Ckeditor 4.4.7 Shell Upload / Cross Site Scripting

----------------------------------------- 0-DAY Aint DIE | No Priv8 | KedAns-Dz ----------------------------------------- ---------------------------- K |................| . h |.......................| A a |.......................| N l |.....................| S E |.......................| e D...

Codiad 2.5.3 - Local File Inclusion

+Title: Codiad v2.5.3 - LFI Vulnerability +Author: TUNISIAN CYBER +Date: 12/03/2015 +Type:WebApp +Risk:High +Overview: Pie Register 2.x suffers, from a Local File Disclosure vulnerability. +Proof Of Concept: PHP ////////////////////////////////////////////////////////////////// // Run Download...

Codiad 2.5.3 - Local File Inclusion

Codiad 2.5.3 - Local File Inclusion +Title: Codiad v2.5.3 - LFI Vulnerability +Author: TUNISIAN CYBER +Date: 12/03/2015 +Type:WebApp +Risk:High +Overview: Pie Register 2.x suffers, from a Local File Disclosure vulnerability. +Proof Of Concept: PHP...

WordPress Pie Register 2.0.14 Cross Site Scripting

+Title: Wordpress Pie Register Plugin 2.0.14 - XSS Vulnerability +Author: TUNISIAN CYBER +Date: 09/03/2015 +Type:WebApp +Risk:High +Affected Version:All +Overview: Pie Register 2.x suffers, from an XSS vulnerability. +Proof Of Concept: PHP global $pieregdirpath; includeonce...

CVE-2014-9465

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform ZCP 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service /tmp disk consumption by uploading a large number of files...

Code injection

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform ZCP 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service /tmp disk consumption by uploading a large number of files...

CVE-2014-9465

senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in Zarafa Collaboration Platform ZCP 7.x before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1 allows remote attackers to cause a denial of service /tmp disk consumption by uploading a large number of files...

CVE-2014-9465

CVE-2014-9465 affects Zarafa WebApp (before 2.0 beta 3) and Zarafa WebAccess in Zarafa Collaboration Platform (ZCP) 7.x (before 7.1.12 beta 1 and 7.2.x before 7.2.0 beta 1). The issue allows remote attackers to cause a denial of service by uploading a large number of files, leading to /tmp disk c...

Multiple Denial of Service Vulnerabilities in Zarafa WebAccess and WebApp

Zarafa is a commercial collaborative software solution that provides email and webmail services, address book, calendar, notes, tasks and more. Multiple denial-of-service vulnerabilities exist in Zarafa WebAccess and WebApp, which could allow an attacker to crash the affected application, resulti...

MiniBB 3.1 - Blind SQL Injection

MiniBB 3.1 - Blind SQL Injection Exploit Title: miniBB 3.1 Blind SQL Injection Date: 23-11-2014 Software Link: http://www.minibb.com/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ CVE: CVE-2014-9254 Category: webapps 1. Description...

Zarafa WebApp Detection

The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...

FlatNuke 3.1.x Cross Site Scripting

------------------------------------------------------------------------- + FlatNuke alertdocument.cookie&body=This is my comment ------------------------------------------------------------------------------------------------...

FlatNuke 3.1.4 (FlatPoll) Persistent XSS Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------- + FlatNuke alertdocument.cookie&body=This is my comment ------------------------------------------------------------------------------------------------ 0day.today...

FlatNuke <= 3.1.x BBCode IMG Tag Script Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------- + FlatNuke = 3.1.x viewnews BBCode IMG Tag Script Injection PoC ------------------------------------------------------------------------- Discovered by Juri Gianni -...

CVE-2014-5447

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...

CVE-2014-5449

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data...

CVE-2014-5447

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...

CVE-2014-5449

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data...

Design/Logic Flaw

Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data...

Design/Logic Flaw

Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions 644 for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0103...