudcenter.com/miniblog.htm Demo: http://www.icloudcenter.net/demos/miniblog/ Version: 1.1 Tested on: Win7 x64 Exploit Author: Ihsa...

Micro Blog Script - SQL Injection Vulnerability

Exploit for php platform in category web applications Vulnerability: SQL Injection + Authentication Bypass Date: 18.01.2017 Vendor Homepage: http://www.scriptgiant.com/ Tested on: http://www.microblogscript.scriptgiant.in Script Name: Micro Blog Script Author: Ihsan Sencan Author Web:...

Micro Blog Script - SQL Injection

Micro Blog Script - SQL Injection Vulnerability: SQL Injection + Authentication Bypass Date: 18.01.2017 Vendor Homepage: http://www.scriptgiant.com/ Tested on: http://www.microblogscript.scriptgiant.in Script Name: Micro Blog Script Author: Ihsan Sencan Author Web: http://ihsan.net Mail :...

Micro Blog Script - SQL Injection

Vulnerability: SQL Injection + Authentication Bypass Date: 18.01.2017 Vendor Homepage: http://www.scriptgiant.com/ Tested on: http://www.microblogscript.scriptgiant.in Script Name: Micro Blog Script Author: Ihsan Sencan Author Web: http://ihsan.net Mail : ihsanbeygirihsannoktanet Authentication...

シンプル化された Windows 7 および Windows 8.1 のサービス モデル: 最新の改善点について

本記事は、Windows for IT Pros のブログ "Simplified servicing for Windows 7 and Windows 8.1: the latest improvements" 2017 年 1 月 13 日 米国時間公開 を翻訳したもの...