252 matches found
FMyLife Clone Script (Pro Edition) 1.1 - Cross-Site Request Forgery (Add Admin)
FMyLife Clone Script Pro Edition 1.1 - Cross-Site Request Forgery Add Admin Vulnerability: Add Admin Exploit Add/Edit/Delete/ Category, Admin Vs... Google Dork: FMyLife Clone Script Date:10.01.2017 Vendor Homepage: http://alstrasoft.com/fmylife-pro.htm Script Name: FMyLife Clone Script Pro Editio...
sNews CMS 1.7 Cross Site Request Forgery
Exploit Title : Snews CMS Cross Site Request Forgery Author : Ashiyane Digital Security Team Google Dork : "This site is powered by sNews" Date : 1/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://snewscms.com/ Software link : http://snewscms.com/download/snews1.7.1.zip Version :...
PHP Realestate Script Script 4.9.0 - SQL Injection
Exploit Title: Property Agent RealeState Script Sql Injection Date: 2015-05-27 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.phpscriptsmall.com/product/php-realestate-script/ Version: 4.9.0 Exploit :...
D-Link DWR-932 Firmware 4.00 - Authentication Bypass
Exploit for hardware platform in category web applications D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product UR...
D-Link DWR-932 Firmware 4.00 - Authentication Bypass
D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product URL:...
D-Link DWR-932 Firmware 4.00 - Authentication Bypass
D-Link DWR-932 Firmware 4.00 - Authentication Bypass D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product URL:...
CVE-2015-5063
Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter to install.php...
SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities
Credits: hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt Vendor: ================================ http://www.silverstripe.org/software/download Product: ================================ SilverStripe CMS & Framework v3.1.13...
MantisBT Cross-Site Scripting Vulnerability
MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in the admin/install.php script in MantisBT versions 1.2.18 and earlier...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that 1 change the username and password of the administrator via an update action to the AdminOptions controller or...
Iwebsns最新版SQL注入第八枚
简要描述: Iwebsns最新版SQL注入第八枚 详细说明: 在wooyun上看到雨牛提了5个iwebsns的漏洞了( WooYun: Iwebsns sql 第五枚。 ),我来捡捡漏儿吧,已对比,不重复,下载Iwebsns最新的1.1.0来看看。 为了使审核的大大们容易确认是否有重复,我先把存在漏洞的文件和注入参数分别写在这里:/action/privacy/homeinputmessset.action.php inputmess 下面看看漏洞是怎么产生的 /action/privacy/homeinputmessset.action.php exeUpdate$sql;...
EntryPass N5200 - Credentials Exposure
Advisory: EntryPass N5200 Credentials Disclosure EntryPass N5200 Active Network Control Panels allow the unauthenticated downloading of information that includes the current administrative username and password. Details ======= Product: EntryPass N5200 Active Network Control Panel Affected...
kppw威客系统SQL注入一枚
简要描述: rt 详细说明: 注册处。 function checkall$regusername, $regemail, $regcode global $lang,$K; $res1 = $this-checkip ; if$K'do' $url = 'index.php?do='.$K'do'; else $url = 'index.php?do=register'; $res1 === true or $result = $res1; $res2 = $this-checkusername $regusername ; $res2 === true or $result =...
IBM Business Process Manager - User Account Reconfiguration
No description provided by source. Exploit Title: IBM BMPS BPM User account reconfiguration/Privilege Escalation/Information Disclosure Date: 31.01.14 Exploit Author: 0in Software link: http://www-03.ibm.com/software/products/en/business-process-manager-family/ Version: 8.0.1.1 newest versions ca...
FaScript FaPhoto 1.0 - (show.php id) SQL Injection Vulnerability
No description provided by source. AUTHOR : IRCRASH Dr.Crash Script Download : http://en.fascript.com/en.faphoto.zip Injection Adress : http://Sitename/faname/show.php?id=SqL Code Help : In This Script Admin Username and Password Save in ./admin/pconfig.php You can open this file with loadfile...
SimpleNews <= 1.0.0 FINAL (print.php news_id) SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w SimpleNews = 1.0.0 FINAL SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code print.php: $newsid = $GET'newsid'; $query = SELECT FROM simplenewsarticles WHERE news...
TutorialCMS <= 1.00 (search.php search) SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w TutorialCMS = 1.00 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code search.php: $search = $REQUEST'search'; $sql = SELECT FROM tutorials WHERE title LIKE...
Softbiz Banner Exchange Network Script 1.0 - SQL Injection Vulnerability
Softbiz Banner Exchange Network Script ver 1 SQL INJECTION BY IRCRASH AUTHOR : IRCRASH Dr.Crash Script Download : http://www.softbizscripts.com/ Injection Adress : http://sitename/campaignstats.php?id=SQL C0de SQL C0de :...
4images 1.7.1 - Remote SQL Injection Vulnerability
No description provided by source. Exploit Title: 4images 1.7.1 Remote SQL Injection Vulnerability Date: 20-12-2009 Author: Master Mind Version: 1.7.1 CVE : N/A ============================================================= Script Name : 4images 1.7.1 Language : php Author : Master Mind Home :...
TaskDriver <= 1.2 Login Bypass/SQL Injection Exploit
No description provided by source. !/usr/bin/perl -w TaskDriver = 1.2 Login Bypass/SQL Injection Exploit Discovered by: Silentz Payload: Login Bypass & Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code login.php: $sql = SELECT FROM $userstable WHERE username =...