MyCustomers CMS 1.3.873 - SQL Injection

Exploit Title : MyCustomers Cms Sql Injection Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://www.iran-php.com/ Google Dork : "Powered By IranPHP" & inurl:/index.php?DPT=IP17 & "Powered+by+MyCustomers-1.3.873" Date: 2015/11/28 Version : 1.3 Vulnerable Paramter DPT= Demo:...

Mind Wave Softwares 1.2 SQL Injection

Exploit Title : Mind Wave Softwares SQL Injection Vulnerability Exploit Author : Persian Hack Team Vendor Homepage :http://www.minewave.com/ Google Dork : inurl:/pagedetails.php?mcatg= Tested On : Windows , Kali Linux Date: 2015/11/28 Demo: http://www.iconsolutions.in/pagedetails.php?mcatg=2'...

Tomabo MP4 Player 3.11.6 - Local Stack Overflow (SEH)

Tomabo MP4 Player 3.11.6 - Local Stack Overflow SEH !/usr/bin/python Exploit Title: Tomabo MP4 Player 3.11.6 SEH Based Stack Overflow Exploit Author: @yokoacc, @nudragn, @runggareksya Vendor Homepage: http://www.tomabo.com/ Software Link: http://www.tomabo.com/mp4-player/download.html Vulnerable...

Shadow Infosystem Arbitrary File Download Vulnerability

Exploit for php platform in category web applications |||||||||||||||||||||||||||||||||||||||||| |--------------------------------------------------------------| |+ Exploit Title: Shadow Infosystem Arbitrary File Download |+ |+ Exploit Author: Ashiyane Digital Security Team |+ |+ Vendor Homepage:...

WordPress ALO EasyMail Newsletter 2.6 CSRF / Cross Site Scripting

Exploit Title: Wordpress ALO EasyMail Newsletter CSRF/XSS Exploit Author: Ashiyane Digital Security Team Vendor Homepage: https://wordpress.org/plugins/alo-easymail/ Software Link: https://downloads.wordpress.org/plugin/alo-easymail.2.6.00.zip Version: 2.6 Date: 2015-09-15 Tested on: windows 7...

WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting

WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting Exploit Title: Wordpress White-Label Framework XSS Google Dork: inurl:/wp-content/themes/whitelabel-framework/inc/form-sharebymailiframe.php Date: 7 September 2015 Exploit Author: Outlasted Software Link: wordpress.com /...

YesWiki 0.2 /wakka.php Path Traversal Vulnerability

Date: 2015-09-02 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: http://yeswiki.net Software Link: https://github.com/YesWiki/yeswiki Version: yeswiki 0.2 Tested on: Debian Wheezy CVE :...

YesWiki 0.2 - 'squelette' Directory Traversal

Exploit Title: YESWIKI 0.2 - Path Traversal Date: 2015-09-02 Exploit Author: HaHwul Exploit Author Blog: http://www.codeblack.net Vendor Homepage: http://yeswiki.net Software Link: https://github.com/YesWiki/yeswiki Version: yeswiki 0.2 Tested on: Debian Wheezy CVE : none...

BSIGN 0.4.5 Buffer Overflow

Exploit Author: Juan Sacco - http://www.exploitpack.com Program: bsign - embed and verify secure hashes and digital signatures Tested on: GNU/Linux - Kali Linux 2.0 Description: BSIGN v0.4.5 and prior is prone to a stack-based buffer overflow vulnerability because the application fails to perform...

Keeper IP Camera 3.2.2.10 - Authentication Bypass Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Keeper IP Camera - Authentication Bypass Date: 25/08/2015 Exploit Author: RAT - ThiefKing Vendor Homepage: http://www.keeper.cn/en/Camera-ip.asp Version: 3.2.2.10 WEB Version: 6.1.17.192 Tested on: QB200W, QB130W, QA130W,...

AN IT CMS - SQL Injection Vulnerability

========================================================== + Title :- WAN IT CMS - SQL Injection Vulnerability + Date :- 23 - July - 2015 + Vendor Homepage :- http://www.wanitltd.com/ + Version :- All Versions + Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows + Category :- webapps + Google...

Alibaba Clone B2B Marketplace Script Shell Upload Vulnerability

Alibaba Clone B2B Marketplace Script Shell Upload Vulnerability All Versions Usage Info Usage:alibaba.php host shell-file.php Ex:alibaba.php www.example.com c99.php Test : php alibaba.php tibastore.com c99.php php alibaba.php hechoenmexicob2b.com c99.php $val $data .= "--$boundary\n"; $data .=...

MASM321 11 Quick Editor '.qeditor' 4.0g - '.qse' File Buffer Overflow (SEH) (ASLR + SafeSEH Bypass)

!/usr/bin/env python Exploit Title: MASM32 quick editor .QSE SEH Based Buffer Overflow ASLR & SAFESEH bypass Date: 2015-08-15 Exploit Author: St0rn Twitter: st0rnpentest Vendor Homepage: http://www.masm32.com/ Software Link: http://www.masm32.com/masmdl.htm Version: MASM32 11 qeditor 4.0g Tested...

FileZilla Client 2.2.x - Remote Buffer Overflow (SEH)

Exploit Title: Filezilla client 2.2.X SEH buffer overflow exploit Date: 02/08/2015 Exploit Author: ly0n Vendor Homepage: filezilla-project.org/ Software Link: http://www.oldapps.com/filezilla.php?app=7cdf14e88e9dfa85fb661c1c6e649e90 Version: tested on filezilla 2.2.21 Tested on: Windows XP sp3...

WebStorm Web Design SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : WebStorm Web Design SQL Injection Vulnerability Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://www.webstorm.ca Google Dork 1 : "Web Design and Hosting by WebStorm" inurl:listingdetail.php?id= Google Do...

Medical Website Design SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Medical Website Design SQL Injection Vulnerability Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://www.medicalpracticewebsitedesign.com/ Google Dork : "Medical Practice Website Design" inurl:.php?newsid...

Wordpress S3Bubble Cloud Video With Adverts & Analytics 0.7 - Arbitrary File Download Vulnerabil

Exploit for php platform in category web applications Exploit Title: Wordpress S3Bubble Cloud Video With Adverts & Analytics - Arbitrary File Download Google Dork: inurl:/plugins/s3bubble-amazon-s3-html-5-video-with-adverts/ Date: 04/07/2015 Exploit Author: CrashBandicot @DosPerl Vendor Homepage:...

Symantec Endpoint Protection 12.1.4013 - Service Disabling

Symantec Endpoint Protection 12.1.4013 - Service Disabling Exploit Title: Antivirus Google Dork: intitle: Antivirus Date: 2015-07-07 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.symantec.com Software Link: www.symantec.com/endpoint-protection...

ABH WORLD SQL Injection

========================================================= + Title :- ABH WORLD CMS - SQL Injection Vulnerability + Date :- 19 - June - 2015 + Vendor Homepage: :- https://abhworld.com/ + Version :- All Versions + Tested on :- Nginx/1.4.5, PHP/5.2.17, Linux - Windows + Category :- webapps + Google...

foobar2000 1.3.8 - '.m3u' Local Crash (PoC)

Exploit Title: foobar2000 1.3.8 .m3u Local Crash PoC Date: 12-06-2015 Exploit Author: 0neb1n Vendor Homepage: http://www.foobar2000.org/ Software Link: http://www.foobar2000.org/getfile/e246984718ab7ab58fa1e0b072ff05a4/foobar2000v1.3.8.exe Version: 1.3.8 Tested on: Windows XP SP3 KOR file =...