2123 matches found
InterWorx Web Control Panel Cross Site Scripting
============================================== Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.12 build 569 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-2035 Risk Level: Medium CVSSv2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N Solution...
Dexter (CasinoLoader) - SQL Injection (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Dexter CasinoLoader SQL Injection", 'Description' = %q This module exploits a vulnerability found in the command and control panel us...
Dexter (CasinoLoader) SQL Injection
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Dexter CasinoLoader SQL Injection", 'Description' = %q This module exploits a vulnerability found in the command and control panel us...
Kloxo SQL注入和远程代码执行漏洞
No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper Ran...
Kloxo SQL Injection / Remote Code Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Kloxo SQL Injection and Remote Code Execution', 'Description' = %q This module exploits an unauthenticated SQL injection vulnerabilit...
Kloxo SQL Injection / Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated SQL injection vulnerability affecting Kloxo, as exploited in the wild on January 2014. The SQL injection issue can be abused in order to retrieve the Kloxo admin cleartext password from the database. With admin access to the web control panel,...
Dexter (CasinoLoader) SQL Injection
This module exploits a vulnerability found in the command and control panel used to control Dexter Point of Sale malware. This is done by accessing the PHP page used by bots to report in gateway.php which does not sanitize input. Input is encrypted and encoded, but the key is supplied by the bot...
Kloxo SQL Injection and Remote Code Execution
This module exploits an unauthenticated SQL injection vulnerability affecting Kloxo, as exploited in the wild on January 2014. The SQL injection issue can be abused in order to retrieve the Kloxo admin cleartext password from the database. With admin access to the web control panel, remote PHP co...
UAEPD Shopping Script SQL Injection Vulnerabilty
Exploit for php platform in category web applications .:. Author : AtT4CKxT3rR0r1ST .:. Contact : email protected , email protected .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.uaepd.net/ .:. Dork : 1inurl:”products.php?catid=” “Powered by: PD ” 2inurl:”products.php?pid” “Power...
XAMPP Control Panel XSS Vulnerability (Jan 2014) - Active Check
XAMPP is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apachefriends:xampp";...
UAEPD Shopping Script SQL Injection
uaepd script Multiple Sql Injection Vulnerabilty ==================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.uaepd.net/ .:. Dork :...
Tajikistan Domain Registrar hacked; Google, Yahoo, Twitter, Amazon also defaced
Google’s primary search domain for Tajikistan had seemingly been hacked yesterday, along with other high profile domains including Yahoo, Twitter, Amazon -- redirected to a defaced page. Actually neither Google, nor Twitter servers have been hacked, rather website of Tajikistan's Domain registrar...
vBulletin 5 - 'index.php/ajax/api/reputation/vote?nodeid' SQL Injection (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'vBulletin index.php/ajax/api/reputation/vote nodeid Parameter SQL Injection', 'Description' = %q This module exploits a SQL injection...
PHPCMS Guestbook Cross Site Scripting
CVE-2013-5939:PHPCMS guestbook module Stored XSS Vulnerability Severity: Important Vendor: phpcms.cn Versions Affected: All of use guestbook module phpcms Description: The phpcms has be found the Stored XSS Vulnerability if use the guestbook module.someone can insert xss code at the front...
WebTester 5.x Multiple Vulnerabilities
WebTester 5.x Multiple Vulnerabilities suffer from SQL Injection Vulnerability, Arbitrary File Upload Vulnerability, PHPInfo Disclosure and Leftover install.php File. ========================================================================================== WebTester 5.x Multiple Vulnerabilities...
WebTester 5.x - Multiple Vulnerabilities
========================================================================================== WebTester 5.x Multiple Vulnerabilities ==========================================================================================...
WebTester 5.x - Multiple Vulnerabilities
WebTester 5.x - Multiple Vulnerabilities ========================================================================================== WebTester 5.x Multiple Vulnerabilities ==========================================================================================...
Virtualizor Detection
Virtualizor, a web-based VPS Virtual Private Server control panel is running on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69043; scriptversion"1.4"; scriptsetattributeattribute:"pluginmodificationdate", value:"2022/06/01";...
Apache Web Server Plesk Control Panel Configuration Code Execution
A remote code execution vulnerability that affects Apache web servers has been reported in Plesk Control Panel...
Invision Power Board 1.x / 2.x / 3.x Admin Account Takeover
IPB Invision Power Board all versions 1.x? / 2.x / 3.x Admin account Takeover leading to code execution Written on : 2013/05/02 Released on : 2013/05/13 Author: John JEAN @johnjean on twitter Affected application: Invision Power Board = 3.4.4 Type of vulnerability: Logical Vulnerability / Bad...