Milw0rm Clone Script 1.0 - 'related.php?program' Blind SQL Injection

| Exploit Title: Milw0rm Clone Script v1.0 - time based SQLi | | Date: 05.19.2015 | | Exploit Daddy: pancaker | | Vendor Homepage: http://milw0rm.sourceforge.net/ | | Software Link: http://sourceforge.net/projects/milw0rm/files/milw0rm.rar/download | | Version: v1.0 | | Tested On: Ubuntu 10.04 | ...

Sendy 1.1.9.1 - SQL Injection Vulnerability

No description provided by source. Exploit Title: Sendy 1.1.9.1 - SQL Injection Vulnerability Date: 2014-04-10 Exploit Author: marduk369 Vendor Homepage: http://sendy.co/ Software Link: http://sendy.co/ Version: 1.1.9.1 root@kali: sqlmap -u 'http://server1/send-to?i=1&c=10'...

LibLime Koha <= 4.2 - Local File Inclusion Vulnerability

No description provided by source. Exploit Title: Koha Opac Local File Inclusion Google Dork: inurl:koha/opac-main.pl Date: 17.11.2011 Author: Akin TosunlarVigasis Labs Software Link: www.koha.org Version: 4.2 Tested on: LinuxApache 2.2.14 CVE : Vigasis Pentest Team www.vigasis.com 0-Day Exploit...

LibLime Koha 4.2 Local File Inclusion

Exploit Title: Koha Opac Local File Inclusion Google Dork: inurl:koha/opac-main.pl Date: 17.11.2011 Author: Akin TosunlarVigasis Labs Software Link: www.koha.org Version: 4.2 Tested on: LinuxApache 2.2.14 CVE : Vigasis Pentest Team www.vigasis.com 0-Day Exploit Akin Tosunlar Special Thanks to Ozg...

LibLime Koha 4.2 - Local File Inclusion

LibLime Koha 4.2 - Local File Inclusion Exploit Title: Koha Opac Local File Inclusion Google Dork: inurl:koha/opac-main.pl Date: 17.11.2011 Author: Akin TosunlarVigasis Labs Software Link: www.koha.org Version: 4.2 Tested on: LinuxApache 2.2.14 CVE : Vigasis Pentest Team www.vigasis.com 0-Day...

LibLime Koha <= 4.2 Local File Inclusion Vulnerability

Exploit for cgi platform in category web applications Exploit Title: Koha Opac Local File Inclusion Google Dork: inurl:koha/opac-main.pl Date: 17.11.2011 Author: Akin TosunlarVigasis Labs Software Link: www.koha.org Version: 4.2 Tested on: LinuxApache 2.2.14 CVE : Vigasis Pentest Team...

cotonti CMS 0.9.4 - Multiple Vulnerabilities

Cotonti CMS v0.9.4 Multiple Remote Vulnerabilities Vendor: Cotonti Team Product web page: http://www.cotonti.com Affected version: 0.9.4 Siena Summary: Cotonti is a powerful open-source web development framework and content manager with a focus on security, speed and flexibility. Desc: Input pass...

iManager Plugin 1.2.8 Cross Site Scripting

iManager Plugin v1.2.8 dir Remote Cross-Site Scripting Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: alert'zsl' http://SOMECMS/jscripts/tinymce/plugins/imanager/scripts/phpThumb/demo/phpThumb.demo.random.php?dir=alert'zsl'...

iBrowser Plugin 1.4.1 Local File Inclusion

iBrowser Plugin v1.4.1 lang Local File Inclusion Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: lang.'.php' ; 70: $this - charset = $langcharset; 71: $this - dir = $langdirection; 72: $this - langdata = $langdata; 73: unset $langdata ; 74:...

Tugux CMS 1.2 (pid) arbitrary file deletion defect and repair-vulnerability warning-the black bar safety net

Tugux CMS 1.2 pid Remote Arbitrary File Deletion Vulnerability Vendor: Tugux Studios Product web page: http://www.tugux.com Affected version: 1.2 Summary: Tugux CMS is a free open source content management system CMS and application that powers the entire web. Desc: Input passed to the 'pid'...

TCExam 11.2.011 Cross Site Scripting

TCExam =11.2.011 Multiple Cross-Site Scripting Vulnerabilities Vendor: Tecnik.com s.r.l. Product web page: http://www.tcexam.org Affected version: 11.2.009, 11.2.010 and 11.2.011 Summary: TCExam is a FLOSS system for electronic exams also know as CBA - Computer-Based Assessment, CBT -...

Pacer Edition CMS 2.1 (l param)local file inclusion flaw and fix-vulnerability warning-the black bar safety net

Pacer Edition CMS 2.1 l param Local File Inclusion Vulnerability Vendor: The Pacer Edition Product web page: http://www.thepaceredition.com Affected version: RC 2.1 SVN: 8 6 7 Summary: The 'Pacer Edition' is a Content Management SystemCMS written using PHP 5.2.9 as a minimum requirement. The Pace...

Pacer Edition CMS 2.1 (l param) Local File Inclusion Vulnerability

Exploit for php platform in category web applications Pacer Edition CMS 2.1 l param Local File Inclusion Vulnerability Vendor: The Pacer Edition Product web page: http://www.thepaceredition.com Affected version: RC 2.1 SVN: 867 Summary: The 'Pacer Edition' is a Content Management SystemCMS writte...

Pacer Edition CMS 2.1 - &#039;l&#039; Local File Inclusion

Pacer Edition CMS 2.1 l param Local File Inclusion Vulnerability Vendor: The Pacer Edition Product web page: http://www.thepaceredition.com Affected version: RC 2.1 SVN: 867 Summary: The 'Pacer Edition' is a Content Management SystemCMS written using PHP 5.2.9 as a minimum requirement. The Pacer...

Tugux CMS 1.2 XSS / LFI / SQL Injection / URL Redirection

Title: Tugux CMS 1.2 Multiple Remote Vulnerabilities ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Vendor: Tugux Studios ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ Product web page: http://www.tugux.com...

DoceboLms 4.0.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities

DoceboLms 4.0.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; input type="hidden" name="authentic...

CultBooking 2.0.4 Local File Inclusion

CultBooking 2.0.4 lang Local File Inclusion Vulnerability Vendor: Cultuzz Digital Media GmbH Product web page: http://www.cultuzz.com Affected version: 2.0.4 Summary: Open source hotel booking system Internet Booking Engine IBE. Via a central api called CultSwitch it is possible to make bookings...

Lotus CMS Fraise 3.0 - Local File Inclusion Remote Code Execution

Lotus CMS Fraise 3.0 - Local File Inclusion Remote Code Execution !/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin...

Lotus CMS Fraise 3.0 - Local File Inclusion / Remote Code Execution

!/usr/bin/python Lotus CMS Fraise v3.0 LFI - Remote Code Execution Exploit greetz Tecr0C :0 Vuln: lines 15-23 in core/lib/router.php ---------- sof //Get page request if any $page = $this-getInputString"page", "index"; //Get plugin request if any $plugin = $this-getInputString"system", "Page"; //...

MODx Revolution CMS Cross Site Scripting

getObject'modUser',array 30: 'username' = $POST'username', 31: ; ... 71: else if !empty$POST'forgotlogin' 72: $c = $modx-newQuery'modUser'; 73: $c-selectarray'modUser.','Profile.email','Profile.fullname'; 74: $c-innerJoin'modUserProfile','Profile'; 75: $c-wherearray 76: '...