WordPress NextGen Gallery Cross Site Scripting

Author: TUNISIAN CYBER + Exploit Title: WordPress NextGen swfupload.swf Cross Site Scripting vulnerability + Date: 09-01-2014 + Category: WebApp + Google Dork: :inurl:"/wp-content/plugins/nextgen-gallery/" + Tested on: KaliLinux + Friend's blog: www.na3il.com +Exploit: Wordpress PlugIn NextGen...

Joomla Aclsfgpl Shell Upload

Author: TUNISIAN CYBER + Exploit Title: Joomla Component comaclsfgpl File Upload Vulnerability + Date: 07-01-2014 + Category: WebApp + Google Dork: :inurl:"index.php?option=comaclsfgpl" addform + Tested on: KaliLinux + Friend's blog: www.na3il.com +Exploit: You can upload file .php/.php.jpg...

NoticeBoardPro 1.x SQL Injection

Author: TUNISIAN CYBER + Exploit Title: NoticeBoardPro v1.X SQL Injection vulnerability + Date: 27-12-2013 + Category: WebApp + Google Dork: n/a + Tested on: KaliLinux + Vendor: http://www.noticeboardpro.com/ +Description: NoticeBoardPro is an online, web-based, notice / bulletin board system...

xBoard 5.0 / 5.5 / 6.0 Local File Inclusion

X-------------------------------------------------------------X | | | | | \ | | / | |/ \ | \ | | / \ \ / / \ | \ | | | | | | | | | | \ --. | | / /\ | | | | / /\ V /| |/ / | | |/ / | | | | | | . | | | --. \ | | | || . | | | \ / | \ || / | | | || | |\ || |// /| || | | || |\ | | /\ | | | |/ /...

phpMyMyRecipes 1.x.x SQL Injection Vulnerability

Exploit for php platform in category web applications + Author: TUNISIAN CYBER + Exploit Title: phpMyMyRecipes 1.x.x SQL Injection Vulnerability + Date: 15-12-2013 + Category: WebApp + Vendor: http://sourceforge.net/projects/php-myrecipes/files/ + Google Dork: Use your mind. + Tested on: Win7 ,...

ProQuiz v2.X.X CSRF (change admin passwd) Vulenrability

Exploit for php platform in category web applications + Author: TUNISIAN CYBER + Exploit Title: ProQuiz v2.X.X CSRF change admin passwd Vulenrability + Date: 14-12-2013 + Category: WebApp + Vendor:http://proquiz.softon.org/ + Google Dork: intext:"Powered by - Softon Technologies" + Tested on: Win...

X7 CHAT 2.0.2 CSRF (add admin) vulenrability

Exploit for php platform in category web applications X-------------------------------------------------------------X | | | | | \ | | / | |/ \ | \ | | / \ \ / / \ | \ | | | | | | | | | | \ --. | | / /\ | | | | / /\ V /| |/ / | | |/ / | | | | | | . | | | --. \ | | | || . | | | \ / | \ || / | | |...

EggBlog v4.X.X Arbitrary File Upload vulnerability

Exploit for php platform in category web applications + Author: TUNISIAN CYBER + Exploit Title: EggBlog v4.X.X Arbitrary File Upload vulnerability + Date: 13-12-2013 + Category: WebApp + Vendor:http://sourceforge.net/projects/eggblog/ + Google Dork: Do Some Work and you'll find it : + Tested on:...

osCmax e-Commerce 2.5.3 Cross Site Scripting / Shell Upload

Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Title : osCmax...

RedAxScript 1.1 SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

NeoBill 0.9-alpha eCommerce Command Execution / SQL Injection / LFI

Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KedAns-Dz member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Title : NeoBill...

NeoBill v0.9-alpha eCommerce <= (RCE/SQLi/LFI) Vulnerabilities

NeoBill v0.9-alpha is suffer from multiple vulnerabilities Usage Info Bllind Exploitation via cURL exploits or HTTP Headers Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com 1 0 0 1 1 0 I'm KedAns-Dz...

RedAxScript v1.1 <= Multiple Blind SQL Injection Vulnerabilities

RedAxScript suffer from multiple SQL Injection Usage Info POST Inject via HTTP headers attack's or HTTP debugger, HackBar / or use any toolkit like sqlmap, sql-ninja etc.. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/...

WordPress Blooog 1.1 jplayer.swf Cross Site Scripting

X-------------------------------------------------------------X | | | | | \ | | / | |/ \ | \ | | / \ \ / / \ | \ | | | | | | | | | | \ --. | | / /\ | | | | / /\ V /| |/ / | | |/ / | | | | | | . | | | --. \ | | | || . | | | \ / | \ || / | | | || | |\ || |// /| || | | || |\ | | /\ | | | |/ /...

GILE WebDesign SQL Injection Vulnerability

Exploit for php platform in category web applications X-------------------------------------------------------------X | | | | | \ | | / | |/ \ | \ | | / \ \ / / \ | \ | | | | | | | | | | \ --. | | / /\ | | | | / /\ V /| |/ / | | |/ / | | | | | | . | | | --. \ | | | || . | | | \ / | \ || / | | |...

Cisco 9900 Series Phone webapp Buffer Overflow Vulnerability

A vulnerability in the web application interface of Cisco 9900 series IP phones could allow an unauthenticated, remote attacker to cause the webapp interface to become unavailable. The vulnerability is due to insufficient input validation of certain fields. An attacker could exploit this...

IBM 1754 GCM 1.18.0.22011 - Remote Command Execution

IBM 1754 GCM 1.18.0.22011 - Remote Command Execution I. Product description The IBM 1754 GCM family provides KVM over IP and serial console management technology in a single appliance. II. Vulnerability information Impact: Command execution Remotely exploitable: yes CVE: 2013-0526 CVS Score: 8.5...

OmegaBB 0.9.3 CSRF / Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

GroundWork Monitor Enterprise Foundation Webapp Admin Arbitrary File Access

The remote host has a version of GroundWork Monitor Enterprise installed that has an arbitrary file access vulnerability in the Foundation Webapp Admin interface. By sending a specially crafted HTTP request, it is possible for a remote attacker to read or modify files the nagios user has access t...

Matterdaddy Market 1.4.2 CSRF / Arbitrary File Upload

Matterdaddy Market version 1.4.2 and below suffers from cross site request forgery and arbitrary file upload vulnerabilities. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit...