931 matches found
MyBuilder Clone 1.0 SQL Injection
Exploit Title: MyBuilder Clone 1.0 - SQL Injection Dork: N/A Date: 29.09.2017 Vendor Homepage: http://www.contractorscripts.com/ Software Link: http://order.contractorscripts.com/ Demo: http://demo.contractorscripts.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
PG All Share Video 1.0 SQL Injection
Exploit Title: PG All Share Video 1.0 - SQL Injection Dork: N/A Date: 29.09.2017 Vendor Homepage: http://www.pilotgroup.net/ Software Link: http://www.allsharevideo.com/features.php Demo: http://demo.allsharevideo.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploi...
Easy Blog PHP Script 1.3a - id SQL Injection
Easy Blog PHP Script 1.3a - id SQL Injection Exploit Title: Easy Blog PHP Script v1.3a - SQL Injection Date: 2017-09-27 Exploit Author: 8bitsec Vendor Homepage: https://www.codester.com/ Software Link: https://www.codester.com/items/4616/easy-blog-php-script Version: 1.3a Tested on: Kali Linux 2....
PHP Multi Vendor Script 1.02 - 'sid' SQL Injection
Exploit Title: PHP Multi Vendor Script v1.02 - 'sid' Parameter SQL Injection Date: 2017-09-28 Exploit Author: 8bitsec Vendor Homepage: http://www.dexteritysolution.com/ Software Link: http://www.dexteritysolution.com/php-multivendor-e-commerce-script.html Version: 1.02 Tested on: Kali Linux 2.0 |...
Easy Blog PHP Script 1.3a - 'id' SQL Injection
Exploit Title: Easy Blog PHP Script v1.3a - SQL Injection Date: 2017-09-27 Exploit Author: 8bitsec Vendor Homepage: https://www.codester.com/ Software Link: https://www.codester.com/items/4616/easy-blog-php-script Version: 1.3a Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...
CVE-2017-14601
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $GET'forwhat', resulting in Information Disclosure...
Sql injection
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $GET'forwhat', resulting in Information Disclosure...
CVE-2017-14601
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $GET'forwhat', resulting in Information Disclosure...
SQLMap v1.1.8 - Automatic SQL Injection And Database Takeover Tool
SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lastin...
Joomla CCNewsLetter 2.1.9 Component - sbid Parameter SQL Injection Vulnerability
Exploit for php platform in category web applications "Joomla Component ccnewsletter 2.1.9 - 'sbid' Parameter SQL Injection" Exploit Title: Joomla Component ccnewsletter 2.1.9 - SQL Injection Date: 07-26-2017 Exploit Author: Shahab Shamsi Vendor Homepage:...
Joomla! Component CCNewsLetter 2.1.9 - 'sbid' SQL Injection
"Joomla Component ccnewsletter 2.1.9 - 'sbid' Parameter SQL Injection" Exploit Title: Joomla Component ccnewsletter 2.1.9 - SQL Injection Date: 07-26-2017 Exploit Author: Shahab Shamsi Vendor Homepage: https://extensions.joomla.org/extension/ccnewsletter/ Version: = 2.1.9 Final Version Tested on:...
[SECURITY] Fedora 25 Update: yara-3.6.3-1.fc25
YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...
WordPress Plugin IBPS Online Exam <= 1.0 - Authenticated SQL Injection / Cross-Site Scripting
Exploit Author: 8bitsec Contact Author: https://twitter.com/8bitsec Stored XSS on exam input textfields and Blind SQL Injection on 'examappUserResult' page 'id' parameter. PoC Authenticated Stored XSS: Logged as a student: Write the payload in the input textfields while attempting an exam. The...
PHP Denial of Service Vulnerability (CNVD-2017-22592)
PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. A security vulnerability exists in the WDDX deserialization process for the 'boolean' parameter in the ext/wddx/wddx.c file in PHP versions prio...
Deserialization of untrusted data
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c...
EUVD-2017-2778
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c...
UBUNTU-CVE-2017-11143
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in ext/wddx/wddx.c...
Zomato: SQL Injection, exploitable in boolean mode
Issue The reporter found a SQL injection in one of the applications in www.zomato.com. Fix The issue was investigated and found to be valid and fixed...
[SECURITY] Fedora 25 Update: yara-3.6.0-1.fc25
YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...
[SECURITY] Fedora 26 Update: yara-3.6.0-1.fc26
YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...