1939 matches found
Grapixel New Media 2 - pageref SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Grapixel New Media 2 - 'pageref' SQL Injection Exploit Author: Berk Dusunur Vendor Homepage: http://www.grapixel.com Software Link: http://www.grapixel.com Affected Version: v2 Tested on: MacosX CVE : N/A Proof Of Concept...
Grapixel New Media 2 SQL Injection
Exploit Title: Grapixel New Media 2 - 'pageref' SQL Injection Exploit Author: Berk Dusunur Google Dork: N/A Type: Web App Date: 2018-10-26 Vendor Homepage: http://www.grapixel.com Software Link: http://www.grapixel.com Affected Version: v2 Tested on: MacosX CVE : N/A Proof Of Concept Time-Based s...
Grapixel New Media 2 - pageref SQL Injection
Grapixel New Media 2 - pageref SQL Injection Exploit Title: Grapixel New Media 2 - 'pageref' SQL Injection Exploit Author: Berk Dusunur Google Dork: N/A Type: Web App Date: 2018-10-26 Vendor Homepage: http://www.grapixel.com Software Link: http://www.grapixel.com Affected Version: v2 Tested on:...
Grapixel New Media 2 - 'pageref' SQL Injection
Exploit Title: Grapixel New Media 2 - 'pageref' SQL Injection Exploit Author: Berk Dusunur Google Dork: N/A Type: Web App Date: 2018-10-26 Vendor Homepage: http://www.grapixel.com Software Link: http://www.grapixel.com Affected Version: v2 Tested on: MacosX CVE : N/A Proof Of Concept Time-Based s...
CVE-2018-18375
The Red Hat/ NVD entry describes CVE-2018-18375 affecting Orange AirBox Y858_FL_01.16_04: the function goform/getProfileList can be queried with the rand parameter to extract APN data (name, number, username, password). The connected records confirm the vulnerable endpoint and data exposure but d...
Photon v1.1.4 - Incredibly Fast Crawler Designed For Recon
Incredibly Fast Crawler Designed For Recon. Key Features Data Extraction Photon can extract the following data while crawling: URLs in-scope & out-of-scope URLs with parameters example.com/gallery.php?id=2 Intel emails, social media accounts, amazon buckets etc. Files pdf, png, xml etc. Secret ke...
PT-2018-16298 · Samsung · Samsung Smartthings Hub
Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub affected versions not specified Description: A stack-based buffer overflow issue exists in the video-core's HTTP server of the Samsung SmartThings Hub. This occurs due to insecure extraction of the shard.videoHostURL...
CVE-2018-16957
The Oracle WebCenter Interaction 10.3.3 search service queryd.exe binary is compiled with the i1g2s3c4 hardcoded password. Authentication to the Oracle WCI search service uses this hardcoded password and cannot be customised by customers. An adversary able to access this service over a network...
baijiacms SQL Injection Vulnerability
baijiacms is a content management system CMS for e-commerce. A SQL injection vulnerability exists in version 4 of baijiacms, which can be exploited by a remote attacker to obtain data from the database using the 'order' parameter in the index.php?act=index request...
Zomato: [www.zomato.com] SQLi - /php/██████████ - item_id
Thanks @gerbenjavado for helping us keep @zomato secure : Thanks to the entire @Zomato team for doing this challenge. Its a pleasure to be back in the bug bounty game after a while. Introduction So I managed to find SQLi on https://www.zomato.com/php/██████████ in the POST parameter itemid...
UBUNTU-CVE-2016-8640
A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL at least it is possible to perform updates/inserts/deletes and database...
CVE-2016-8640
PyCSW is vulnerable to a SQL injection in all versions before 2.0.2, 1.10.5, and 1.8.6, allowing read/exfiltration of data from any table the DB user can access; on PostgreSQL it may also enable updates/inserts/deletes to covered tables. The vulnerability is confirmed across multiple sources (NVD...
Lightning Fast Web Crawler: Photon
Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target. 160 requests per second while extensive data extraction is just another day for Photon! Main Features Data Extraction Photon extracts the following data while crawling by default: URLs in-scope &...
Shopify: Admin bar: Incomplete message origin validation results in XSS
This issue is very similar to https://hackerone.com/reports/381192, identical logic in a different script. The JavaScript code at https://cdn.shopify.com/s/assets/storefront/bars/adminbarinjector-7461c2cab955bf9ef3df40acd10741df8c4e27c86d9dc323f65a4e786a1786f2.js loaded by the shop front when the...
Apache, IBM Patch Critical Cloud Vulnerability
Apache and IBM have patched a critical vulnerability that allows attackers to replace a company’s serverless code with their own malicious script. Once running, the bad code could then be used for a range of nefarious tasks, including extracting confidential customer data such as passwords or...
IBM fixes flaw that let hackers replace its serverless code with their own
By Waqas This is the first publicly-disclosed vulnerability in a serverless platform. Experts at IBM The International Business Machines Corporation have patched a critical vulnerability in its Cloud Functions which if exploited could allow remote malicious hackers to replace company's serverless...
Hindsight - Internet History Forensics For Google Chrome/Chromium
Hindsight is a free tool for analyzing web artifacts. It started with the browsing history of the Google Chrome web browser and has expanded to support other Chromium-based applications with more to come!. Hindsight can parse a number of different types of web artifacts, including URLs, download...
See how I dig in and successfully exploited India's Popular Sports company web site Host header SQL injection vulnerability-vulnerability warning-the black bar safety net
Today I want to share one I'm doing bugbounty project, discovered a very interesting vulnerability, and this vulnerability appeared in India, a popular sports company website. This article is about“how do I use the host header to find out theSQL injectionvulnerabilities, and the use of sqlmap...
CVE-2018-12336
Undocumented Factory Backdoor in ECOS Secure Boot Stick aka SBS 5.6.5 allows the vendor to extract confidential information via remote root SSH access...
SUSE-SU-2018:1582-1 Security update for xen
This update for xen fixes one issue. This security issue was fixed: - CVE-2018-3639: Prevent attackers with local user access from extracting information via a side-channel analysis, aka Speculative Store Bypass SSB, Variant 4 bsc1092631...