Yelp: No rate limiting for confirmation email lead to email flooding

Description: There is no rate limiting implemented in sending the confirmation email. Thus, attacker can use this vulnerability to bomb out the email inbox of the victim. Affected URL: https://biz.yelp.com/welcome/resendconfirmation with POST method Details: 1. Login to biz.yelp.com 2. Go to...

LabCollector 5.423 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: LabCollector Laboratory Information System 5.423 - Multiples SQL Injection Software Links/Project: https://www.labcollector.com/clientarea/downloads.php Version: LabCollector Laboratory Information System 5.423 Exploit Author:...

BSI Advance Hotel Booking System 2.0 - (booking_details.php) Persistent Cross-Site Scripting Vulnera

Exploit for php platform in category web applications Exploit Title:BSI Advance Hotel Booking System Persistent XSS Google Dork: intext:Hotel Booking System v2.0 © 2008 - 2012 Copyright Best Soft Inc Exploit Author: Angelo Ruwantha Vendor Homepage: http://www.bestsoftinc.com Software Link:...

BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting

Exploit Title:BSI Advance Hotel Booking System Persistent XSS Google Dork: intext:Hotel Booking System v2.0 © 2008 - 2012 Copyright Best Soft Inc Date: Wed Jun 4 2014 Exploit Author: Angelo Ruwantha Vendor Homepage: http://www.bestsoftinc.com Software Link:...

FlightPath < 4.8.2 / < 5.0-rc2 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: FlightPath 4.8.2 & 5.0-rc2 - Local File Inclusion Exploit Author: Mohammed Althibyani Vendor Homepage: http://getflightpath.com Software Link: http://getflightpath.com/project/9/releases Version: 4.8.2 & 5.0-rc2 Tested on: Kali...

FlightPath 4.8.2 5.0-rc2 - Local File Inclusion

FlightPath 4.8.2 5.0-rc2 - Local File Inclusion Exploit Title: FlightPath 4.8.2 & 5.0-rc2 - Local File Inclusion Date: 07-07-2019 Exploit Author: Mohammed Althibyani Vendor Homepage: http://getflightpath.com Software Link: http://getflightpath.com/project/9/releases Version: 4.8.2 & 5.0-rc2 Teste...

Varient 1.6.1 - SQL Injection Vulnerability

Exploit for multiple platform in category web applications =========================================================================================== Exploit Title: Varient 1.6.1 SQL Inj. Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://varient.codingest.com/ Software Link:...

CiuisCRM 1.6 - &#039;eventType&#039; SQL Injection

=========================================================================================== Exploit Title: CiuisCRM 1.6 - 'eventType' SQL Inj. Dork: N/A Date: 27-05-2019 Exploit Author: Mehmet EMİROĞLU Vendor Homepage: https://codecanyon.net/item/ciuis-crm/20473489 Software Link:...

Varient 1.6.1 - SQL Injection

Varient 1.6.1 - SQL Injection =========================================================================================== Exploit Title: Varient 1.6.1 SQL Inj. Dork: N/A Date: 29-06-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://varient.codingest.com/ Software Link:...

WorkSuite PRM 2.4 SQL Injection

=========================================================================================== Exploit Title: WorkSuite PRM 2.4 - 'password' SQL Inj. Dork: N/A Date: 01-05-2019 Exploit Author: Mehmet Emiroglu Vendor Homepage: https://codecanyon.net/item/worksuite-project-management-system/20052522...

Freelance Cockpit CRM 3.3.1 SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: Freelance Cockpit CRM - SQL Inj. Dork: N/A Date: 17-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

Freelance Cockpit CRM 3.3.1 SQL Injection

=========================================================================================== Exploit Title: Freelance Cockpit CRM - SQL Inj. Dork: N/A Date: 17-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.freelancecockpit.com/ Software Link: https://www.freelancecockpit.com...

PasteShr 1.6 - Multiple SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: PasteShr - SQL İnj. Dork: N/A Date: 14-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

D-Link DWL-2600AP Upgrade Firmware Command Injection

Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Upgrade Firmware Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You can use any web browser you like to login to the D-Link...

Job Portal 3.1 SQL Injection

=========================================================================================== Exploit Title: NewJobPortal v3.1 - 'jobsubmit' SQL Inj. Dork: N/A Date: 25-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://codecanyon.net/item/job-portal/15330095 Version: v3.1 Category:...

Job Portal 3.1 - job_submit SQL Injection

Job Portal 3.1 - jobsubmit SQL Injection =========================================================================================== Exploit Title: NewJobPortal v3.1 - 'jobsubmit' SQL Inj. Dork: N/A Date: 25-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

Job Portal 3.1 - job_submit SQL Injection Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: NewJobPortal v3.1 - 'jobsubmit' SQL Inj. Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://codecanyon.net/item/job-portal/1533009...

Laundry CMS - Multiple Vulnerabilities

=========================================================================================== Exploit Title: Laundry CMS clothcode SQL Inj. Dork: N/A Date: 09-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://laundry.rpcits.co.in/ Software Link: https://sourceforge.net/projects/laundr...

Laundry CMS - Multiple Vulnerabilities

Exploit for php platform in category web applications =========================================================================================== Exploit Title: Laundry CMS clothcode SQL Inj. Dork: N/A Date: 09-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://laundry.rpcits.co.in/...

Comodo Dome Firewall 2.7.0 - Cross-Site Scripting

Exploit Title: Comodo Dome Firewall 2.7.0 | Cross-Site Scripting Date: 18.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://cdome.comodo.com/firewall/ Software Link: https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278 Version: 2.7.0 Introduction Comodo Dom...