UBICOD Medivision Digital Signage 1.5.1 CSRF Add Super Admin

Summary Medivision is a service that provides everything from DID operation to development of DID Digital Information Display optimized for hospital environment and production of professional contents, through DID product installation, image, video content planning, design work, and remote contro...

FileRun < 2017.09.18 - SQL Injection

!/usr/bin/env python Exploit Title: FileRun =2017.09.18 Date: September 29, 2017 Exploit Author: SPARC Vendor Homepage: https://www.filerun.com/ Software Link: http://f.afian.se/wl/?id=EHQhXhXLGaMFU7jI8mYNRN8vWkG9LUVP&recipient=d3d3LmZpbGVydW4uY29t Version: 2017.09.18 Tested on: Ubuntu 16.04.3,...

FileRun 2017.09.18 SQL Injection

!/usr/bin/env python Exploit Title: FileRun =2017.09.18 Date: September 29, 2017 Exploit Author: SPARC Vendor Homepage: https://www.filerun.com/ Software Link: http://f.afian.se/wl/?id=EHQhXhXLGaMFU7jI8mYNRN8vWkG9LUVP&recipient=d3d3LmZpbGVydW4uY29t Version: 2017.09.18 Tested on: Ubuntu 16.04.3,...

FileRun 2017.09.18 - SQL Injection

FileRun 2017.09.18 - SQL Injection !/usr/bin/env python Exploit Title: FileRun =2017.09.18 Date: September 29, 2017 Exploit Author: SPARC Vendor Homepage: https://www.filerun.com/ Software Link: http://f.afian.se/wl/?id=EHQhXhXLGaMFU7jI8mYNRN8vWkG9LUVP&recipient=d3d3LmZpbGVydW4uY29t Version:...

PaulShop - SQL Injection Cross-Site Scripting

PaulShop - SQL Injection Cross-Site Scripting Exploit Title: PaulShop CMS - Sql Injection and stored XSS Date: 07/23/2017 Exploit Author: BTIS Team http://www.btis.vn Vendor Homepage: https://codecanyon.net/item/paulshop-cms-with-shopping-cart-system/18070714 Version: 03/27/2017 Tested on:...

Apache 2.4.7 + PHP 7.0.2 - openssl_seal() Uninitialized Memory Code Execution

Apache 2.4.7 + PHP 7.0.2 - opensslseal Uninitialized Memory Code Execution ?php // Source: http://akat1.pl/?id=1 function getmaps $fh = fopen"/proc/self/maps", "r"; $maps = fread$fh, 331337; fclose$fh; return explode"\n", $maps; function findmap$sym $addr = 0; foreachgetmaps as $record if...

Fiyo CMS 2.0_1.9.1 SQL Injection

Exploit Title: Fiyo CMS multiple SQL vulnerability Date: 2015-06-28 Exploit Author: cfreer poc-lab Vendor Homepage: http://www.fiyo.org/ Software Link: http://tcpdiag.dl.sourceforge.net/project/fiyo-cms/Fiyo%202.0/fiyocms2.0.2.zip Version: 2.01.9.1 Tested on: Apache/2.4.7 Win32 CVE : CVE-2015-393...

GeniXCMS 0.0.3 - register.php SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Genixcms register.php multiple SQL vuln Date: 2015-06-23 Exploit Author: cfreer poc-lab Vendor Homepage: http://www.genixcms.org Software Link: https://codeload.github.com/semplon/GeniXCMS/zip/master/GeniXCMS-master.zip Version:...

Bacula-Web 5.2.10 (joblogs.php, jobid param) - SQL Injection

谷歌搜索：joblogs.php?jobid= 案例：http://cep.treslagoas.ms.gov.br/backup/joblogs.php?jobid=23154 D:\sqlmappython sqlmap.py -u http://cep.treslagoas.ms.gov.br/backup/joblogs.php ?jobid=23154 --dbs | | 1.0-dev-nongit-20150806 | -| . | | | .'| . | || |||||,| | || || http://sqlmap.org ! legal disclaimer:...

HybridAuth 2.2.2 - Remote Code Execution

No description provided by source. | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| HybridAuth = 2.2.2 Remote Code Execution Website : http://hybridauth.sourceforge.net/ Exploit Author : @u0x Pichaya Morimoto Release dates : August 5, 2014...

Kemana Directory 1.5.6 Password Hash Disclosure Vulnerability

Kemana contains a flaw that is due to the 'kemanaadminpasswd' cookie storing user password SHA1 hashes. This may allow a remote MitM attacker to more easily gain access to password information. Version 1.5.6 is affected. Kemana Directory 1.5.6 kemanaadminpasswd Cookie User Password Hash Disclosur...

Cart Engine 3.0.0 (task.php) Local File Inclusion Vulnerability

Cart Engine suffers from an authenticated file inclusion vulnerability LFI when input passed thru the 'run' parameter to task.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks. Version 3.0....

Kemana Directory 1.5.6 - Database Backup Disclosure

$total return; ifempty$starttime $starttime=time; $now...

Kemana Directory 1.5.6 - 'task.php' Local File Inclusion

Kemana Directory 1.5.6 run param Local File Inclusion Vulnerability Vendor: C97net Product web page: http://www.c97.net Affected version: 1.5.6 Summary: Experience the ultimate directory script solution with Kemana. Create your own Yahoo or Dmoz easily with Kemana. Unique Kemana's features...

Kemana Directory 1.5.6 - task.php Local File Inclusion

Kemana Directory 1.5.6 - task.php Local File Inclusion Kemana Directory 1.5.6 run param Local File Inclusion Vulnerability Vendor: C97net Product web page: http://www.c97.net Affected version: 1.5.6 Summary: Experience the ultimate directory script solution with Kemana. Create your own Yahoo or...