Itech Multi Vendor Script 6.49 - SQL Injection

Itech Multi Vendor Script 6.49 - SQL Injection Exploit Title : Itech Multi Vendor Script - Multiple SQL Injections Author : Yunus YILDIRIM Th3GundY Team : CT-Zer0 @CRYPTTECH - https://www.crypttech.com Website : http://www.yunus.ninja Contact : [email protected] Vendor Homepage :...

Itech Multi Vendor Script 6.49 - SQL Injection

Exploit Title : Itech Multi Vendor Script - Multiple SQL Injections Author : Yunus YILDIRIM Th3GundY Team : CT-Zer0 @CRYPTTECH - https://www.crypttech.com Website : http://www.yunus.ninja Contact : [email protected] Vendor Homepage : http://itechscripts.com/ Software Link :...

SlimarUSER Management 1.0 - 'id' SQL Injection

Exploit Title: SlimarUSER Management v1.0 – 'id' Parameter SQL Injection Date: 03.02.2017 Vendor Homepage: http://slimar.org Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview SlimarUSER is a PHP user management system ful...

Itech Classifieds Script 7.27 SQL Injection

Exploit Title: Itech Classifieds Script v7.27 a SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/classifieds-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...

Auction Script 6.49 SQL Injection

Exploit Title: Itech Auction Script v6.49 a SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/auction-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview...

Itech B2B Script 4.28 SQL Injection

Exploit Title: Itech B2B Script v4.28 a SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/b2b-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview B2B...

Itech Multi Vendor Script 6.49 - pl SQL Injection

Itech Multi Vendor Script 6.49 - pl SQL Injection Exploit Title: Itech Multi Vendor Script 6.49 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/multi-vendor-shopping-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom...

Itech Classifieds Script 7.27 - scat SQL Injection

Itech Classifieds Script 7.27 - scat SQL Injection Exploit Title: Itech Classifieds Script v7.27 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/classifieds-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website:...

Itech Real Estate Script 3.12 - SQL Injection

Exploit Title: Itech Real Estate Script v3.12 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/real-estate-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...

CVE-2015-8857

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript...

DEBIAN-CVE-2015-8857

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript...

UBUNTU-CVE-2015-8857

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript...

iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

Exploit Title : Video Sharing Script v4.93 - Multiple Vulnerability Author : Hasan Emre Ozer Google Dork : - Date : 18/01/2017 Type : webapps Platform: PHP Vendor Homepage : http://itechscripts.com/video-sharing-script/ Sofware Price and Demo : $250 http://video-sharing.itechscripts.com...

iTechScripts Payment Gateway Script 8.46 SQL Injection

Exploit Title : Payment Gateway Script v8.46 - Multiple Vulnerability Author : Hasan Emre Ozer Google Dork : - Date : 18/01/2017 Type : webapps Platform: PHP Vendor Homepage : http://itechscripts.com/payment-gateway-script/ Sofware Price and Demo : $400 http://payment-gateway.itechscripts.com...

B2B Script 4.27 - SQL Injection

Vulnerability: B2B Script v4.27 - SQL Injection Date: 18.01.2017 Software link: http://itechscripts.com/b2b-script/ Demo: http://b2b.itechscripts.com Price: 199$ Category: webapps Exploit Author: Dawid Morawski Website: http://www.morawskiweb.pl Contact: [email protected] 1. Description...

UBUNTU-CVE-2016-9935

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

FreeBSD : PHP -- multiple vulnerabilities (6972668d-cdb7-11e6-a9a5-b499baebfeaf)

The PHP project reports : - Use After Free Vulnerability in unserialize CVE-2016-9936 - Invalid read when wddx decodes empty boolean element CVE-2016-9935 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD...

LocalTapiola: SQL Injection in lapsuudenturva (viestinta.lahitapiola.fi)

Basic report information Summary: Hi, The ctxvarsemail parameter in http://viestinta.lahitapiola.fi/webApp/lapsuudenturva, can be exploited to perform an SQL Injection Attack. The parameter is ctxvarsemail Description: The value inside the ctx tag , doesn't properly sanitized to user input, it ca...

Internet Bug Bounty: Invalid read when wddx decodes empty boolean element

Description ----------- I have found some vulnerable code in wddx extension. The trouble happens when trying to process 'boolean' tag. If I open tag without data, new stentry item WILL NOT be pushed into stack. When tag is closed and stack-top is greater than 1, stentry item at top of stack WILL ...

Yes, My Name is ||

Different cultures and nationalities have different naming conventions; I came from a one that led me to face the universe with a personal name "Or". I fact, my name has different meanings in different languages. In English the meaning of "Or" is function word that indicate alternatives and in...