FreeSMS 2.1.2 - SQL Injection (Authentication Bypass)

Exploit Title: FreeSMS 2.1.2 - Authentication Bypass Date: 2019-04-03 Exploit Author: Yilmaz Degirmenci Vendor Homepage: https://freesms.sourceforge.io/ Software Link: https://sourceforge.net/projects/freesms/ Version: v2.1.2 Category: Webapps Tested on: LAMPP for Linux Software Description :...

Placeto CMS Alpha 4 SQL Injection

Placeto CMS Alpha v4 - 'page' SQL Injection Title: Placeto CMS Date: 21.03.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://sourceforge.net/projects/placeto/ Software Link: https://sourceforge.net/projects/placeto/files/alpha-rv.4/placeto.zip Version: Alpha rv.4 Category: Webapps...

50m-ctf: `Cody trolled us all` h1-702 CTF write-up

Premise I use not to play CTF challenges because they usually absorb me entirely. I cannot think of anything else but "I want that flag!". That said, this is going to be a long story: no princess, no dragoons, only a tweet. https://twitter.com/Hacker0x01/status/1100543680383832065 Level 0 - Nothi...

PilusCart 1.4.1 SQL Injection

Exploit Title: PilusCart 1.4.1 - 'send' SQL Vulnerability Dork: N/A Date: 10-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/pilus/ Software Link: https://sourceforge.net/projects/pilus/ Version: 1.4.1 Category: Webapps Tested on: Wampp @Win CVE: N/A...

PilusCart 1.4.1 - send SQL Injection

PilusCart 1.4.1 - send SQL Injection Exploit Title: PilusCart 1.4.1 - 'send' SQL Vulnerability Dork: N/A Date: 10-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/pilus/ Software Link: https://sourceforge.net/projects/pilus/ Version: 1.4.1 Category: Webapp...

SuiteCRM 7.10.7 SQL Injection

Exploit Title: SuiteCRM 7.10.7 - 'parentTab' SQL Vulnerabilities Dork: N/A Date: 03-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://suitecrm.com/ Software Link: https://suitecrm.com/download/ Version: 7.10.7 Category: Webapps Tested on: Wampp @Win CVE: N/A Software Description:...

SuiteCRM 7.10.7 - parentTab SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SuiteCRM 7.10.7 - 'parentTab' SQL Vulnerabilities Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://suitecrm.com/ Software Link: https://suitecrm.com/download/ Version: 7.10.7 Category: Webapps Tested on: Wampp @Win CVE:...

SuiteCRM 7.10.7 - 'parentTab' SQL Injection

Exploit Title: SuiteCRM 7.10.7 - 'parentTab' SQL Vulnerabilities Dork: N/A Date: 03-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://suitecrm.com/ Software Link: https://suitecrm.com/download/ Version: 7.10.7 Category: Webapps Tested on: Wampp @Win CVE: N/A Software Description:...

Newsbull Haber Script 1.0.0 SQL Injection

Exploit Title: Newsbull Haber Script - SQL Injection Time Based Dork: N/A Date: 28-01-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://newsbull.org/ Software Link: https://github.com/gurkanuzunca/newsbull Version: 1.0.0 Category: Webapps Tested on: Wampp @Win CVE: N/A Vulnerabilities...

Newsbull Haber Script 1.0.0 - search SQL Injection

Newsbull Haber Script 1.0.0 - search SQL Injection Exploit Title: Newsbull Haber Script - SQL Injection Time Based Dork: N/A Date: 28-01-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://newsbull.org/ Software Link: https://github.com/gurkanuzunca/newsbull Version: 1.0.0 Category:...

Newsbull Haber Script 1.0.0 - 'search' SQL Injection

Exploit Title: Newsbull Haber Script - SQL Injection Time Based Dork: N/A Date: 28-01-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://newsbull.org/ Software Link: https://github.com/gurkanuzunca/newsbull Version: 1.0.0 Category: Webapps Tested on: Wampp @Win CVE: N/A Vulnerabilities...

ResourceSpace 8.6 - 'collection_edit.php' SQL Injection

Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=&copy=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...

WebOfisi E-Ticaret V4 - urun SQL Injection

WebOfisi E-Ticaret V4 - urun SQL Injection Exploit Title: WebOfisi E-Ticaret V4 - 'urun' SQL Injection Date: 2018-11-21 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.web-ofisi.com Software Demo: http://demobul.net/eticaretv4/ Software Link:...

Ticketly 1.0 - 'name' SQL Injection

Exploit Title: Ticketly 1.0 – 'name' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql Affected Version: 1...

Google Android Video Component Information Disclosure Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA.Video is one of the video components. An information disclosure vulnerability exists in the Video component of Android, which is caused by the program forcing a Boolean variable to...

GHSA-G6F4-J6C2-W3P3 High severity vulnerability that affects uglify-js

Withdrawn, accidental duplicate publish. The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperl...

mooSocial Store Plugin 2.6 - SQL Injection

Exploit Title: mooSocial Store Plugin 2.6 - SQL Injection Exploit Author: Andrea Bocchetti Date: 2018-08-28 Google Dork: N/A - Vendor: https://moosocial.com/product/store-plugins/ Software Link: https://moosocial.com/product/store-plugins/ Demo URL: http://addons.moosocial.com/stores Purchase lin...

CVE-2018-15853

An uncontrolled recursion flaw was found in libxkbcommon in the way it parses boolean expressions. A specially crafted file provided to xkbcomp could crash the application...

CVE-2018-15853

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation...

CVE-2018-15853

Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers boolean negation...