1622 matches found
PHP Link Directory 4.1.0 - Cross-Site Request Forgery (Add Admin)
PHP Link Directory 4.1.0 - Cross-Site Request Forgery Add Admin PHP Link Directory v4.1.0 CSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://www.phplinkdirectory.com/ .:. Dork : "Powered b...
dns-update NSE Script
Attempts to perform a dynamic DNS update without authentication. Either the test or both the hostname and ip script arguments are required. Note that the test function will probably fail due to using a static zone name that is not the zone configured on your target. Script Arguments dns-update.te...
Cross-site Request Forgery (CSRF) in KaiBB
High-Tech Bridge SA Security Research Lab has discovered vulnerability in KaiBB which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in KaiBB The vulnerability exists due to insufficient validation of the request origin in admin/core/account.ph...
Concrete CMS 5.4.1.1 - Cross-Site Scripting / Remote Code Execution
!/usr/bin/python Concrete CMS v5.4.1.1 xss/remote code execution exploit Download: http://www.concrete5.org/ Special Zeitgeist pre release - "Moving Forward" - 15th Jan 2011 "They must find it difficult, those who take authority as the truth instead of truth as the authority"...
Cross-site Request Forgery (CSRF) in Cambio
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Cambio which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in Cambio The vulnerability exists due to insufficient validation of the request origin in...
Built2Go PHP Shopping - SQL Injection
Script Name: Built2Go PHP Shopping version = 1.7 Site: http://built2go.com/ Script Demo: http://demos.built2go.com/shopping/1/ Found: Br0ly Google Dork: "Powered by Built2Go PHP Shopping" p0c: http://server.com/product.php?cat=16'%20UNION%20ALL%20SELECT%201,@@version,3/ xPloit:...
Multiple Vulnerabilities in BLOG:CMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BLOG:CMS which could be exploited to perform cross-site scripting, script insertion and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerabilities in BLOG:CMS: CVE-2010-4749 1.1 The...
Multiple Vulnerabilities in BEdita
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BEdita which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in BEdita The vulnerability exists due to input sanitation error in...
Local File Inclusion Vulnerability in Exponent CMS
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Exponent CMS which could be exploited to include and execute arbitrary local files on the target system. 1 Local file inclusion in Exponent CMS Input passed to the "module" parameter in podcast.php and rss.php is not proper...
WebRCSdiff 0.9 - 'viewver.php' Remote File Inclusion
======================================================== = Author: Fl0riX - Bug Researchers = Application Name : WebRCSdiff 0.9 = Vulnerable Type: Remote File Inclusion = Download: http://sourceforge.net/projects/webrcsdiff/files/webrcsdiff/0.9%20Release/webrcsdiff-0.9.tar.zip/download = Risk :...
Joomla Dcnews Local File Inclusion
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Joomla Component comdcnews LFI Vulnerability Date: 6-11-2010 Author: Th3 RDX Software Link: n/a Version: n/a Tested on: online Sites category: webapp/Joomla Code : n/a...
Authentication Bypass Vulnerability in phpLiterAdmin
High-Tech Bridge SA Security Research Lab has discovered vulnerability in phpLiterAdmin which could be exploited to bypass authentication mechanism and gain unauthorized access to the application. 1 Authentication Bypass Vulnerability in phpLiterAdmin The vulnerability exists due to a design erro...
Cross-site Request Forgery (CSRF) Vulnerabilities in BlogBird
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BlogBird which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in BlogBird 1.1 The vulnerability exists due to insufficient validation of the request origin in...
Cross-site Scripting (XSS) Vulnerability in NinkoBB
High-Tech Bridge SA Security Research Lab has discovered vulnerability in NinkoBB which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in NinkoBB: CVE-2010-4874 The vulnerability exists due to input sanitation error in parameters...
SQL Injection Vulnerability in DeluxeBB
High-Tech Bridge SA Security Research Lab has discovered vulnerability in DeluxeBB which could be exploited to execute arbitrary SQL commands in applications database. 1 SQL injection vulnerability in DeluxeBB: CVE-2010-4151 An input validation error exists in the "xthedateformat" parameter in...
resolveall NSE Script
NOTE: This script has been replaced by the --resolve-all command-line option in Nmap 7.70 Resolves hostnames and adds every address IPv4 or IPv6, depending on Nmap mode to Nmap's target list. This differs from Nmap's normal host resolution process, which only scans the first address A or AAAA...
Opencart 1.4.9.1 Shell Upload
========================================== Opencart remote file Upload Vulnerability ========================================== Exploit Title: Opencart remote file uploade Author: Net.Edit0r Email: [email protected] [email protected] Google dork: inurl:Powered By OpenCart Software Link:...
Opencart 1.4.9.1 - Arbitrary File Upload
Opencart 1.4.9.1 - Arbitrary File Upload ========================================== Opencart remote file Upload Vulnerability ========================================== Exploit Title: Opencart remote file uploade Author: Net.Edit0r Email: [email protected] [email protected] Google dork:...
Joomla Freestyle FAQ 1.5.6 SQL Injection
Exploit Title:Joomla Freestyle FAQ 1.5.6 faqid SQL Injection Date: 16/9/2010 Author: Nc-HaCker Version:1.5.6 Download :http://freestyle-joomla.com/fssdownloads/viewcategory/2 Emial : [email protected] Tested on: XP / Linux ExploiT Example :...
Cross-site Scripting (XSS) Vulnerability in Pluck
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Pluck which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Pluck The vulnerability exists due to input sanitation error in the "cont1" parameter in...