3100 matches found
WordPress Arforms 3.5.1 Arbitrary File Delete Exploit
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Arforms 3.5.1 - Delete arbitrary file Google Dork: /plugins/arforms/ Exploit Author: Amir Hossein Mahboubi Twitter: @Mahboubi66 Vendor Homepage: https://www.arformsplugin.com/ Version: =3.5.1 Tested on: Linux &...
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
Exploit Title: Ekushey Project Manager CRM 3.1 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://creativeitem.com/ Software Link : http://creativeitem.com/demo/ekushey/ Software : Ekushey Project Manager CRM Version : 3.1 Vulernability Type : Cross-si...
SIM-PKH 2.4.1 - Arbitrary File Upload
Exploit Title: SIM-PKH 2.4.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://simpkh.sourceforge.io/ Software Link: https://sourceforge.net/projects/simpkh/files/latest/download Version: 2.4.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx6...
The Open ISES Project 3.30A - Arbitrary File Download
Exploit Title: The Open ISES Project 3.30A - Arbitrary File Download Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://openises.sourceforge.net/ Software Link: https://sourceforge.net/projects/openises/files/latest/download Version: 3.30A050318 Category: Webapps Test...
BigTree CMS 4.2.23 - Cross-Site Scripting
Exploit Title: BigTree CMS 4.2.23 - Cross-Site Scripting Date: 2018-10-15 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.bigtreecms.org/ Software Link : https://github.com/bigtreecms/BigTree-CMS/ Software : BigTree CMS Version : 4.2.23 Vulernability Type : Cross-site Scripting...
LANGO Codeigniter Multilingual Script 1.0 Cross Site Scripting
Exploit Title: LANGO - Codeigniter Multilingual Script 1.0 - HTML Injection and Stored XSS Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://pokkho.com/lango/ Software Link : http://pokkho.com/lango/auth/login Software : LANGO - Codeigniter Multilingual Script Version : 1.0...
Library CMS 2.1.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Library CMS 2.1.1 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://kaasoft.pro/ Software Link : https://library.kaasoft.pro/ Software : Library CMS - Powerful Book Management System Version : v 2.1...
MV Video Sharing Software 1.2 - searchname SQL Injection
MV Video Sharing Software 1.2 - searchname SQL Injection Exploit Title: MV Video Sharing Software 1.2 - 'searchname' SQL Injection Dork: N/A Date: 2018-10-16 Exploit Author: Ihsan Sencan Vendor Homepage: https://melerovideo.com/software/ Software Link:...
Advanced HRM 1.6 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: Advanced HRM 1.6 - Remote Code Execution Google Dork: intext:"Advanced HRM" Exploit Author: Renos Nikolaou Vendor Homepage: https://coderpixel.com/ Software Link: https://codecanyon.net/item/advanced-hrm/17767006 Version: 1.6...
Advanced HRM 1.6 Remote Code Execution
Exploit Title: Advanced HRM 1.6 - Remote Code Execution Google Dork: intext:"Advanced HRM" Date: 2018-10-06 Exploit Author: Renos Nikolaou Vendor Homepage: https://coderpixel.com/ Software Link: https://codecanyon.net/item/advanced-hrm/17767006 Version: 1.6 Tested on: Windows 10 CVE: N/A...
360 3.5.0.1033 - Sandbox Escape Exploit
Exploit for windows platform in category local exploits Exploit Title: 360 3.5.0.1033 - Sandbox Escape Exploit Author: vrsystem Vendor Homepage: https://www.360.cn/ Software Link: https://dl.360safe.com/360/inst.exe Version: 3.5.0.1033 Tested on: 3.5.0.1033 CVE : None 1、CMDtest.py import os...
RICOH MP C406Z Printer Cross Site Scripting
Exploit Title: RICOH MP C406Z Printer - HTML Injection and Stored XSS Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link :...
Android - zygote-init; Chain from USB Privilege Escalation
Android - zygote-init; Chain from USB Privilege Escalation After reporting https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 Android ID 80436257, CVE-2018-9445, I discovered that this issue could also be used to inject code into the context of the zygote. Additionally, I discovered a...
Tenda ADSL Router D152 - Cross-Site Scripting
Exploit Title: Tenda D152 ADSL Router - Cross-Site Scripting Exploit Author: Sandip Dey Date: 2018-07-21 Vendor Homepage: http://www.tendacn.com Hardware Link:...
PHP Xdebug Module Unauthenticated RCE (exploit)
Binary data xdebugunauthrce.nbin...
WordPress Gift Voucher 1.0.5 Plugin - template_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Gift Voucher 1.0.5 - 'templateid' SQL Injection Google Dork: intext:"/wp-content/plugins/gift-voucher/" Exploit Author: Renos Nikolaou Software Link: https://wordpress.org/plugins/gift-voucher/ Vendor Homepage:...
Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)
Vox TG790 ADSL Router - Cross-Site Request Forgery Add Admin Title: Vox TG790 ADSL Router - Cross-Site Request Forgery Add Admin Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper session managemen...
ZyXEL VMG3312-B10B Cross Site Scripting
Exploit Title: ZyXEL VMG3312-B10B - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Samet AAHAdegN Vendor Homepage: https://www.zyxel.com/ Software Link: ftp://ftp.zyxel.com.tr/ZyXELURUNLERI/MODEMLER/VDSLMODEMLER/VMG3312-B10B/ Version: ZyXEL VMG3312-B10B Tested on: Mozilla Firefox 61.0.2 &...
Microsoft Edge Chakra JIT - Parameter Scope Parsing Type Confusion
Microsoft Edge Chakra JIT - Parameter Scope Parsing Type Confusion // PoC: async function triggera = class b await 1 let spray = ; for let i = 0; i 0016 SetHomeObj R13 R14 001b NewScObjectSimple R9 001d ProfiledStFld R9.value = R2 1 0021 ProfiledStFld R9.done = R4 2 0025 Yield R9 R9...
Chained Quiz <= 1.0.8 - Unauthenticated SQL Injection
WordPress Plugin Plugin Chained Quiz before 1.0.9 allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. Technical details: Chained Quiz appears to be vulnerable to time-based SQL-Injection. The issue lies on the "$answer" backend variable...