Easy Forms for vBulletin 4.X - Upload Shell Code / Remote Code Execute

Easy Forms vBuletin 4.x have suffers from a remote code execute and upload shell code. This is private exploit. You can buy it at https://0day.today...

Havalite CMS 1.1.7 - Unrestricted File Upload Exploit

No description provided by source. ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : Havalite CMS...

SePortal SQLi - Remote Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include...

Discuz UC_Server 本地文件包含漏洞（有条件限制）

简要描述： 怀着忐忑的心情提交了这个漏洞，依旧相信wooyun是一个良好的平台 赌上了作为一个白帽子的节操，不要在让他碎一地 详细说明： 条件一： 需要UC管理员权限。 条件二： 前台可上传带有PHP代码的可控文件。 漏洞函数onping在文件ucserver\control\admin\app.php function onping $ip = getgpc'ip'; $url = getgpc'url'; $appid = intvalgetgpc'appid'; $app = $ENV'app'-getappbyappid$appid; $status = '';...

Joomla Maian15 Shell Upload

=================================================================================== / | | | / | | | | | | | | | | |/ | ' | / \ ' \ / |/ \ '/ | | | | '/ \ \ /\ / / | || | | | | | | || / | | | | | / | \ \ | || | | /\ V V / |,|| ||\|| ||, ||| |/ || | // / | |/...

ClipBucket Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ClipBucket Remote...

OpenEMR 4.1.1 Patch 14 SQLi Privilege Escalation Remote Code Execution

This Metasploit module exploits a vulnerability found in OpenEMR version 4.1.1 Patch 14 and lower. When logging in as any non-admin user it's possible to retrieve the admin SHA1 password hash from the database through SQL injection. The SQL injection vulnerability exists in the...

Acuity CMS 2.6.2 - adminfile_managerbrowse.asp?path Traversal Arbitrary File Access

Acuity CMS 2.6.2 - adminfilemanagerbrowse.asp?path Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/53616/info Acuity CMS is prone to a directory-traversal vulnerability and an arbitrary-file-upload vulnerability. An attacker can exploit these issues to obtain sensitive...

WordPress thumbnail script timthumb. php exploit detailed explanation-vulnerability warning-the black bar safety net

timthumb. php is a very popular Wordpress thumbnail script. Abroad some of the very famous themes are used in this plugin, such as Woothemes, etc. Vulnerability is mainly because of the timthumb by default defines a including Flickr, Picasa and other famous photo sharing site to the white list...

appRain CMF 0.1.5 - 'Uploadify.php' Unrestricted Arbitrary File Upload

?php / --------------------------------------------------------------------- appRain CMF = 0.1.5 uploadify.php Unrestricted File Upload Exploit --------------------------------------------------------------------- author............: Egidio Romano aka EgiX mail..............: n0b0d13satgmaildotco...

Docebo Lms 4.0.4 - Messages Remote Code Execution

Docebo Lms 4.0.4 - Messages Remote Code Execution if$GLOBALS'modname' != '' $modulecfg =& createModule...

Novell iManager - 'getMultiPartParameters' Arbitrary File Upload (Metasploit)

$Id: novellimanagerupload.rb 10758 2010-10-19 22:54:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

In-portal 5.0.3 - Arbitrary File Upload

Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : Inj3ct0r.com 0 1 + Support e-mail : submitatinj3ct0r.com 1 0 0 1 1 0 I'm eidelweiss member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=...

iis6 webdav vulnerability EXP-vulnerability warning-the black bar safety net

Requirements: 1. iis6 version 2. Open the webdav （allow） in the iis console inside can see the web Service Extensions 3. You can bypass the 5 0 1 need windows Authentication file.% c0%af 4. For source code upload or download, you'll need iis configured inside giving the“script resource access”. ?...

lrcf-inject.txt

-=--------------------ADVISORY-------------------=- Link Request Contact Form v3.4 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Link Request Contact Form -=+ Version: 3.4 -=+ Vendor's URL:...

HC Newssystem 1.0-1.4 (index.php ID) Remote SQL Injection Vulnerability

No description provided by source. HC NEWSSYSTEM 1.0-4 index.php "ID" Blind SQL Injection Type : SQL Injection Release Date : 2007-03-08 Product / Vendor : HC Design News Publisher. http://www.hcdesign.at/demo Bug : http://localhost/script/index.php?option=news&aktion=komm&ID=-SQL Inj.- SQL Inj...

HC Newssystem 1.0-1.4 - index.php?ID SQL Injection

HC Newssystem 1.0-1.4 - index.php?ID SQL Injection HC NEWSSYSTEM 1.0-4 index.php "ID" Blind SQL Injection Type : SQL Injection Release Date : 2007-03-08 Product / Vendor : HC Design News Publisher. http://www.hcdesign.at/demo Bug : http://localhost/script/index.php?option=news&aktion=komm&ID=-SQL...

HC NEWSSYSTEM 1.0-4 (index.php "ID") Blind SQL Injection

HC NEWSSYSTEM 1.0-4 index.php "ID" Blind SQL Injection Type : SQL Injection Release Date : 2007-03-08 Product / Vendor : HC Design News Publisher. http://www.hcdesign.at/demo Bug : http://localhost/script/index.php?option=news&aktion=komm&ID=-SQL Inj.- SQL Inj Code : Admin Username/Password Query...

Code injection

snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter...

Rediff Bol Downloader ActiveX code download and execution

ActiveX element allow to upload and execute any code...