Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a...

AspxCommerce v2.0 - Arbitrary File Upload Vulnerability

The application doesn't sanitize file extension or content in the Logo Editing module. The vulnerability allows a remote attacker to upload files via POST method with multiple extensions and access them remotely. Exploit Title: AspxCommerce v2.0 - Arbitrary File Upload Vulnerability Exploit Autho...

ILIAS eLearning 4.3.4 / 4.4 Cross Site Scripting

Document Title: =============== ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1122 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID:...

Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability

Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 CVE-ID: 2013-6793 CVE-ID: 2013-6794 Release Date: ============= 2013-10-28 Vulnerability Laboratory ID VL-ID:...

DornCMS Application 1.4 - Multiple Web Vulnerabilities

DornCMS Application 1.4 - Multiple Web Vulnerabilities Document Title: =============== DornCMS Application v1.4 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1113 Release Date: ============= 2013-10-14 Vulnerability...

OliveOffice Mobile Suite 2.0.3 File Inclusion

Document Title: =============== OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1110 Release Date: ============= 2013-10-13 Vulnerability Laboratory ID VL-ID:...

AdaptCMS 3.0.1 Cross Site Scripting

AdaptCMS 3.0.1 Cross Site Scripting Vulnerability Author : syst3mf4ult Homepage : http://www.adaptcms.com/ Vendor : Adapt CMS Version : 3.0.1 probably all versions Tested on : ubuntu 12.04 Date : 2013-10-11 ----------------------------------------------------------------------- I. POC & Exploit...

AspxCommerce 2.0 - Arbitrary File Upload

AspxCommerce 2.0 - Arbitrary File Upload Exploit Title: AspxCommerce v2.0 - Arbitrary File Upload Vulnerability Exploit Author: SANTHO Vendor Homepage: http://www.aspxcommerce.com/ Version: Version 2.0 and below Introduction: AspxCommerce is a complete e-Commerce solution for setting up a fully...

AspxCommerce 2.0 - Arbitrary File Upload

Exploit Title: AspxCommerce v2.0 - Arbitrary File Upload Vulnerability Exploit Author: SANTHO Vendor Homepage: http://www.aspxcommerce.com/ Version: Version 2.0 and below Introduction: AspxCommerce is a complete e-Commerce solution for setting up a fully functional online store in minutes. It's...

Air Drive Plus 2.4 LFI / XSS / File Upload

Title: ====== Air Drive Plus v2.4 iOS - Arbitrary File Upload Vulnerability Date: ===== 2013-07-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1000 VL-ID: ===== 1000 Common Vulnerability Scoring System: ==================================== 6.7 Introduction:...

MinaliC Webserver 2.0.0 Buffer Overflow Vulnerability

MinaliC Webserver version 2.0.0 buffer overflow exploit that binds a shell to port 4444. Works on Windows Server 2003 SP3 only. !/usr/bin/env python Title : MinaliC Webserver 2.0.0 Post Method Remote Command Execution Works for Windows Server 2003 sp2 Only Date: 12 Apr 2013 Exploit Author: Antoni...

CMSLogik 1.2.1 Cross Site Scripting

CMSLogik 1.2.1 Multiple Persistent XSS Vulnerabilities Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination...

DLink DIR-645 / DIR-815 Command Execution Vulnerability

Exploit for hardware platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core...

Italian team discoveries flaw in Ruzzle protocol, serious menace to privacy

We are in digital era, everything is connected to the large networks and applications benefit of even more complex devices that deeply interact with owner, in this scenario security requirements assume a crucial importance and security of overall architecture also depend on security of single...

MTP Image Gallery 1.0 - 'edit_photos.php?title' Cross-Site Scripting

MTP Image Gallery 1.0 title Remote Script Insertion Vulnerability alert1;' / input type="hidden" name="rat...

MTP Image Gallery 1.0 XSS Vulnerability

Exploit for php platform in category web applications MTP Image Gallery 1.0 title Remote Script Insertion Vulnerability alert1;' / input type=...

USB Sharp v1.3.4 iPad iPhone - Multiple Web Vulnerabilities

Document Title: =============== USB Sharp v1.3.4 iPad iPhone - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=873 Release Date: ============= 2013-02-16 Vulnerability Laboratory ID VL-ID: ====================================...

Netwin SurgeFTP Remote Command Execution Vulnerability

Exploit for multiple platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

OurWebFTP 5.3.5 Cross Site Scripting

HTTPCS Advisory : HTTPCS112 Product : OurWebFTP Version : 5.3.5 Page : /index.php Variables : mwbcontrol2=Enter&mwacontrol2=op:login&ftphost=VulnHTTPCS Type : XSS Method : POST Description : A vulnerability has been discovered in OurWebFTP, which can be exploited by malicious people to conduct...

PHP-eSeller SQL Injection Vulnerability

----- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...