CVE-2014-2531

InterWorx Web Control Panel (InterWorx-CP) before 5.0.14 build 577 is vulnerable to SQL injection in xhr.php via the i parameter in the search action for NodeWorx, SiteWorx, and Resellers interfaces. Root cause is that the application constructs dynamic SQL by concatenating user input without pro...

SEO Control Panel 3.6.0 SQL Injection Vulnerability

SEO Control Panel version 3.0 suffers from a remote authenticated SQL injection vulnerability. Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho email protected or email protected Vendor Homepage: www.seopanel.in Software Link:...

InterWorx Web Control Panel Information Disclosure and XSS Vulnerability

InterWorx Web Control Panel is prone to information disclosure and xss vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

SEO Control Panel 3.6.0 SQL Injection

Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link: http://www.seopanel.in/spdownload/ Version: Seo Panel Version 3.6.0 Tested on: Ka...

SEO Control Panel 3.6.0 - (Authenticated) SQL Injection

SEO Control Panel 3.6.0 - Authenticated SQL Injection Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link:...

SEO Control Panel 3.6.0 - (Authenticated) SQL Injection

Exploit Title: Seo Control Panel 3.6.0 Authenticated Sql Injection Date: 10/10/2014 Exploit Author: Tiago Carvalho [email protected] or [email protected] Vendor Homepage: www.seopanel.in Software Link: http://www.seopanel.in/spdownload/ Version: Seo Panel Version 3.6.0 Tested on: Ka...

Rovnix Variant Surfaces With New DGA

Researchers have unearthed a new version of the Rovnix malware that has a couple of additional features, including a new domain generation algorithm and a secure transmission channel for communicating with the command-and-control servers. Rovnix is a malware variant that often has been distribute...

Microsoft Exchange - IIS HTTP Internal IP Address Disclosure (Metasploit)

Exploit Title: Microsoft Exchange IIS HTTP Internal IP Disclosure Vulnerability Google Dork: NA Date: 08/01/2014 Exploit Author: Nate Power Vendor Homepage: microsoft.com Software Link: NA Version: Exchange OWA 2003, Exchange CAS 2007/2010/2013 Tested on: Exchange OWA 2003, Exchange CAS...

Bash Vulnerability Exploits Dropping DDoS Bots

A honeypot run by researchers at AlienVault Labs has snared two separate pieces of malware attempting to exploit the Bash vulnerability. One sample is a repurposed IRC bot written in Perl that is trying to build a botnet to be used in distributed denial of service attacks DDoS, said Jaime Blasco,...

DNN(DotNetNuke®) Iconbar Control Panel Bad Access Level config

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNNDotNetNuke® Iconbar Control Panel Bad Access Level config Author : alieye vendor : http://dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl:ctl/+inurl:/tab inurl:ctl+inurl:tab Model Module...

DNN(DotNetNuke®) Ribbon Bar Control Panel Bad Access Level config

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Title : DNNDotNetNuke® Ribbon Bar Control Panel Bad Access Level config Author : alieye vendor : http://dnnsoftware.com/ Contact : [email protected] Risk : High Class: Remote Google Dork: inurl:ctl/+inurl:/tab inurl:ctl+inurl:tab Model...

Multiple Security Issues with Intel® Manycore Platform Software Stack (Intel® MPSS) release 3.x

Summary: This Security Bulletin discusses several security vulnerabilities that affect previous versions of Intel® Manycore Platform Software Stack Intel® MPSS release 3.x. Some stem from vulnerabilities in the 3rd-party OpenSSL library, which is built into the coprocessor OS. Others were...

E-Manage MySchool 7.02 SQL Injection Vulnerability

No description provided by source. Exploit Title: SQL Injection MySchool Version 7.02 Google Dork: MySchool Version 7.02 Date: 05-21-2011 Software Link: http://em.com.eg/ Version: Version 7.02 Author: az7rb Tested on : winxp sp3 Ar end bt5 Homepage : www.p0c.cc Greetz : p0c Team & Dr.NaNo & All M...

MiCasaVerde VeraLite 1.5.408 - Multiple Vulnerabilities

No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2013-019: Multiple Vulnerabilities in MiCasaVerde VeraLite Published: 08/01/13 Version: 1.0 Vendor: MiCasaVerde http://www.micasaverde.com/ Product: VeraLite Version affected: 1.5.408 Product description: The MiCasaVerd...

PhpHostBot <= 1.06 (svr_rootscript) Remote File Inclusion Vulnerability

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV83$2007 ----------------------------------------------------------------------------------------- ECHOADV83$2007 PhpHostBot = 1.06 svrrootscript Remote File Inclusion...

Verlihub Control Panel 1.7 Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/34856/info Verlihub Control Panel is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrar...

Realtek Audio Control Panel 1.0.1.65 Exploit

No description provided by source. done by BraniX [email protected] www.hackers.org.pl found: 2010.08.24 tested on: Windows XP SP3 Home Edition App. has classic buffer overflow vulnerability it can be triggered by passing a too long argument as a startup parameter. Shellcode can by run via...

JiRo's Upload System 1.0 Login.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13833/info JiRo's Upload System is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitati...

MXBB Profile Control Panel 0.91c Module Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21520/info The mxBB profile Control Panel module is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary...

DMXReady Members Area Manager Persistent XSS Vulnerability

No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: DMXReady Members Area Manager Persistent XSS Vendor url:http://www.dmxready.com/ Version:2 Price:295$ Published: 2010-09-06 GThanx to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic...