140 matches found
Vanilla < 2.1.5 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 Google Dork: NA Date: 7/1/2018 Contact: https://twitter.com/anandm47 website: https://anandtechzone.blogspot.in Exploit Author: Anand Meyyappan Vendor Homepage:...
Vanilla 2.1.5 - Cross-Site Request Forgery
Vanilla 2.1.5 - Cross-Site Request Forgery Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 Google Dork: NA Date: 7/1/2018 Contact: https://twitter.com/anandm47 website: https://anandtechzone.blogspot.in Exploit Author: Anand Meyyappan Vendor Homepage:...
Vanilla < 2.1.5 - Cross-Site Request Forgery
Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 Google Dork: NA Date: 7/1/2018 Contact: https://twitter.com/anandm47 website: https://anandtechzone.blogspot.in Exploit Author: Anand Meyyappan Vendor Homepage: https://open.vanillaforums.com Software Link:...
WordPress Plugin Sirv 1.3.1 - SQL Injection
WordPress Plugin Sirv 1.3.1 - SQL Injection Exploit Title: Sirv 1.3.1 Plugin For WordPress Sql Injection Date: 10/11/2016 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/sirv/ Software Link: https://wordpress.org/plugins/sirv/ Contact: http://twitter.com/lenonleite...
WordPress Plugin Shopping Cart 3.0.4 - Unrestricted Arbitrary File Upload
...
WordPress Ecommerce Cart66 Lite Plugin - Blind SQL Injection
Because of this vulnerability in WordPress Ecommerce Cart66 Lite plugin , shortcodeProductsTable is accessible for every registered user. Solution Update to version 1.5.2...
Apple Mac OS X Server 10.5 - Wiki Server Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28278/info Apple Mac OS X Server Wiki Server is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue allows an attacker to access arbitrary...
MyDMS 1.4 - SQL Injection Vulnerability And Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10996/info MyDMS is reportedly susceptible to both a directory traversal vulnerability and an SQL injection vulnerability. The SQL injection vulnerability is present because a script improperly sanitizes user-supplied dat...
Cybozu Remote Service Manager vulnerable to session fixation
Overview Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate a registered user. As...
Zavio IP Camera Firmware 1.6.03 User Code Execution - Ver2 (CVE-2013-2568)
A code execution vulnerability has been reported in Zavio IP Camera Firmware. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system and gain the credentials of registered users...
Shopware 3.5 - SQL Injection
Shopware 3.5 - SQL Injection !/usr/bin/php ?php Exploit Title: Shopware 3.5 - SQL Injection Date: 13.07.2012 Exploit Author: Kataklysmos Software Link: http://www.shopware.de/ Version: 3.5 function httpreq$host, $q if!$fs = fsockopen$host, 80 exit"Could not open HTTP- Connection to...
vBulletin 4.1.12 Cross Site Scripting
TITLE ....... vBulletin 4.1.12 Reflected XSS try csrf for registered users DATE ........ 24.04.2012 AUTOHR ...... http://hauntit.blogspot.com SOFT LINK ... http://www.vbulletin.com VERSION ..... 4.1.12 TESTED ON ... LAMP ----------------------------------------------------------------------- 1...
Multiple vulnerabilities in OBM
No description provided by source. Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinobm.html Product: OBM Vendor: obm.org http://obm.org Vulnerable Version: 2.4.0-rc13 and probably prior Tested Version: 2.4.0-rc13 Vendor Notification: 30 November 2011 Vulnerability Type: XSS,...
Do not show registered users in quick search to anonymous users
Registered users appears in quick search, even when it's a search made by anonymous...
phpList 2.10.x - Security Bypass Information Disclosure
phpList 2.10.x - Security Bypass Information Disclosure source: https://www.securityfocus.com/bid/49188/info PHPList is prone to a security-bypass vulnerability and an information-disclosure vulnerability. An attacker can exploit these issues to gain access to sensitive information and send...
phpList 2.10.x - Security Bypass / Information Disclosure
source: https://www.securityfocus.com/bid/49188/info PHPList is prone to a security-bypass vulnerability and an information-disclosure vulnerability. An attacker can exploit these issues to gain access to sensitive information and send arbitrary messages to registered users. Other attacks are als...
Jackie novel CMS serialized system arbitrary file upload 0day-vulnerability warning-the black bar safety net
Registered users Into space-the album-upload With oprea live firefox modifying the source code There is a. jpg . gif of the place changedto. You can upload any file Keywords: inurl:modules/space...
South data enterprise 0day vulnerability affects versions: v10. 0 v11. 0-vulnerability warning-the black bar safety net
A direct proof of the user password. Take the shell method looks like there are 3 kinds of 1, registered users to upload get a shell, this comparison directly, can not into the background and don't know the username and password case. 2, into the background of the BACKUP DATABASE 3, in the site...
JE Messenger 1.0 Arbitrary file upload vulnerability-vulnerability warning-the black bar safety net
Publishing author: Salvatore Fresta aka Drosophila Official website: joomlaextensions. co. in Vulnerability type: file upload Vulnerability Description: The program save the function in an error, the compose.php allows to registered users to upload with any file extension. For a valid file...
Memorial Web Site Script Arbitrary Deletion
----------------------------------------------------------------------------------------- Memorial Web Site Script Multiple Arbitrary Delete Vuln ----------------------------------------------------------------------------------------- Author : Chip D3 Bi0s Email : chipdebiosalt+64gmail.com Where...