855 matches found
EChat Server 3.1 - 'CHAT.ghp' Buffer Overflow
Exploit Author: Juan Sacco Vulnerability found using Exploit Pack v10 - http://exploitpack.com Impact: An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in adenial-of-service condition. Program description...
PHIMS - Hospital Management Information System - Password SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: PHIMS - Hospital Management Information System - 'Password' SQL Injection Exploit Author: Borna nematzadeh L0RD or email protected Vendor Homepage: https://codecanyon.net/item/phims/14974225?srank=1566 Version: All version...
Joomla! File Download Tracker 3.0 SQL Injection
Exploit Title: Joomla! Component File Download Tracker 3.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://techsolsystem.com/ Software Link: https://extensions.joomla.org/extensions/extension/directory-a-documentation/downloads/file-download-tracker/ Version: 3.0 Category:...
Joomla! Saxum Numerology 3.0.4 SQL Injection
Exploit Title: Joomla! Component Saxum Numerology 3.0.4 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.saxum2003.hu/ Software Link: http://www.saxum2003.hu/en/downloadsen/category/7-saxumnumerology-komponens.html Software Download:...
EPIC MyChart - X-Path Injection
Exploit Title: Epic Systems Corporation MyChart X-Path Injection Google Dork: MyChart® licensed from Epic Systems Corporation Date: 8/19/16 Exploit Author: Shayan Sadigh http://threat.tevora.com/author/shayan/ Vendor Homepage: https://www.epic.com/software Software Link: N/A Version: N/A Tested o...
Joomla! Component DT Register 3.2.7 - 'id' SQL Injection
Exploit Title: Joomla! Component DT Register 3.2.7 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://www.dthdevelopment.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/dt-register/ Version: 3.2.7 Category: Webapps Tested on:...
Paypal Clone Script 1.0.9 - id / acctype SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Paypal / Money Transfer Clone Script 1.0.9 - SQL Injection Dork: N/A Date: 2018-02-10 Exploit Author: Borna nematzadeh L0RD or email protected Vendor Homepage: https://www.phpscriptsmall.com/product/paypal-money-transfer-clone/...
Facebook Clone Script 1.0.5 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Facebook Clone Script 1.0.5 - Stored XSS Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/naukri-clone-script/ Category: Web Application Exploit Author: Prasenjit Kanti Paul...
BOCHS 2.6-5 - Local Buffer Overflow
Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer module An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Program...
Joomla Zh GoogleMap 8.4.0.0 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications input name="id" value="-11 UNION ALL SELECT...
LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow Exploit
Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Author: Miguel Mendez Z Exploit Title: LabF nfsAxe v3.7 - TFTP "Input Directory" Local Buffer Overflow Date: 29-01-2018 Software: LabF nfsAxe Version: v3.7 Vendor Homepage: http://www.labf.com Software Link:...
Netis WF2419 Router - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Netis-WF2419 Router Cross-Site Request Forgery CSRF Exploit Author: Sajibe Kanti Author Contact: https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419, V2.2.36123 Tested on:...
Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications New Admin Username: Password: Confirm Password: Email: $"ekleabi".live'click',function $.ajax type: "POST", url: "http://ronnieswietek.com/cc/clients/resources/ajax/ajaxnewadmin.php", data: username:$".efe username".val,...
Professional Local Directory Script 1.0 SQL Injection
Exploit Title: Professional Local Directory Script 1.0 - SQL Injection Dork: N/A Date: 23.01.2018 Vendor Homepage: http://www.eihitech.com/ Software Link: http://www.eihitech.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-5973 Exploit Author: Ihsan Sencan Author...
PHPFreeChat 1.7 - Denial of Service Exploit
Exploit for php platform in category web applications Exploit Title: phpFreeChat 1.7 and earlier - Denial of Service Version: 1.7 and earlier Date: 21/01/2018 Vendor Homepage: http://www.phpfreechat.net Software Link: http://www.phpfreechat.net/download Exploit Author: A. Pakbaz CVE : CVE-2018-59...
PHPFreeChat 1.7 - Denial of Service
PHPFreeChat 1.7 - Denial of Service Exploit Title: phpFreeChat 1.7 and earlier - Denial of Service Version: 1.7 and earlier Date: 21/01/2018 Vendor Homepage: http://www.phpfreechat.net Software Link: http://www.phpfreechat.net/download Exploit Author: A. Pakbaz CVE : CVE-2018-5954 1 $pid=pcntlfor...
Zomato Clone Script - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Zomato Clone - Arbitrary File Upload Date: 16.01.2018 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/099S4111872/php-scripts/zomato-clone-script Demo: http://jhinstitute.com/demo/foodpanda...
Taxi Booking Script 1.0 Cross Site Scripting
Exploit Title: Taxi Booking Script v1.0 - Cross-site Scripting XSS Date: 11.01.2018 Vendor Homepage: https://www.phpjabbers.com/taxi-booking-script/ Software Link: Demo: http://demo.phpjabbers.com/1515648238792/index.php?controller=pjAdminUsers&action=pjActionIndex&err=AU01 Version: 1.0 Category:...
Taxi Booking Script 1.0 - Cross-site Scripting
Exploit Title: Taxi Booking Script v1.0 - Cross-site Scripting XSS Date: 11.01.2018 Vendor Homepage: https://www.phpjabbers.com/taxi-booking-script/ Software Link: Demo: http://demo.phpjabbers.com/1515648238792/index.php?controller=pjAdminUsers&action=pjActionIndex&err=AU01 Version: 1.0 Category:...
WordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery
Exploit Title: WordPress Download Manager CSRF Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: https://www.wpdownloadmanager.com/ Software Link: https://wordpress.org/plugins/download-manager Version: 2.9.60 Tested on:...