Lucene search
K

1336 matches found

exploitpack
exploitpack
added 2013/11/08 12:0 a.m.32 views

Sagemcom F@st 3184 2.1.11 - Multiple Vulnerabilities

Sagemcom F@st 3184 2.1.11 - Multiple Vulnerabilities +------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the...

6.1CVSS0.3AI score0.04743EPSS
Exploits12
0day.today
0day.today
added 2013/11/05 12:0 a.m.78 views

HOTBOX 2.1.11 CSRF / Traversal / Denial Of Service

HOTBOX router/modem version 2.1.11 suffers from cross site request forgery, denial of service, script injection, and directory traversal vulnerabilities. Denial of service and cross site request forgery proof of concepts included...

6.1CVSS0.04743EPSS
Exploits12
Packet Storm
Packet Storm
added 2013/11/04 12:0 a.m.50 views

HOTBOX 2.1.11 CSRF / Traversal / Denial Of Service

+------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F@st 3184. |...

6.1CVSS0.1AI score0.04743EPSS
Exploits12
OSV
OSV
added 2013/10/27 12:55 a.m.14 views

CVE-2013-4302

1 ApiBlock.php, 2 ApiCreateAccount.php, 3 ApiLogin.php, 4 ApiMain.php, 5 ApiQueryDeletedrevs.php, 6 ApiTokens.php, and 7 ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the...

6.2AI score
Exploits0References10
0day.today
0day.today
added 2013/10/09 12:0 a.m.25 views

WHMCS 5.2.7 - SQL Injection Exploit

Exploit for php platform in category web applications !/usr/bin/env python 2013/10/03 - WHMCS 5.2.7 SQL Injection http://localhost.re/p/whmcs-527-vulnerability url = 'http://clients.target.com/' wopsie dopsie useremail = 'email protected' just create a dummie account at /register.php userpwd =...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2013/10/08 12:0 a.m.18 views

WHMCS 5.2.7 SQL Injection

!/usr/bin/env python 2013/10/03 - WHMCS 5.2.7 SQL Injection http://localhost.re/p/whmcs-527-vulnerability url = 'http://clients.target.com/' wopsie dopsie useremail = '[email protected]' just create a dummie account at /register.php userpwd = 'hacker' import urllib, re, sys from urllib2 impo...

Exploits0
seebug.org
seebug.org
added 2013/09/28 12:0 a.m.27 views

phpwind配置不当可导致CSRF发帖

简要描述: phpwind配置不当可导致CSRF发帖 详细说明: crossdomain.xml的默认设置: - 虽然有建议 但是普通站长谁没事改这个啊,还不如你们在安装时直接根据host重写下crossdomain.xml得了。 先取到csrf的token function gethash function getformhashtxt txt = txt.split'csrftoken" value="'1.split'"'0; return txt; var resultlv:LoadVars = new LoadVars; resultlv.onData = functiontx...

7AI score
Exploits0
Debian
Debian
added 2013/09/13 7:55 a.m.65 views

[SECURITY] [DSA 2753-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2753-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 13, 2013 http://www.debian.org/security/faq -...

5CVSS5.4AI score0.01992EPSS
Exploits0
Packet Storm
Packet Storm
added 2013/08/21 12:0 a.m.48 views

Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Foreman Red Hat OpenStack/Satellite...

6CVSS6.6AI score0.20934EPSS
Exploits4
Packet Storm
Packet Storm
added 2013/08/14 12:0 a.m.22 views

Spitefire CMS 1.1.4 Cross Site Request Forgery

Exploit Title: spitefire CMS - CSRF / ADD / EDTI / UPLOAD FILE Date: 2013 15 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://spitfire.clausmuus.de/ Tested on: Linux & Windows, PHP 5.2.9 Affected...

0.6AI score
Exploits0
0day.today
0day.today
added 2013/07/23 12:0 a.m.88 views

Foreman (Red Hat OpenStack/Satellite) Code Injection Vulnerability

This Metasploit module exploits a code injection vulnerability in the 'create' action of 'bookmarks' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions...

6CVSS7AI score0.24782EPSS
Exploits5
Packet Storm
Packet Storm
added 2013/06/21 12:0 a.m.25 views

Google Translate Cross Site Request Forgery

+------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Google Translate CSRF Vulnerability Date : 06/20/2013 Author : Ivano Binetti http://www.ivanobinetti.com Affected Web site :...

0.3AI score
Exploits0
OwnCloud
OwnCloud
added 2013/05/14 11:42 a.m.46 views

Server: CSRF token leakage

The configuration loader in ownCloud 5.0.x before 5.0.6 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

5CVSS6AI score0.01799EPSS
Exploits0Affected Software1
0day.today
0day.today
added 2013/05/07 12:0 a.m.23 views

Webid 1.0.6 - Multiple Vulnerabilities

WeBid is an open-source auction script package. Although still in beta stages WeBid is one of the best open-source solutions for getting an auction site up and running quickly and cheaply. Written in the popular scripting language PHP and with a large collection of highly customisable features...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2013/05/06 12:0 a.m.1113 views

WeBid 1.0.6 - Multiple Vulnerabilities

WeBid 1.0.6 - Multiple Vulnerabilities Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability Google Dork: intext:"Powered by WeBid" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Vendor: http://www.webidsupport.com/ Software Link:...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2013/05/06 12:0 a.m.17565 views

WeBid 1.0.6 - Multiple Vulnerabilities

Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability Google Dork: intext:"Powered by WeBid" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Vendor: http://www.webidsupport.com/ Software Link:...

7.4AI score
Exploits0
0day.today
0day.today
added 2013/05/05 12:0 a.m.1767 views

Webid Blind SQL Injection / Local File Disclosure Vulnerability

Exploit for php platform in category web applications Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability Google Dork: intext:"Powered by WeBid" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Vendor: http://www.webidsupport.com/ Software Link:...

7.1AI score
Exploits0
0day.today
0day.today
added 2013/04/30 12:0 a.m.111 views

phpMyAdmin Authenticated Remote Code Execution Vulnerability

This Metasploit module exploits a PREGREPLACEEVAL vulnerability in phpMyAdmin's replaceprefixtbl within libraries/multsubmits.inc.php via dbsettings.php. This affects versions 3.5.x below 3.5.8.1 and 4.0.0 below 4.0.0-rc3. PHP versions greater than 5.4.6 are not vulnerable. This file is part of t...

6CVSS0.7AI score0.28851EPSS
Exploits14
Packet Storm
Packet Storm
added 2013/04/18 12:0 a.m.21 views

Fork CMS Cross Site Request Forgery

==================================================================================== Fork-CMS CSRF: Introduction Author: Rafay Baloch CSRF OR XSRF Cross site request forgery occurs when the victim forces your browser to send a forged request and makes the victim performing a particular action. An...

0.6AI score
Exploits0
Cvelist
Cvelist
added 2012/08/27 12:0 a.m.25 views

CVE-2012-2128

Cross-site request forgery CSRF vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129...

6.5AI score0.01242EPSS
Exploits0References9
Rows per page
Query Builder