WayangCMS 跨站脚本漏洞

WayangCMS is a software application. A website CMS. WayangCMS suffers from a cross-site scripting vulnerability that originates from a cross-site scripting XSS vulnerability in index.php of WayangCMS v1.0. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by adding...

SEO Redirection < 6.4 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users even with the unfilteredhtml disabled to set XSS payloads Create a new Custom redirect /wp-admin/options-general.php?page=seo-redirection.php and set a...

Whatsapp Desktop (session hijacking) Payload 0day Exploit

This vulnerability makes you able to get Full Access Any account Victim installed Whatsapp Version Desktop By Payload Exploit Support ant last version proof video: https://0day.today/videos/34312.mp4...

Buffer Overflow Vulnerability in AC9V3.0 Upgrade Software of Shenzhen Jixiang Tengda Technology Co.

AC9V3.0 upgrade software is a Gigabit Ethernet port wireless router from Shenzhen Jixiang Tengda Technology Co. Ltd. AC9V3.0 upgrade software has a buffer overflow vulnerability, which can be exploited by an attacker to cause a denial of service overwrite the return value of a function, and the...

Telegram Desktop (session hijacking) Payload Exploit

This vulnerability makes you able to Get full access. By hijacking User session using payload...

DeviceViewer 3.12.0.1 - &#039;creating user&#039; Denial of Service

!/usr/bin/python Exploit Title: DeviceViewer 3.12.0.1 - 'creating user' DOS buffer overflow Date: 9/23/2019 Exploit Author: x00pwn Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on: Windows 7 Steps to reproduce: ...

XooDigital - &#039;p&#039; SQL Injection

Exploit Title: XooDigital - 'p' SQL Injection Date: 26.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://xooscripts.com/product/digital-download-protection-script.html Demo Site: http://xooscripts.com/demos/xoodigital/ Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC :...

ATCOMINK Shop Cross Site Scripting

Payload = "PersianHack Team /webboard/show.php?Category=thaitestonline&No=121%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team.VpgF8SiDHIU...

帝友P2C借贷系统前台getshell#1

简要描述： 帝友P2C借贷系统前台getshell1 详细说明： 这次是帝友公司旗下出的另一套电子商务cms 不是帝友p2p！ 官方最新版本是 帝友P2C借贷系统V1.01 上传头像处存在getshell 已官方演示站做演示 已注册账号，账号密码都是test1a 访问 http://p2c.diyou.cc/?user&m=approve/safe 上传头像，抓包 修改数据包，插入一句话木马，修改后缀为php后缀 虽然回显500，但是phpshell已经上传了 dyupfiles/avatar/diyou/用户id.php 得到...

Microsoft Internet Explorer 5 - NavigateAndFind() Cross-Zone Policy (MS04-004)

Microsoft Internet Explorer 5 - NavigateAndFind Cross-Zone Policy MS04-004 source: https://www.securityfocus.com/bid/9568/info A vulnerability has been reported in Microsoft Internet Explorer. Because of this, an attacker may be able to violate cross-zone policy. It has been reported that the iss...