1622 matches found
WordPress Frontend Uploader 0.9.2 Cross Site Scripting
Exploit Title: Wordpress Frontend Uploader Cross Site ScriptingXSS Software Link: https://wordpress.org/plugins/frontend-uploader/ Author: SECUPENT Website:www.secupent.com Email: researchatsecupentdotcom Date: 27-12-2014 Version: 0.9.2 Exploit :...
RobotStats 1.0 SQL Injection
Title : RobotStats v1.0 robot param SQL Injection Vulnerability Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Date : 22.11.2014 Demo : http://alpesoiseaux.free.fr/robotstats/ Download :...
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.10.1-1.fc19
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension
High-Tech Bridge Security Research Lab discovered vulnerability in Simple Email Form Joomla Extension, which can be exploited to perform Cross-Site Scripting XSS attacks against visitors and administrators of Joomla websites with installed plugin. 1 Reflected Cross-Site Scripting XSS in Simple...
PYSEC-2014-77
Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before 0.12.6 does not properly limit content types, which allows remote attackers to bypass intended access restrictions via an accepted Content-Type followed by a ; semi-colon and a Content-Type that would not be accepted, as...
Axway Secure Transport 5.1 SP2 - Arbitrary File Upload (via Cross-Site Request Forgery)
function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST", "https://sftp.example.org/api/v1.0/files/", true; xhr.setRequestHeader"Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,/;q...
[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.9.1-1.fc21
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin
High-Tech Bridge Security Research Lab discovered vulnerability in MaxButtons WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against logged-in administrator. 1 Reflected Cross-Site Scripting XSS in MaxButtons wordpress plugin: CVE-2014-7181 Input passed via t...
FineCMS 最新版sql注入一枚(无防御)
简要描述: FineCMS 最新版sql注入一枚 厂商不会又说6月份已经修复吧,我说了这只是一个开始.............................................................................................. 详细说明: 直接看代码: member/controllers/pm.php:lines:27-37: public function index if ISPOST if $this-input-post'action' == 'read' $this-pmmodel-setread$this-uid...
Reflected Cross-Site Scripting (XSS) in Google Calendar Events WordPress Plugin
High-Tech Bridge Security Research Lab discovered vulnerability in Google Calendar Events WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against administrator of a WordPress website with vulnerable plugin. 1 Reflected Cross-Site Scripting XSS in Google Calend...
EGYWEB (Mantrac) <= Remote File Disclosure Exploit
database passwords can be drawn.. Usage Info python exploit.py http://TARGET.COM EGYWEB Mantrac Example and tested on; http://www.deltagroup.com.eg http://www.mantracvostok.ru http://www.mantracghana.com http://www.mantracnigeria.com http://www.mantrackenya.com http://www.mantractanzania.com...
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.7.1-1.fc19
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
WordPress Plugin WooCommerce Store Exporter 1.7.5 - Multiple Cross-Site Scripting Vulnerabilities
Exploit Title: WooCommerce Store Exporter v1.7.5 Stored XSS Google Dork: inurl:"woocommerce-exporter" Date: 26/08/2014 Exploit Author: Mike Manzotti @ Dionach Vendor Homepage: http://www.visser.com.au/plugins/store-exporter/ Software Link:...
[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.7.1-1.fc20
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Reflected Cross-Site Scripting (XSS) in BlackCat CMS
High-Tech Bridge Security Research Lab discovered vulnerability in BlackCat CMS, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Reflected Cross-Site Scripting XSS in BlackCat CMS: CVE-2014-5259 The vulnerability exists due to insufficient sanitization of the "msg" HTTP GET...
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.6-1.fc19
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Mobius <= 1.4.4.1 (browse.php id) Remote SQL Injection Vulnerability
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl Mobius = 1.4.4.1 Remote SQL Injection Vulnerability Script: Mobius Web Publishing Software Script sit...
phpArcadeScript <= 3.0RC2 (userid) SQL Injection Vulnerability
No description provided by source. phpArcadeScript all version Remote Sql Injection Exploit AUTHOR:SoSo H H Iraqi-Cracker Script Site: http://www.phparcadescript.com/ Price:$30.00 Tested on: Versions:1.0,2.0,3.0 RC1 &RC2 Dorks:Powered by phpArcadeScript v1.0 Powered by phpArcadeScript v2.0 Powere...
68kb Knowledge Base 1.0.0rc3 - Admin CSRF
No description provided by source. Exploit Title: 68kb Knowledge Base v1.0.0rc3 create administrator account CSRF Date: 2010-04-02 Author: Jelmer de Hen Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc3.zip Version: v1.0.0rc3 html body onload=document.formsedit.submit form name=creat...
Plague News System 0.7 CID Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14137/info Plague News System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script. An attacker may leverag...