WiFi HD 8.1 - Directory Traversal / Denial of Service

Exploit Title: WiFi HD 8.1 - Directory Traversal and Denial of Service Date: 2015-05-27 Exploit Author: Wh1t3Rh1n0 Michael Allen Vendor Homepage: http://www.savysoda.com Software Link: http://www.savysoda.com/WiFiHD/ Version: 8.1 Apr 1, 2015 Tested on: iPhone Disclosure Timeline: 2015-05-30: Vend...

WordPress Plugin Free Counter 1.1 - Persistent Cross-Site Scripting

Exploit Title: WordPress Free Counter Plugin Stored XSS Date: 2015/05/25 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: http://www.free-counter.org Software Link: https://wordpress.org/plugins/free-counter/ Version: 1.1 Tested on: WordPress 4.2.2...

BisonWare FTP Server 3.5 Buffer Overflow Exploit

BisonWare FTP Server version 3.5 buffer overflow proof of concept exploit for Windows XP SP3. !/usr/bin/python Exploit Title: BisonWare FTP Server Version 3.5 Egg Hunting Exploits Date: 22 April,2015 Exploit Author: Bikash Dash www.vulnerableghost.com Version: BisonWare FTP Server Version 3.5...

WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (2)

Exploit Title : WordPress MiwoFTP Plugin 1.0.5 = Arbitrary File Download Exploit Author : Dadou Dz Software Link : Premium Dork Google: inurl:commiwoftp Affected version: 1.0.5 Vendor Homepage: http://miwisoft.com/wordpress-plugins/miwoftp-wordpress-file-managerchangelog Date : 2015-04-20 Tested ...

Wolf CMS 0.8.2 Shell Upload

,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : Wolf CMS Arbitrary File Upload Exploit Date : 16 April...

WordPress Plugin Ajax Store Locator 1.2 - SQL Injection

WordPress Plugin Ajax Store Locator 1.2 - SQL Injection Exploit Title : Wordpress Ajax Store Locator = 5.0.12 AND time-based blind SELECT' injectable for the remaining tests, do you want to include all tests for 'MySQ...

WordPress Plugin WP Mobile Edition 2.7 - Remote File Disclosure

WordPress Plugin WP Mobile Edition 2.7 - Remote File Disclosure Exploit Title: Wordpress Plugin 'WP Mobile Edition' Remote File Disclosure Vulnerability Date: April 11, 2015 Exploit Author: @LookHin Khwanchai Kaewyos Google Dork: inurl:?fdxswitcher=mobile Vendor Homepage:...

WebGate eDVR Manager 2.6.4 - Connect Method Stack Buffer Overflow

var arg1="PraveenD"; var arg2=1; var arg3= ""; var arg4="PraveenD"; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i1664; i++ arg3 += "B"; var nseh = "\xeb\x10PD"; //WESPSerialPort.dll0x100104e7 = pop pop ret var seh = "\xe7\x04\x01\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...

WebGate eDVR Manager 2.6.4 - AudioOnlySiteChannel Stack Buffer Overflow

WebGate eDVR Manager 2.6.4 - AudioOnlySiteChannel Stack Buffer Overflow var arg1 = ""; var arg2 = 1; var arg3 = 1; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i128; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; var seh = "\xa0\xf2\x07\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...

WebGate eDVR Manager 2.6.4 - SiteChannel Property Stack Buffer Overflow

WebGate eDVR Manager 2.6.4 - SiteChannel Property Stack Buffer Overflow var arg1 = ""; var arg2 = 1; var arg3 = 1; var nops = ""; var shellcode = ""; var buff2 = ""; for i=0; i128; i++ arg1 += "B"; var nseh = "\xeb\x10PD"; var seh = "\xa0\xf2\x07\x10"; for i=0;i80; i++ nops += "\x90"; shellcode =...

Joomla FormMaker Component - SQL Injection Vulnerability

Usage Info python sqlmap.py -u "http://localhost/index.php?option=comformmaker&view=formmaker&id=-5653&Itemid=45" --dbs Exploit Title: Joomla FormMaker Component - SQL Injection Vulnerability Google Dork: Y0ur Brain Date: 28.03.2015 Exploit Author: CrashBandicot @DosPerl Vendor HomePage:...

WordPress Marketplace 2.4.0 Add Administrator

!/usr/bin/python Exploit Name: WP Marketplace 2.4.0 Remote Command Execution Vulnerability discovered by Kacper Szurek http://security.szurek.pl Exploit written by Claudio Viviani -------------------------------------------------------------------- The vulnerable function is located on...

Traidnt Up 3.0 SQL injection Exploit

Exploit for php platform in category web applications '; else echo ' http://site.com/path/: user: &n...

MooPlayer 1.3.0 - m3u SEH Buffer Overflow PoC

Exploit for windows platform in category local exploits !/usr/bin/env python Exploit Title: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC Date Discovered: 09-02-2015 Exploit Author: Samandeep Singh SaMaN - @samanL33T Vulnerable Software: Moo player 1.3.0 Software Link: https://mooplayer.jaleco.co...

MooPlayer 1.3.0 - 'm3u' Buffer Overflow (SEH) (PoC)

!/usr/bin/env python Exploit Title: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC Date Discovered: 09-02-2015 Exploit Author: Samandeep Singh SaMaN - @samanL33T Vulnerable Software: Moo player 1.3.0 Software Link: https://mooplayer.jaleco.com/ Vendor site: https://mooplayer.jaleco.com/ Version:...

RedaxScript CMS 2.2.0 - SQL Injection

Exploit Title: Radexscript CMS 2.2.0 - SQL Injection vulnerability Google Dork: N/A Date: 02/09/2015 Exploit Author: Pham Kien Cuong [email protected] & ITAS Team www.itas.vn Vendor Homepage: http://redaxscript.com/ Software Link: http://redaxscript.com/download/releases Version: Redaxscript...

ManageEngine Desktop Central 9 Build 90087 - Cross-Site Request Forgery

:8020/STATEID/1417736606982/roleMgmt.do?actionToCall=addUser&SUBREQUEST=XMLHTTP" method="POST" input type="hidden"...

Sefrengo CMS 1.6.1 - Multiple SQL Injection Vulnerabilities

Sefrengo CMS version 1.6.1 suffers from multiple remote SQL injection vulnerabilities. Exploit Title: Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities Google Dork: N/A Date: 01/26/2015 Exploit Author: Nguyen Hung Tuan email protected & ITAS Team www.itas.vn Vendor Homepage:...

Iconium Nexus Theme - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title:Iconium Nexus Theme - SQL İnjection vulnerability Google Dork: intext:Powered by İconium Mühendislik Date: 03.02.2015 Exploit Author: Herdem Vendor Homepage: http://iconiummuhendislik.com Version: All Versions Tested on: Windows ...

ManageEngine Firewall Analyzer 8.0 - Directory Traversal/XSS Vulnerabilities

Exploit for hardware platform in category web applications ...:::::ManageEngine Firewall Analyzer Directory Traversal/XSS Vulnerabilities::::.... Sobhan System Network & Security Group sobhansys ------------------------------------------------------- Date: 2015-01-28 Exploit Author: AmirHadi...