Apache 2.4.10 < 2.4.44 Source Code Disclosure

Due to a lack of control over an Apache error when using php-cgi and ModSecurity, it is possible for an attacker to obtain the source code of requested page in the error response via a specially crafted request containing the Content-Length header with an incorrect value. No source data...

WordPress Cvp-Adegrontec 4.8.3 Shell Upload

Exploit Title : WordPress Cvp-Adegrontec Themes 4.8.3 Remote Shell Upload Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 22/12/2018 Vendor Homepage : wordpress.org Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...

Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection

Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection Exploit Title Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Google Dork: if applicable Date: 2016-09-15 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-video-gallery/...

Drale DBTableViewer 100123 - Blind SQL Injection

Drale DBTableViewer v100123 - Blind SQL Injection Exploit Title: drale DBTableViewer - SQL InjectionBlind/Error Base Date: 2016-06-08 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://drale.com/ Software Link:...

Gongwalker API Manager 1.1 - Blind SQL Injection

gongwalker API Manager v1.1 - Blind SQL Injection Exploit Title: gongwalker API Manager v1.1 - Blind SQL Injection Date: 2016-01-25 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/gongwalker/ApiManager Software Link:...

Microweber v1.0.3 Stored XSS And CSRF Add Admin Exploit

Exploit for php platform in category web applications Microweber v1.0.3 Stored XSS And CSRF Add Admin Exploit inp...

WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit

Exploit for php platform in category web applications WordPress MiwoFTP Plugin 1.0.5 CSRF Arbitrary File Deletion Exploit Vendor: Miwisoft LLC Product web page: http://www.miwisoft.com Affected version: 1.0.5 Summary: MiwoFTP is a smart, fast and lightweight file manager plugin that operates from...

Balero CMS 0.7.2 - Multiple Blind SQL Injections

Balero CMS 0.7.2 - Multiple Blind SQL Injections Balero CMS v0.7.2 Multiple Blind SQL Injection Vulnerabilities Vendor: BaleroCMS Software Product web page: http://www.balerocms.com Affected version: 0.7.2 Summary: Balero CMS is an open source project that can help you manage the page of your...

Balero CMS 0.7.2 Cross Site Scripting / SQL Injection Vulnerabilities

Balero CMS version 0.7.2 suffers from cross site scripting and SQL injection vulnerabilities. document.cookie="counter=1confirm'XSS'; path=/balerocms/"; csrf+stored xss+filter bypass+session hijack: input type="hidden" name="content" value...

u5CMS 3.9.3 - Multiple SQL Injections

u5CMS 3.9.3 - Multiple SQL Injections u5CMS 3.9.3 Multiple SQL Injection Vulnerabilities Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress /...

u5CMS 3.9.3 Open Redirect

u5CMS 3.9.3 Multiple Open Redirect Vulnerabilities Vendor: Stefan P. Minder Product web page: http://www.yuba.ch Affected version: 3.9.3 and 3.9.2 Summary: u5CMS is a little, handy Content Management System for medium-sized websites, conference / congress / submission administration, review...