GSX Analyzer 10.1211 - main.swf Hard-Coded Superadmin Credentials

GSX Analyzer 10.1211 - main.swf Hard-Coded Superadmin Credentials Exploit Title: GSX Analyzer hardcoded superadmin credentials in Main.swf Google Dork: inurl:"/Main.swf?cachebuster=" need to manually look for stringtitle "Loading GSX Analyzer ... 0%" Date: 12-07-16 Exploit Author: ndevnull Vendor...

Judge Tosses Evidence Gathered by FBI's Tor Exploit

The FBI’s refusal to share details about a network investigative technique it used to gather evidence against a Vancouver teacher charged with possession of child pornography has forced a federal judge’s hand to exclude the evidence from trial. The NIT used by the FBI to hack the Playpen website ...

AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection

ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro ASP.NET Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected: AfterLogic WebMail...

Intuit QuickBooks Desktop 2007 2016 - Arbitrary Code Execution

Intuit QuickBooks Desktop 2007 2016 - Arbitrary Code Execution + Credits: Maxim Tomashevich from Thegrideon Software + Website: https://www.thegrideon.com/ + Details: https://www.thegrideon.com/qb-internals-sql.html Vendor: --------------------- www.intuit.com www.intuit.ca www.intuit.co.uk...

Kamailio 4.3.4 - Heap Buffer Overflow

census ID: census-2016-0009 CVE ID: CVE-2016-2385 Affected Products: Kamailio 4.3.4 and possibly previous versions Class: Heap-based Buffer Overflow CWE-122 Remote: Yes Discovered by: Stelios Tsampas Kamailio successor of former OpenSER and SER is an Open Source SIP Server released under GPL, abl...

Cisco ASA VPN Portal Cross Site Scripting

Exploit author: Juan Sacco - [email protected] Affected program: Cisco ASA VPN Portal - Zero Day Cisco ASA VPN is prone to a XSS on the password recovery page. This vulnerability can be used by an attacker to capture other user's credentials. The password recovery form fails to filter proper...

TimeClock Software 0.995 - Multiple SQL Injections

TimeClock Software 0.995 - Multiple SQL Injections Exploit Title : Timeclock-software - Multiple SQL injections Author:Marcela Benetrix Date: 01/27/2016 version: 0.995 older version may be vulnerable too software link:http://timeclock-software.net Timeclock software Timeclock-software.net's free...

WordPress Comment Rating 1.5.0 Cross Site Scripting

FULL DISCLOSURE Product : wp-comment-rating Exploit Author : Rahul Pratap Singh Version : 1.5.0 Home page Link : http://codecanyon.net/item/wordpress-comment-rating-plugin/6582710 Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 30/Jan/2016 XSS...

BK Mobile jQuery CMS 2.4 - Multiple Vulnerabilities

BK Mobile jQuery CMS 2.4 - Multiple Vulnerabilities Product : BK Mobile CMS Exploit Author : Rahul Pratap Singh Version : 2.4 Home page Link : http://codecanyon.net/item/jquery-mobile-website-with-full-admin-panel/2441358 Website : 0x62626262.wordpress.com Linkedin :...

Redis File Upload

This module can be used to leverage functionality exposed by Redis to achieve somewhat arbitrary file upload to a file and directory to which the user account running the redis instance has access. It is not totally arbitrary because the exact contents of the file cannot be completely controlled...

phpFileManager 0.9.8 - CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: CSRF Remote Backdoor Shell Google Dork: intitle: CSRF Remote Backdoor Shell Date: 2015-07-29 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: phpfm.sourceforge.net Software Link:...

WordPress Premium SEO Pack 1.8.0 Shell Upload / File Disclosure

Premium SEO Pack Wordpress Plugin Unauthenicated Arbitrary File Upload & LFD Link: http://codecanyon.net/item/premium-seo-pack-wordpress-plugin/6109437 This Plugin is Vulnerable to Local File Disclosure and Remote Code Execute via Arbitrary File Upload. Vulnerability CodeShorted: class...

CMS Pylot Cross Site Request Forgery / Cross Site Scripting

Hello list! These are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in CMS Pylot "Ïèëîò" on Russian. It's Ukrainian commercial CMS from Delta-X. ------------------------- Affected products: ------------------------- Vulnerable are all versions of CMS Pylot. Developers from...

Megapolis.Portal Manager Cross Site Scripting

Hello list! These are Cross-Site Scripting vulnerabilities in Megapolis.Portal Manager. It's commercial CMS from Softline-IT earlier Softline, which in particularly widespread among Ukrainian government sites including ministry, parliament, two special services and many other web sites. In 2012 I...

Webmin < 1.290 / Usermin < 1.220 Arbitrary File Disclosure Exploit

No description provided by source...

Indexu 7 PHP Code Injection

--------------------------------------- Author : L3b-r1'z Title : Indexu 7 Php Code Injection Date : 5/30/2012 Email : [email protected] Site : Sec4Ever.com & Exploit4arab.com Google Dork : allintext: "Listing by GooglePR" Version : N\A --------------------------------------- 1 Bug 2 PoC...

Sagem [email protected] 1500WG PPPoE Data Disclosure (ADSL Router)

Exploit for hardware platform in category web applications ================================================================================ || | | || || || |/ | || |/ | | | | | | | | | | | \ | | | | \ ================================================================================ Exploit Title:...

PHPMyFAQ 2.7.0 - ajax_create_folder.php Remote Code Execution

PHPMyFAQ 2.7.0 - ajaxcreatefolder.php Remote Code Execution ?php / ------------------------------------------------------------------------ phpMyFAQ = 2.7.0 ajaxcreatefolder.php Remote Code Execution Exploit ------------------------------------------------------------------------...

vAuthenticate 3.0.1 Auth Bypass by Cookie SQL Injection Vulnerability

Exploit for php platform in category web applications ----------------------------------------------------------------------- vAuthenticate 3.0.1 Auth Bypass by Cookie SQL Injection Vulnerability ----------------------------------------------------------------------- Author: bd0rk Contact:...

AChecker 1.2 Multiple Error-Based SQL Injection vulnerabilities

Summary AChecker is an open source Web accessibility evaluation tool. It can be used to review the accessibility of Web pages based on a variety international accessibility guidelines. Description Input passed via the parameter 'myownpatchid' in '/updater/patchedit.php' and the parameter 'id' in...