Lucene search
+L

122 matches found

exploitpack
exploitpack
added 2018/11/12 12:0 a.m.17 views

Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)

Easyndexer 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: Easyndexer 1.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link:...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2017/11/28 5:9 p.m.34 views

Zomato: [www.zomato.com] Leaking Email Addresses of merchants via reset password feature

Hi Team, Introduction Found a cool IDOR, which again leaks the email addresses of all Zomato Users. This attack works no matter if you own the restaurant or not. Proof of Concept - Below Post Request leaks the email addresses of the Restaurant Owners in response - Request POST...

0.7AI score
Exploits0
CNVD
CNVD
added 2017/11/28 12:0 a.m.4 views

SQL injection vulnerability in phpaaCMS friendlink.action.php page

phpaaCMS is a simple article management system. A SQL injection vulnerability exists in the friendlink.action.php page of phpaaCMS v0.5, which can be exploited by attackers to obtain sensitive information about the database...

7.6AI score
Exploits0
ThreatPost
ThreatPost
added 2017/10/24 2:23 p.m.12 views

Whois Maintainer Accidentally Makes Password Hashes Available For Download

The regional internet registrar that administers IP addresses for the Asia Pacific region accidentally leaked Whois database data, including hashed passwords, forcing it to reset all passwords for objects in its Whois database. According to Asia Pacific Network Information Center APNIC, the...

7.5AI score
Exploits0References2
Hacker One
Hacker One
added 2017/09/20 11:54 p.m.17 views

Razer US: Database credentials leak on the https://razer-id.razerzone.com/

The tester discovered database parameters left around in a YAML file that was publicly visible. The credentials were for a database that was no longer in use and never stored sensitive data, but we consider this a good find anyway because this was out of bounds of our security practices. I...

6.7AI score
Exploits0
CNVD
CNVD
added 2017/08/24 12:0 a.m.3 views

IBOS Enterprise Collaboration Management Software AssignmentfinishedController.php page actionIndex function has SQL injection vulnerability

IBOS Enterprise Collaboration Management Software is a PHP-based collaborative office management system. An SQL injection vulnerability exists in the actionIndex function on the AssignmentfinishedController.php page of IBOS Enterprise Collaboration Management Software. An attacker can exploit the...

7.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/07/07 12:32 p.m.14 views

Leaky WWE Database Exposes Personal Data of 3M Fans

Pro wrestling giant World Wrestling Entertainment notified fans on Thursday that a database containing personal information of three million fans was left on an insecure server. According to the WWE, personal information included names, both home and email addresses, earnings, ethnicity, children...

0.5AI score
Exploits0References7
CNVD
CNVD
added 2016/07/18 12:0 a.m.2 views

SQL injection vulnerability in the xh parameter of the student/WorkAndStudy.asp page of the informatization management system of Guangzhou Zhongda Dongri Education Technology Co.

Guangzhou Zhongda Dongri Education Technology Co., Ltd. education information management system is to provide an integrated campus information solution. A SQL injection vulnerability exists in the informatization management system of Guangzhou CUHK Dongri Education Technology Co. The lack of...

7.7AI score
Exploits0References1
seebug.org
seebug.org
added 2015/09/14 12:0 a.m.41 views

PageAdmin v3.0 /e/database/v3.mdb 数据库泄漏

PageAdmin CMS V3.0版,默认数据库地址“/e/database/v3.mdb“,默认后台地址:“/e/master/login.aspx”,由于数据库地址未做限制,导致可以下载。通过逆向管理员MD5加密算法获得md5密文,并通过md5密文可以破解管理员密码。发现非常规MD5加密,于是使用ILSPY逆向源代码,查看加密方式public string GetMd5string s MD5 mD = new MD5CryptoServiceProvider; Encoding encoding = Encoding.GetEncoding"UTF-8"; string s2 =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/07/06 12:0 a.m.43 views

用友多个系统通用漏洞设计缺陷(自带已保存的口令)

简要描述: 详细说明: 默认密码 其实是根本不用输入密码,账号密码自动保存,点确认就登入了、 导致 源码泄露 可调试 源码 这套 系统很多套用友系统都带着,具体请看 WooYun: 用友多个系统通用漏洞导致接口信息泄露引发多数据库信息泄露(涉及多个大型厂商) 然后从这个得来的灵感 http://gpms.foton.com.cn/uapws/ http://erp.suning.com.cn/uapws/ http://fm2.cscec.com/uapws/ http://bap.ufida.com/uapws/ http://61.178.99.236:9002/uapws/...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/05/21 12:0 a.m.3 views

MAS China Mobile Proxy Server SQL Injection Vulnerability

WAS China Mobile Proxy Server is a gateway that is deployed within the Intranet of group customers for application coupling with their OA, ERP, CRP and other application systems in order to satisfy the informatization needs of group customers who have a high degree of informatization to realize...

