PT-2017-17143

Name of the Vulnerable Software and Affected Versions webpagetest version 3.0 Description Multiple Cross-Site Scripting XSS issues were discovered due to insufficient filtration of user-supplied data, such as benchmark and time, passed to the "/webpagetest-master/www/benchmarks/viewtest.php" API...

WAF Security Benchmark: WAFPASS

WAF Security Benchmark WAFPASS Analysing parameters with all payloads’ bypass methods, aiming at benchmarking security solutions like WAF. Today a great number of website owners around the globe use “Web Application Firewalls” to improve their security. However, these security applications suffer...

Docker Compliance Check

Runs the Docker Compliance Check. These tests are inspired by the CIS Docker Benchmark. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

TP-LINK TD-W8151N - Denial of Service

TP-LINK TD-W8151N - Denial of Service Exploit Title: TP-LINK TD-W8151N - Denial of Service Date: 2016-12-13 Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM Home : http://persian-team.ir/ Tested on: Windows AND Linux Demo : https://www.youtube.com/watch?v=WrGgHvhiCGg POC : flagFre...

FileBuster - An Extremely Fast And Flexible Web Fuzzer

An extremely fast and flexible web fuzzer. Why another fuzzer? My main motivation was to write a script that would allow me to fuzz a website based on a dictionary but that allowed me to filter words on that dictionary based on regex patterns. This necessity came from the frustration of trying to...

TP-LINK TD-W8951ND - Denial of Service

Exploit Title: TP-LINK TD-W8951ND - Denial of Service Date: 2016-12-07 Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM Tested on: Windows AND Linux Demo Construction : https://youtu.be/7mvrW3mtVE !/usr/bin/python import urllib site=rawinput"Enter IP Address : " if...

WebSummit: Time Based SQL injection in url parameter

There is possibility of inducing some time delay in the "url" parameter of the videos.websummit.com using the Benchmark and SQL queries, which could result in timeout for application upon huge delay induced into the application...

3DMark - The Gamer's Benchmark - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application 3DMark - The Gamer's Benchmark published at the 'play' market has multiple vulnerabilities...

Elastix 2.5.0 SQL Injection

Title: Elastix v2.x Blind SQL Injection Vulnerability Author: Ahmed Aboul-Ela Twitter: https://twitter.com/aboul3la Vendor : http://www.elastix.org Version: v2.5.0 and prior versions should be affected too - Vulnerable Source Code snippet in "a2billing/customer/iridiumthreed.php": SQLExec...

NPDS CMS Revolution-13 SQL Injection Vulnerability

NPDS CMS Revolution-13 suffers from a remote SQL injection vulnerability. Title - NPDS CMS Revolution-13 - SQL Injection Vulnerability Credits & Author: Narendra Bhati R00t Sh3ll www.websecgeeks.com References Source: ==================== http://www.npds.org/viewtopic.php?topic=26233&forum=12...

WHM.AutoPilot 2.4.6.5 - Multiple Vulnerabilities

WHM.AutoPilot 2.4.6.5 - Multiple Vulnerabilities WHM.AutoPilot Multiple Vulnerabilities Vendor: Benchmark Designs, LLC Product: WHM.AutoPilot Version: = 2.4.6.5 Website: http://www.whmautopilot.com/ BID: 12119 CVE: CVE-2004-1420 CVE-2004-1421 CVE-2004-1422 OSVDB: 12693 12694 12695 12696 12697...

WordPress Contact Form plugin <= 2.7.5 - SQL Injection

No description provided by source. Exploit Title: WordPress Contact Form plugin = 2.7.5 SQL Injection Vulnerability Date: 2011-10-13 Author: Skraps jackie.craig.sparksatlive.com jackie.craig.sparksatgmail.com @skrapsfoo Software Link: http://downloads.wordpress.org/plugin/contact-form-wordpress.z...

IP Reg <= 0.4 - Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl ----------------------------------------------- IP Reg = 0.4 Blind SQL Injection Exploit Discovered By StAkeR - StAkeRathotmaildotit Discovered On 03/10/2008 ----------------------------------------------- Download...

WordPress Facebook Promotions plugin <= 1.3.3 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Facebook Promotions plugin = 1.3.3 SQL Injection Vulnerability Date: 2011-08-28 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/fbpromotions.1.3.3.zip Version: 1.3.3...

WordPress PureHTML plugin <= 1.0.0 - SQL Injection

No description provided by source. Exploit Title: WordPress PureHTML plugin = 1.0.0 SQL Injection Vulnerability Date: 2011-08-31 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/pure-html.1.0.0.zip Version: 1.0.0 tested Note:...

LinPHA <= 1.3.1 (new_images.php) Remote Blind SQL Injection Exploit

No description provided by source. ?php / LinPHA = 1.3.1 newimages.php Remote Blind SQL Injection Hash Fishing Exploit / BENCHMARK method author...: EgiX mail.....: n0b0d1esathotmaildotcom link.....: http://linpha.sourceforge.net/ dork.....: LinPHA Version 1.3.x or The LinPHA developers vulnerabl...

MyBulletinBoard (MyBB) <= 1.2.3 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; http://www.milw0rm.com/exploits/2012 They corrected not all a lot of SQL requests which use the ipaddress, with $db-escapestring. They don't corrected the function this is a choice ... the bad and they forgot to...

Simple Machines Forum 1.1.3 - Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/perl Written By Michael Brooks contact: th3dotr00katgmaildotcom SMF 1.1.3 Extremely fast Blind SQL Injection Exploit! -Binary Search -Multi-Threaded -NO benchmark's Two SQL Injection flaws. Works with magicquotesgpc=On or Off. Total Bypass of SMF's SQL...

xt:Commerce <= 3.04 SP2.1 - Time Based Blind SQL Injection

No description provided by source. +---------------------------------+ | xt:Commerce = v3.04 SP2.1 | | commerce:SEO = v2.1 CE | | Gambio = v2.0.10 SP1.4 | | Time Based Blind SQL Injection | +---------------------------------+ Author.............: Ralf Zimmermann Mail...............:...

Limbo CMS <= 1.0.4.2 Cuid cookie Blind SQL Injection Exploit

No description provided by source. !/usr/bin/python ================================================================================================= / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / /...