8 matches found
Silentum Uploader 1.4.0 - Remote File Deletion Exploit
No description provided by source. Vendor: http://hypersilence.net Versions: Silentum Uploader 1.4.0 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/advisories.php?id=2 ---- Due to insufficient validation of client-side data, we...
The Uploader 2.0.4 (Eng/Ita) Remote File Upload Remote Code Execution
Exploit for php platform in category web applications require 'msf/core' class Metasploit3 'The Uploader 2.0.4 Eng/Ita Remote File Upload', 'Description'= %q This module exploits various flaws in The Uploader to upload a PHP payload to target system. When run with defaults it will search possible...
Ninja Blog 4.8 Information Disclosure
Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/index.php?s=ad&id=6 ---- Due to insufficient validation of client-side data, we can alter the path of files to be read to ...
Ninja Blog 4.8 Remote Information Disclosure Vulnerability
Exploit for unknown platform in category web applications ========================================================== Ninja Blog 4.8 Remote Information Disclosure Vulnerability ========================================================== Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May...
Ninja Blog 4.8 - Cross-Site Request ForgeryHTML Injection
Ninja Blog 4.8 - Cross-Site Request ForgeryHTML Injection Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=7 ---- Due to insufficient validation of...
PHPAds 2.0 Multiple Remote Vulnerabilities
No description provided by source. Vendor: http://blondish.net Versions: PHPAds 2.0 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/advisories.php?id=8 ---- First, we need to acquire administrative access. We point our browser at...
Ninja Blog 4.8 - Cross-Site Request Forgery/HTML Injection
Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=7 ---- Due to insufficient validation of client-side data, we can inject script directly into the...
RCBlog 1.03 - Authentication Bypass
Vendor: http://noahmedling.com Versions: RCBlog 1.03 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=4 ---- By default, the application provides public access to the text file which stores the MD5 hashes of the...