7.6AI score
Exploits0
exploitpack
exploitpack
added 2014/11/28 12:0 a.m.13 views

xEpan 1.0.4 - Multiple Vulnerabilities

xEpan 1.0.4 - Multiple Vulnerabilities Exploit Title: Multiple Vulnerability xEpan 1.0.4 Google Dork: not yet Date: 2014-11-27 Exploit Author: Parikesit , Kurawa In Disorder Vendor Homepage: http://xepan.org Software Link: http://www.xepan.org/index.php?subpage=download Version: 1.0.4 Tested on:...

0.1AI score
Exploits0
Metasploit
Metasploit
added 2014/04/07 6:42 p.m.30 views

Oracle Demantra Database Credentials Leak

This module exploits a database credentials leak found in Oracle Demantra 12.2.1 in combination with an authentication bypass. This way an unauthenticated user can retrieve the database name, username and password on any vulnerable machine. This module requires Metasploit:...

5CVSS6.8AI score0.59558EPSS
Exploits7
The Hacker News
The Hacker News
added 2012/12/17 8:43 a.m.18 views

Anonymous leaks database from Israeli Musical Act Magazine site #OpIsrael

This Morning Anonymous member with twitter handle @OsamaTheGod leaked a huge database from server of Israeli Musical Act Magazine act.co.il. The leaked database posted on public note website and includes users ID, username, password in clear text, IP address and phone numbers. Hacker posted data ...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2012/08/27 4:55 a.m.9 views

AVX Corporation Hacked by Anonymous #OpColtan

Anonymous Operation OpColtan have announced another attack in the name of this operation and this time its on a Manufacturer and Supplierof Electronic Components AVX Corporation www.avx.com. AVX It's a big firm wich produce ceramic and tantalum capacitors, connectors, thick and thin film...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2012/06/23 7:35 a.m.10 views

Department of Homeland Security and U.S Navy hacked

Department of Homeland Security and U.S Navy hacked Department of Homeland Security and U.S Navy websites once again at Major Risk. This time hacking group called "Digital-corruption" hacked into subdomains of both sites and leak database info on pastebin. In its announcement on the pastebin.com...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2011/09/20 5:35 p.m.4 views

FOX Sports website database hacked and leaked by Shad0w

FOX Sports website database hacked and leaked by Shad0w One of the Biggest Fox Sports website with world rank 678 and millions of Readers/Day got hacked. Hacker named "Shad0w " release SQL injection Vulnerability on one of the sub domain of Fox Sports and exploit it to extract the database. Leake...

8.4AI score
Exploits0
The Hacker News
The Hacker News
added 2011/09/13 8:24 p.m.4 views

Top100 Arena Gaming Sites Network hacked By ACA [Albanian Cyber Army]

Top100 Arena Gaming Sites Network hacked By ACA Albanian Cyber Army Albania hackers have exploited one of the biggest Game Arena site "Top100 " database using SQL injection attack. They leak the database on mediafire. Hackers belongs from group ACA Albanian Cyber Army...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2011/09/05 5:36 p.m.9 views

Uronimo - Mobile platform website Hacked by Team Inj3ct0r

Uronimo - Mobile platform website Hacked by Team Inj3ct0r Uronimo - Mobile platform Hacked by Team Inj3ct0r today. They leak the database of site on Pastebin , including Username, Hash Password, emails and Phone Numbers of 1000 users...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2011/09/05 5:36 p.m.6 views

Uronimo - Mobile platform website Hacked by Team Inj3ct0r

Uronimo - Mobile platform website Hacked by Team Inj3ct0r Uronimo - Mobile platform Hacked by Team Inj3ct0r today. They leak the database of site on Pastebin , including Username, Hash Password, emails and Phone Numbers of 1000 users...

7.2AI score
Exploits0
Rows per page
Query Builder