Adem 0.5.1 Local File Inclusion

----------exploit Debut Local File Include Vulnerability ----------Script Info Author : JIKO ----------Script Info Site : https://github.com/4FSB/Adem && http://adem.faares.com/demo Version : 0.5.1 Download : https://codeload.github.com/4FSB/Adem/zip/master ----------exploit Info Exploit :...

GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection

GeoCore MAX DB Ver. 7.3.3 - Blind SQL Injection Exploit Title: GeoCore MAX DB Ver. 7.3.3 - Time-Based Blind Injection Official site: http://geodesicsolutions.com Risk Level: High Vendor : http://geodesicsolutions.com Exploit Author: Esac Homepage author : www.iss4m.ma Last Checked: 25/04/2014...

Adem 0.5.1 - Local File Inclusion

Adem 0.5.1 - Local File Inclusion ----------exploit Debut Local File Include Vulnerability ----------Script Info Author : JIKO ----------Script Info Site : https://github.com/4FSB/Adem && http://adem.faares.com/demo Version : 0.5.1 Download : https://codeload.github.com/4FSB/Adem/zip/master...

SNEHA IT Soluctions's LFI Vulnerabilities

Exploit for windows platform in category web applications --------------------index.php-------------------- $page = $GET'page'; if$page!="" $p= $page; else echo "window.location = 'index.php';"; include SOURCES . $p; --------------------index.php-------------------- So you can include a fil by...

PTCeffect 4.6 Local File Inclusion / SQL Injection

Exploit Title: PTCeffect LFI & SQL Injection Vulnerabilities Google Dork: find it : Date: 2014-04-19 Exploit Author: Walidz Software Link: http://www.ptceffect.com/ Version: 4.6 Tested on: windows,linux,mac os CVE : N/A The LFI vulnerability is in index.php...

PTCeffect 4.6 - Local File Inclusion SQL Injection

PTCeffect 4.6 - Local File Inclusion SQL Injection Exploit Title: PTCeffect LFI & SQL Injection Vulnerabilities Google Dork: find it : Date: 2014-04-19 Exploit Author: Walidz Software Link: http://www.ptceffect.com/ Version: 4.6 Tested on: windows,linux,mac os CVE : N/A The LFI vulnerability is i...

CMS Morpheus SQL Injection

SQL Injection on CMS Morpheus Risk: High CWE number: CWE-89 Date: 19/04/2014 Vendor: www.pixel-dusche.de Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on Windows 8 pro Vulnerable File: index.php Exploit: http://www.site.com/index.php?cid=SQLI...

Localize: Uninitialized variable error message leaks information

An uninitialized variable $alert at line 630 in index.php shows an error message. This happens after a POST /pages/createproject. The error message does not appear in the browser because the user is redirected to the new project immediately, but it is there in the HTTP response see error.png. Thi...

CMS Studio Cross Site Scripting

Multiple Cross Site Scripting on CMS STUDIO Risk: Low CWE number: CWE-79 Date: 15/04/2014 Vendor: www.cmsstudio.info Author: Felipe " Renzi " Gabriel Contact: [email protected] Tested on Windows 8 pro Vulnerable File: index.php Exploit: http://host/index.php?spageid=xss...

CVE-2014-2712

Cross-site scripting XSS vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web...

Cross site scripting

Cross-site scripting XSS vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web...

Easily around the various WAF POST injection, cross-site Defense(such as security Dog)-vulnerability warning-the black bar safety net

XXX before there was mention of a multipart request to bypass the various WAF way: 3 6 0 website po/security po/accelerating music and other similar product protection to bypass the defective one, and seemingly didn't cause much concern. Found out today that a security Dog gets smart before that ...

WebLife CMS SQL Injection

Mulitple SQL Injection on WebLife CMS Risk: High CWE number: CWE-89 Date: 09/04/2014 Vendor: www.weblife.sk Author: Felipe "Renzi" Gabriel Contact: [email protected] Tested on Windows 8 pro Vulnerable File: index.php Exploit: http://host/index.php?jazyk=SQLI http://host/index.php?page=SQLI PoC:...

CVE-2013-0807

Cross-site scripting XSS vulnerability in the NewSectionPrompt function in include/tool/editingpage.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a newsection action to index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the NewSectionPrompt function in include/tool/editingpage.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a newsection action to index.php...

OXID eShop 'index.php'多个HTTP应答拆分漏洞

Bugtraq ID:66371 CVE ID:CVE-2014-2017 OXID eShop又名OXID eSales是一个e-commerce系统,采用PHP开发,使用MySQL来存储数据。 通过"anid", "cnid"和"listtype"参数传递给index.php的输入在用于限制HTTP头字段时缺少过滤，允许远程攻击者利用漏洞把包含任意HTTP头的应答发送给用户。 0 OXID eShop 4.x OXID eShop 5.x OXID eShop Professional, Community或Enterprise version 4.7.11/5.0.11 and...

CVE-2013-5953

Multiple cross-site scripting XSS vulnerabilities in tmpl/layouteditevent.php in the Multi Calendar commulticalendar component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 calid or 2 paletteDefault parameter in an...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in tmpl/layouteditevent.php in the Multi Calendar commulticalendar component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 calid or 2 paletteDefault parameter in an...

Joomla Multi Calendar 4.0.2 Cross Site Scripting

Hello, Multiple cross-site scripting XSS vulnerabilities in Multi calendar 4.0.2 component for Joomla! allow remote attackers to inject arbitrary web script or HTML code via 1 the calid parameter to index.php or 2 the paletteDefault parameter to index.php. File: /tmpl/layouteditevent.php Lines: 1...

ClanSphere "where"跨站脚本漏洞

ClanSphere是一个高级Web内容管理系统，主要用于搭建部落和电子竞技类网站。 由于通过"where" GET参数传递到index.php 当"mod"设置为"users"的输入在返回用户前没有正确过滤，攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 0 ClanSphere 2011.4.3 目前厂商暂无提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.csphere.eu/...