Milw0rm Clone Script 1.0 Cross Site Scripting

Exploit Title: Milw0rm Clone Script 1.0 - XSS Vulnerability Date: 03.09.2015 Exploit Author: CrashBandicot @DosPerl Vendor Homepage: http://milw0rm.sourceforge.net/ Software Link: http://sourceforge.net/projects/milw0rm/files/milw0rm.rar/download Version: v1.0 Tested on: MSWin64 Vulnerable File :...

PHPfileNavigator 2.3.3 Privilege Escalation

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812b.txt Vendor: ========================= pfn.sourceforge.net Product: ===================================================== PHPfileNavigator v2.3.3 pfn...

Apple iTunes U - Persistent POST Inject Web Vulnerability

Document Title: =============== Apple iTunes U - Persistent POST Inject Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1532 Apple ID: 624515538 Release Date: ============= 2015-08-11 Vulnerability Laboratory ID VL-ID:...

UBNT Bug Bounty #3 - Persistent Filename Vulnerability

Document Title: =============== UBNT Bug Bounty 3 - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1467 Video: http://www.vulnerability-lab.com/getcontent.php?id=1468 Release Date: ============= 2015-08-11 Vulnerability...

FoxyCart Filter Bypass

Document Title: =============== FoxyCart Bug Bounty 1 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1451 098bdc9b309783df65044c5abb690dafdd4bcd436c380ae68c924fe37e14b4e0 Release Date: ============= 2015-07-15...

VFront 0.99.2 - Cross-Site Request Forgery Persistent Cross-Site Scripting

VFront 0.99.2 - Cross-Site Request Forgery Persistent Cross-Site Scripting Exploit Title: CSRF & Persistent XSS Google Dork: intitle: CSRF & Persistent XSS Date: 2015-06-02 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: www.vfront.org Software Link:...

OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities

Document Title: =============== OYO File Manager 1.1 iOS&Android - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-18 Vulnerability Laboratory ID VL-ID: ===================================...

Sypex Dumper 2.0.11 Cross Site Scripting

Credits: John Page hyp3rlinx Domains: hyp3rlinx.altervista.org Source: http://hyp3rlinx.altervista.org/advisories/AS-SYPEX0529.txt Vendor: https://sypex.net Product: Sypex Dumper 2.0.11 is a PHP web based MySQL database management system. Advisory Information:...

Wireless Photo Transfer 3.0 iOS - File Inclusion Vulnerability

Exploit for iOS platform in category web applications Document Title: =============== Wireless Photo Transfer v3.0 iOS - File Include Vulnerability Product & Service Introduction: =============================== Transfer your photo without usb. The best wireless photo transfer app on the App Stor...

Wireless Photo Transfer 3.0 iOS - Local File Inclusion

Document Title: =============== Wireless Photo Transfer v3.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1492 Release Date: ============= 2015-05-12 Vulnerability Laboratory ID VL-ID:...

SQLBuddy 1.3.3 Path Traversal

Exploit Title: Path traversal vulnerability Google Dork: intitle:path traversal Date: 05-08-2015 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: http://www.sqlbuddy.com Software Link: http://www.sqlbuddy.com Version: 1.3.3 Tested on: windows 7 Category:...

SQLBuddy 1.3.3 - Path Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Path traversal vulnerability Google Dork: intitle:path traversal Date: 05-08-2015 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: http://www.sqlbuddy.com Software Link:...

ZTE F660 - Remote Configuration Download

ZTE F660 - Remote Configuration Download / Exploit Title : ZTE remote configuration download Date : 09 May 2015 Exploit Author : Daniel Cisa Vendor Homepage : http://wwwen.zte.com.cn/en/ Platform : Hardware Tested On : ZTE F660 Firmware Version: 2.22.21P1T8S -------------------------- Config remo...

Sqlbuddy Path Traversal Vulnerability

Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: www.sqlbuddy.com Version: 1.3.3 SQL Buddy is an open source web based MySQL administration application. Advisory Information: ================== sqlbuddy suffers from directory traversal whereby a user can mov...

SQLBuddy 1.3.3 - Directory Traversal

SQLBuddy 1.3.3 - Directory Traversal Exploit Title: Path traversal vulnerability Google Dork: intitle:path traversal Date: 05-08-2015 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org/ Vendor Homepage: http://www.sqlbuddy.com Software Link: http://www.sqlbuddy.com Version: 1.3...

ZTE F660 - Remote Config Download Vulnerability

Exploit for hardware platform in category web applications / Exploit Title : ZTE remote configuration download Date : 09 May 2015 Exploit Author : Daniel Cisa Vendor Homepage : http://wwwen.zte.com.cn/en/ Platform : Hardware Tested On : ZTE F660 Firmware Version: 2.22.21P1T8S...

PDF Converter & Editor 2.1 iOS - File Include Vulnerability

Document Title: =============== PDF Converter & Editor 2.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1480 Release Date: ============= 2015-05-06 Vulnerability Laboratory ID VL-ID: ===================================...

Photo Manager Pro v4.4.0 iOS - File Include Vulnerability

Document Title: =============== Photo Manager Pro v4.4.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1445 Release Date: ============= 2015-03-12 Vulnerability Laboratory ID VL-ID: ====================================...

ZYXEL P-660HN-T1H_IPv6 Denial Of Service Exploit

ZYXEL P-660HN-T1HIPv6 remote configuration editor / web service denial of service exploit. | | | ' | | | | | \r\n" ." | | | | | | | | | | | | | \r\n" ." / || || ||/|| || \r\n" ." \r\n" ." \r\n"; print $banner; function Post$packet,$host try $curl = curlinit; curlsetopt$curl, CURLOPTURL, $host;...

ZYXEL P-660HN-T1H_IPv6 Remote Configuration Editor/Web Server Denial of Service Vulnerability

ZYXEL P-660HN-T1HIPv6 is a wireless router device. A denial of service vulnerability exists in ZYXEL P-660HN-T1HIPv6. Since ZYXEL Embedded fails to properly check cookies and credentials in the POST method, an attacker can change the settings and methods after viewing the page; launching a denial...