Lucene search
K

252 matches found

exploitpack
exploitpack
added 2017/01/10 12:0 a.m.12 views

FMyLife Clone Script (Pro Edition) 1.1 - Cross-Site Request Forgery (Add Admin)

FMyLife Clone Script Pro Edition 1.1 - Cross-Site Request Forgery Add Admin Vulnerability: Add Admin Exploit Add/Edit/Delete/ Category, Admin Vs... Google Dork: FMyLife Clone Script Date:10.01.2017 Vendor Homepage: http://alstrasoft.com/fmylife-pro.htm Script Name: FMyLife Clone Script Pro Editio...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2016/11/04 12:0 a.m.42 views

sNews CMS 1.7 Cross Site Request Forgery

Exploit Title : Snews CMS Cross Site Request Forgery Author : Ashiyane Digital Security Team Google Dork : "This site is powered by sNews" Date : 1/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://snewscms.com/ Software link : http://snewscms.com/download/snews1.7.1.zip Version :...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2016/05/27 12:0 a.m.14 views

PHP Realestate Script Script 4.9.0 - SQL Injection

Exploit Title: Property Agent RealeState Script Sql Injection Date: 2015-05-27 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.phpscriptsmall.com/product/php-realestate-script/ Version: 4.9.0 Exploit :...

7AI score
Exploits0
0day.today
0day.today
added 2016/03/21 12:0 a.m.51 views

D-Link DWR-932 Firmware 4.00 - Authentication Bypass

Exploit for hardware platform in category web applications D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product UR...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2016/03/21 12:0 a.m.56 views

D-Link DWR-932 Firmware 4.00 - Authentication Bypass

D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product URL:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2016/03/21 12:0 a.m.56 views

D-Link DWR-932 Firmware 4.00 - Authentication Bypass

D-Link DWR-932 Firmware 4.00 - Authentication Bypass D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product URL:...

0.7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2015/06/24 2:59 p.m.3 views

CVE-2015-5063

Multiple cross-site scripting XSS vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the 1 adminusername or 2 adminpassword parameter to install.php...

4.3CVSS5.4AI score0.01906EPSS
Exploits2References4
securityvulns
securityvulns
added 2015/06/14 12:0 a.m.83 views

SilverStripe CMS Unvalidated Redirect & XSS vulnerabilities

Credits: hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SILVERSTRIPE0607.txt Vendor: ================================ http://www.silverstripe.org/software/download Product: ================================ SilverStripe CMS & Framework v3.1.13...

6.2AI score
Exploits0
CNVD
CNVD
added 2015/01/28 12:0 a.m.2 views

MantisBT Cross-Site Scripting Vulnerability

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in the admin/install.php script in MantisBT versions 1.2.18 and earlier...

4.3CVSS5.9AI score0.02209EPSS
Exploits3References1
Prion
Prion
added 2015/01/13 11:59 a.m.13 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that 1 change the username and password of the administrator via an update action to the AdminOptions controller or...

6.8CVSS7.1AI score0.01966EPSS
Exploits1References4Affected Software1
seebug.org
seebug.org
added 2014/12/12 12:0 a.m.26 views

Iwebsns最新版SQL注入第八枚

简要描述: Iwebsns最新版SQL注入第八枚 详细说明: 在wooyun上看到雨牛提了5个iwebsns的漏洞了( WooYun: Iwebsns sql 第五枚。 ),我来捡捡漏儿吧,已对比,不重复,下载Iwebsns最新的1.1.0来看看。 为了使审核的大大们容易确认是否有重复,我先把存在漏洞的文件和注入参数分别写在这里:/action/privacy/homeinputmessset.action.php inputmess 下面看看漏洞是怎么产生的 /action/privacy/homeinputmessset.action.php exeUpdate$sql;...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/12/02 12:0 a.m.85 views

EntryPass N5200 - Credentials Exposure

Advisory: EntryPass N5200 Credentials Disclosure EntryPass N5200 Active Network Control Panels allow the unauthenticated downloading of information that includes the current administrative username and password. Details ======= Product: EntryPass N5200 Active Network Control Panel Affected...

7.8CVSS6.4AI score0.06986EPSS
Exploits5
seebug.org
seebug.org
added 2014/07/09 12:0 a.m.26 views

kppw威客系统SQL注入一枚

简要描述: rt 详细说明: 注册处。 function checkall$regusername, $regemail, $regcode global $lang,$K; $res1 = $this-checkip ; if$K'do' $url = 'index.php?do='.$K'do'; else $url = 'index.php?do=register'; $res1 === true or $result = $res1; $res2 = $this-checkusername $regusername ; $res2 === true or $result =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

IBM Business Process Manager - User Account Reconfiguration

No description provided by source. Exploit Title: IBM BMPS BPM User account reconfiguration/Privilege Escalation/Information Disclosure Date: 31.01.14 Exploit Author: 0in Software link: http://www-03.ibm.com/software/products/en/business-process-manager-family/ Version: 8.0.1.1 newest versions ca...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

FaScript FaPhoto 1.0 - (show.php id) SQL Injection Vulnerability

No description provided by source. AUTHOR : IRCRASH Dr.Crash Script Download : http://en.fascript.com/en.faphoto.zip Injection Adress : http://Sitename/faname/show.php?id=SqL Code Help : In This Script Admin Username and Password Save in ./admin/pconfig.php You can open this file with loadfile...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

SimpleNews <= 1.0.0 FINAL (print.php news_id) SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w SimpleNews = 1.0.0 FINAL SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code print.php: $newsid = $GET'newsid'; $query = SELECT FROM simplenewsarticles WHERE news...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

TutorialCMS <= 1.00 (search.php search) SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w TutorialCMS = 1.00 SQL Injection Exploit Discovered by: Silentz Payload: Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code search.php: $search = $REQUEST'search'; $sql = SELECT FROM tutorials WHERE title LIKE...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Softbiz Banner Exchange Network Script 1.0 - SQL Injection Vulnerability

Softbiz Banner Exchange Network Script ver 1 SQL INJECTION BY IRCRASH AUTHOR : IRCRASH Dr.Crash Script Download : http://www.softbizscripts.com/ Injection Adress : http://sitename/campaignstats.php?id=SQL C0de SQL C0de :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.82 views

4images 1.7.1 - Remote SQL Injection Vulnerability

No description provided by source. Exploit Title: 4images 1.7.1 Remote SQL Injection Vulnerability Date: 20-12-2009 Author: Master Mind Version: 1.7.1 CVE : N/A ============================================================= Script Name : 4images 1.7.1 Language : php Author : Master Mind Home :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

TaskDriver <= 1.2 Login Bypass/SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w TaskDriver = 1.2 Login Bypass/SQL Injection Exploit Discovered by: Silentz Payload: Login Bypass & Admin Username & Hash Retrieval Website: http://www.w4ck1ng.com Vulnerable Code login.php: $sql = SELECT FROM $userstable WHERE username =...

7.1AI score
Exploits0
Rows per page
Query Builder