Streamo Online Radio And TV Streaming CMS - SQL Injection

Streamo Online Radio And TV Streaming CMS - SQL Injection Application Name : Streamo - Online Radio And Tv Streaming CMS Google Dork : inurl:rjdetails.php?id= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Author Contact : https://twitter.com/byn4tural Vendor Homepage :...

Veris: Email spoofing in [email protected]

Hey, I've found email spoofing vulnerability in [email protected] Issue: ======== When I try to send a fake email from [email protected] to my email [email protected] I was successful in sending a fake email to my inbox, this is an issue; because, fake mails should be sent into the 'spam' folde...

MyLittleForum 2.3.5 Command Execution

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MYLITTLEFORUM-PHP-CMD-EXECUTION.txt + ISR: APPARITIONSEC Vendor: ================= mylittleforum.net Download: github.com/ilosuna/mylittleforum/releases/tag/v2.3.5 Product:...

Kagao 3.0 - Multiple Vulnerabilities

Kagao 3.0 - Multiple Vulnerabilities Application Name : Kagao v3.0 - Professional Classified Market Google Dork : inurl:/cat1.php?id2= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Vendor Homepage : http://kogaoscript.com/ Vulnerable Type : SQL Injection & Cross Site Scripting...

WordPress Contus Video Comments 1.0 File Upload

Title: Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin Author: Larry W. Cashdollar, @larry0 Date: 2016-06-15 Download Site: https://wordpress.org/plugins/contus-video-comments/ Vendor: https://profiles.wordpress.org/hdflvplayer/ Vendor Notified: 2016-06-16...

sNews CMS 1.7.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications + Credits: hyp3rlinx + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type: =================================== Persistent Remote Command Execution Cross Site Request Forgeries CSR...

sNews CMS 1.7.1 - Multiple Vulnerabilities

sNews CMS 1.7.1 - Multiple Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type:...

sNews CMS 1.7.1 - Multiple Vulnerabilities

Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type: =================================== Persistent...

The plant controller has a remote vulnerability and no patch-vulnerability warning-the black bar safety net

Power station use of an industrial control system has not patched the vulnerability, an attacker can remotely exploit it to gain network control. Remedy method? Turning off the function or replace the equipment. Power station use of an industrial control system has not patched the vulnerability, ...

MySQL 5.5.45 - procedure analyse Function Denial of Service

Exploit for multiple platform in category dos / poc !/usr/bin/env python Title: MySQL Procedure Analyse DoS Exploit Author: Osanda Malith Jayathissa @OsandaMalith E-Mail: osandacatunseen.is Version: Vulnerable upto MySQL 5.5.45 Original Write-up:...

Linknat VOS3000/VOS2009 SQL Injection

A SQL injection was found in Linknat VOS3000/VOS2009, a popular VoIP softswitch, that could allow remote attackers to gain access to the credentials stored in plain-text. Application: Linknat VOS3000/VOS2009 Versions Affected: 2.1.1.5, 2.1.1.8, 2.1.2.0 Vendor URL: http://www.linknat.com/ Bug: SQL...

Cisco ASA Software 8.x/9.x - IKEv1 / IKEv2 Buffer Overflow

!/usr/bin/env python2.7 import socket import sys import struct import string import random import time Spawns a reverse cisco CLI cliShellcode = "\x60\xc7\x02\x90\x67\xb9\x09\x8b\x45\xf8\x8b\x40\x5c\x8b\x40\x04" "\x8b\x40\x08\x8b\x40\x04\x8b\x00\x85\xc0\x74\x3b\x50\x8b\x40\x08"...

Cisco IOS-XE Fragmented Packet Resource Consumption Vulnerability

A vulnerability in the packet reassembly subsystem of Cisco IOS-XE could allow an unauthenticated, remote attacker to consume CPU resources which may lead to a denial of service DoS condition. The vulnerability is due to an error message that is triggered to the console and the syslog when a...

Cisco IOS XE Software SNMP Denial of Service Vulnerability

A vulnerability in the SNMP module of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to frequent polling of certain MIBs on an affected device. An attacker could exploit this vulnerability by sending continuou...

Cisco IOS XE Cisco Discovery Protocol Packet Processing Denial of Service Vulnerability

A vulnerability in Cisco Catalyst 4500 Series Switches running Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to improper processing of valid crafted Cisco Discovery Protocol packet...

GE Proficy HMI SCADA CIMPLICITY Privilege Management Vulnerability

OVERVIEW Zhou Yu of Acorn Network Security identified an improper privilege management vulnerability and recently released exploit code for the GE Proficy HMI/SCADA CIMPLICITY application without coordination with ICS-CERT, the vendor, or any other coordinating entity known to ICS-CERT. GE produc...

Here's the Exploit to Bypass Apple Security Feature that Fits in a Tweet

Did you install the latest update OS X 10.11.4? If yes, then you might be wondering with a fact that the Apple had delivered an ineffective patch update this time. Yes! This news would definitely disappoint many Apple users, as the latest update of OS X El Capitan 10.11.4 and iOS 9.3 still contai...

Trend Micro Deep Discovery Inspector 3.7 / 3.8 CSRF

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-DDI-CSRF.txt Vendor: ==================== www.trendmicro.com Product: ========================================= Trend Micro Deep Discovery Inspector V3.8, 3.7 Deep...

Linux/x86_x64 - execve/bin/sh - 25 bytes

Linux/x86x64 - execve/bin/sh - 25 bytes. Shellcode exploit for linx86-64 platform / --------------------------------------------------------------------------------------------------- Linux/x86x64 - execve/bin/sh - 25 bytes Ajith Kp @ajithkp560 http://www.terminalcoders.blogspot.com Om Asato Maa...

Trend Micro Deep Discovery Inspector 3.8/3.7 - Cross-Site Request Forgery

Exploit for php platform in category web applications + Credits: John Page aka hyp3rlinx Vendor: ==================== www.trendmicro.com Product: ========================================= Trend Micro Deep Discovery Inspector V3.8, 3.7 Deep Discovery Inspector is a network appliance that gives you...