CVE-2017-17323

Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause...

XSS vulnerability in old y article management system

The old y article management system is based on the old y Asp Access/Mssql environment developed under the open source website building products . Old y article management system XSS vulnerability , an attacker can use the vulnerability in the member control panel to insert malicious code , and...

OpenEMR Elevation of Privilege Vulnerability

OpenEMR is an open source medical management system maintained by the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. An elevation of privilege vulnerability exists in OpenEMR 5.0.1-dev and...

Stock Photo Selling 1.0 - SQL Injection

!/usr/bin/perl -w Exploit Title: Stock Photo Selling Script 1.0 - SQL Injection Dork: N/A Date: 21.09.2017 Vendor Homepage: http://sixthlife.net/ Software Link: http://sixthlife.net/product/stock-photo-selling-website/ Demo: http://www.photoreels.com/ Version: 1.0 Category: Webapps Tested on:...

CVE-2017-6783

A vulnerability in SNMP polling for the Cisco Web Security Appliance WSA, Email Security Appliance ESA, and Content Security Management Appliance SMA could allow an authenticated, remote attacker to discover confidential information about the appliances that should be available only to an...

Code execution vulnerability in javapms

JAVAPMS is a JAVA Portal Management System JAVA Portal Management System for short, SpringMVC + Spring + Hibernate + Freemarker + Html5 + jQuery for the technical core architecture, for the majority of webmasters, software developers, program enthusiasts, web page designers, for individual...

Busewe 1.2 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Busewe - Website Marketplace Software v1.2 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/busewe Demo: http://demo.ncryptedprojects.com/busewe/...

Emlog personal blog system exists arbitrary file deletion vulnerability

Short for every memory log, emlog is a PHP and MySQL based blog and CMS builder. The /src/admin/data.php page of the emlog personal blog system has an arbitrary file deletion vulnerability. As Bak fails to bring in the unlink function directly after the restriction, allowing an attacker to delete...

Elevation of Privilege Vulnerability in the background of emlog personal blog system

Short for every memory log, emlog is a PHP and MySQL based blog and CMS builder. A privilege elevation vulnerability exists in the background /src/admin/data.php page of the emlog personal blog system. An attacker can exploit the vulnerability to elevate privileges by importing files...

xClassified 1.2 SQL Injection

Application Name : Artifectx XClassified Script Vulnerable Type : SQL Injection Infection : Yönetici ve User bilgileri çalýnabilir Bug Fix Advice : Zararlý karakterler filtrelenmelidir. Author : Lazmania61 Example : http://xclassified.artifectx.com/demo/ads.php?catid=4...

Thickbox Gallery 2.0 - (admins.php) Admin Data Disclosure Vulnerability

No description provided by source. + Thickbox Gallery v2 Admin Data Disclosure + Discovered By SirGod + www.mortal-team.org + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz + Arbitrary Admin Data Disclosure - Go here and you will see the admin data login name + crypted...

EZGenerator跨站请求伪造漏洞

EZGenerator是一个网站建设和内容管理系统。 The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. create an administrative account when a logged-in administrative user visits a specially crafted web...

EZGenerator Cross Site Request Forgery / File Disclosure

EZGenerator – Local File Disclosure/Admin Data/CSRF Vulnerability ================================================================= .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Dork : inurl:”utils.php?action=...

WHMCS 5.2.8 SQL Injection Vulnerability (0day)

dork:- inurl:submitticket.php site:.com inurl:submitticket.php site:.net inurl:submitticket.php site:.us inurl:submitticket.php site:.eu inurl:submitticket.php site:.org inurl:submitticket.php site:.uk intext:"Powered by WHMCompleteSolution" intext:"Powered by WHMCompleteSolution"...

MotoCMS - 'admin/data/users.xml' Access Restriction / Information Disclosure

source: https://www.securityfocus.com/bid/57055/info MotoCMS is prone to a file-disclosure and an arbitrary file-upload vulnerability. An attacker can exploit these issues to upload a file and view local files in the context of the web server process, which may aid in further attacks. MotoCMS 1.3...

am4ss Support System 1.2 - PHP Code Injection

am4ss Support System 1.2 - PHP Code Injection 10/2011 , Vulnerability discovered till now , i haven't reported the vendor , why!!! The idiot backdoored it by himself + the official site is fucked up ; 19/07/2012 , Public Disclosured C:\labphp am4ss.php localhost /lab/am4ss/...

PTCPay GEN4 SQL Injection

===================================================== PTCPay GEN4 buyupg.php SQL Injection Vulnerability ===================================================== Exploit Title: Date: 28.06.2010 Author: Dark.Man [email protected] Thanks To: Diq3N , SkyTurk , ByHuCRe , HeuRiSTiC , th3spy , 3KStyL3 ...

xyxcms v1. 3 search injection vulnerability-vulnerability warning-the black bar safety net

Search Page Code filtering is not strict, resulting in the search string-type the injection s. asp from this code can be seen in the search string injection k=request. QueryString"k" page=request. QueryString"page" if page="" or isnumericpage=0 then gcurpage=1 else gcurpage=cintpage end if...

Gravity Board X v2.0 BETA (Public Release 3) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ======================================================================== Gravity Board X v2.0 BETA Public Release 3 SQL Injection Vulnerability ======================================================================== !/usr/bin/perl Exploit...

TermiSBloG 1.0 SQL Injection

TermiSBloG V 1.0 SQL Injections Vulnerability Author : Cyber945 Home : Ar-ge.Org Greetz : D3xer and All Ar-ge.Org Members Not3 : Ar-ge.Org Online Name : TermiSBloG V 1.0 SQL Injection Bug Type : SQL Infection : Adminin bilgileri alinabilir. Dork : "© 2008 DevWorx - devworx.somee.com"...