Social Sites MyBB Plugin 0.2.2 - Cross-Site Scripting

Exploit Title: Social Sites MyBB Plugin 0.2.2 Cross Site Scripting Google Dork: inurl:usercp.php?action=socialsites Date: 13.12.2012 Exploit Author: s3m00t Vendor Homepage: http://mattrogowski.co.uk/mybb/ Software Link: http://mods.mybb.com/view/social-sites Version: 0.2.2 Tested on: PHP Reason:...

MyBB kingchat 插件'username'参数SQL注入漏洞

BUGTRAQ ID: 56787 MyBB kingchat插件可允许您与其他用户交流。 MyBB kingchat插件的username参数没有正确过滤，存在SQL注入漏洞，成功利用可允许攻击者非法操作数据库，窃取信息。 0 MyBB kingchat 厂商补丁： MyBB ---- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://mods.mybb.com/view/kingchat Exploit Title: KingChat MyBB plugin SQL Injection 0day Google Dork:...

WordPress Myflash Local File Inclusion

|| | || || | | | | 0 | In the name of GOD | -|- | | | ||||| Exploit Title: Wordpress Myflash Plugin | Local File Inclusion Vulnerability | Google Dork: inurl:"/myflash/myextractXML.php?path=" Exploit Author: Ashiyane Digital Security Team Category: Web Application Tested on: Windows 7 | | Locatio...

ES CmS 0.1 Sql Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: ES CmS 0.1 Sql Injection Vulnerability Google Dork: inurl:/page.php?id= Date: 2012 Exploit Author: MR.XpR Software Link: http://es-cms.com , http://sourceforge.net/projects/escms/files/esCMS Alpha/0.1/escmsalphav01.zip Version:...

ES CMS 0.1 SQL Injection

Exploit Title: ES CmS 0.1 Sql Injection Vulnerability Google Dork: inurl:/page.php?id= Date: 2012 Exploit Author: MR.XpR Software Link: http://es-cms.com , http://sourceforge.net/projects/escms/files/esCMS Alpha/0.1/escmsalphav01.zip Version: v.0.1 Tested on: BT , 7 Poc :...

ES CmS 0.1 - SQL Injection

Exploit Title: ES CmS 0.1 Sql Injection Vulnerability Google Dork: inurl:/page.php?id= Date: 2012 Exploit Author: MR.XpR Software Link: http://es-cms.com , http://sourceforge.net/projects/escms/files/esCMS Alpha/0.1/escmsalphav01.zip Version: v.0.1 Tested on: BT , 7 Poc :...

WordPress Zarzadzanie Kontem Shell Upload

|| | || || | | | | 0 | In the name of GOD | -|- | | | ||||| Exploit Title: Wordpress zarzadzaniekontem Plugin | Arbitrary File Upload Vulnerability | Google Dork: inurl:"/wp-content/plugins/zarzadzaniekontem/" Exploit Author: Ashiyane Digital Security Team Category: Web Application Tested on:...

Yii Framework 1.1.8 Search SQL Injection

Exploit Title: Yii Framework - Search SQL Injection Vulnerability Google Dork: No Dork Date: 20/11/2012 Exploit Author: Junookyo Vendor Homepage: http://www.yiiframework.com/ Software Link: http://www.yiiframework.com/download/ Version: 1.1.8 maybe another version Vulnerability: SQL Injection via...

WordPress Madebymilk SQL Injection

|| | || || | | | | 0 | In the name of GOD | -|- | | | ||||| Exploit Title: Wordpress madebymilk Theme SQL Injection | Google Dork: inurl:/madebymilk/voting-popup.php | Exploit Author: Ashiyane Digital Security Team Category: Web Application Tested on: Windows 7 | | Location:...

WordPress ArribaLaEsteban SQL Injection

|| | || || | | | | 0 | In the name of GOD | -|- | | | ||||| Exploit Title:Wordpress | ArribaLaEsteban theme SQL Injection Vulnerability | Google Dork: inurl:/estadisticas/fichajugador.php Exploit Author: Ashiyane Digital Security Team Category: Web Application Tested on: Windows 7 | | Location:...

MYRE Realty Manager - Multiple Vulnerabilities

Exploit Title:MYRE Realty Manager Multiple Vulnerabilities Date: 13.10.201 Exploit Author: d3b4g Vendor Homepage:http://myrephp.com Software Link: http://myrephp.com/demo2/ Tested on: Windows 7 Blog: d3b4g.me ---------------------------------------------------------------------------------- SQL...

Myrephp Business Directory - Multiple Vulnerabilities

Exploit Title: Myrephp Business Directory, Multiple Vulnerabilities Date: 13.10.201 Exploit Author: d3b4g Vendor Homepage:http://myrephp.com Software Link: http://myrephp.com/biz/ Tested on: Windows 7 Blog: d3b4g.me ---------------------------------------------------------------------------------...

MYREphp Vacation Rental Software - Multiple Vulnerabilities

Exploit Title: MYREphp Vacation Rental Software Multiple Vulnerabilities Date: 13.10.201 Exploit Author: d3b4g Vendor Homepage:http://myrephp.com Software Link: http://myrephp.com/vacation/ Tested on: Windows 7 Blog: d3b4g.me...

BigAnt Server 2.52 Stack Overflow Vulnerability

BigAnt Server version 2.52 SP5 SEH stack overflow ROP-based exploit with ASLR and DEP bypass. Exploit Title: BigAnt Server 2.52 SP5 SEH Stack Overflow ROP-based exploit ASLR + DEP bypass Date: 03/11/2012 Exploit Author: Lorenzo Cantoni Vendor Homepage: http://www.bigantsoft.com/ Version: BigAnt...

MyBB Profile Albums Plugin 0.9 - 'albums.php?album' SQL Injection

Exploit Title: Profile Albums MyBB plugin SQL Injection 0day Google Dork: inurl:albums.php intext:"powered by Mybb" Date: 14.10.2012 Exploit Author: Zixem Software Link: http://mods.mybb.com/view/profilealbums Version: 0.9 Tested on: Linux. ---------------------------------------------- The...

Joomla Component com_fabrik File Upload Vulnerability

Exploit for php platform in category web applications $ $ +================================================= ================+ | Joomla Component comFabrik Remote Shell Upload Vulnerability | +================================================= ================+ Google Dork :...

Knowledge Base Enterprise Edition 4.62.0 - SQL Injection

Knowledge Base Enterprise Edition 4.62.0 - SQL Injection Exploit Author: Vulnerability-Lab Title: ====== Knowledge Base EE v4.62.0 - SQL Injection Vulnerability Date: ===== 2012-09-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=702 VL-ID: ===== 702 Common...

Sitecom MD-25x - Multiple Vulnerabilities

Sitecom MD-25x - Multiple Vulnerabilities !/usr/bin/python Exploit Title: Sitecom MD-253 and MD-254 Network Storage Reverse Shell Exploit Date: 09/11/12 Exploit Author: Mattijs van Ommeren mattijs at alcyon dot nl Vendor Homepage: http://www.sitecom.com Software Link:...

BitraNet SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title = BitraNet - SQL Injection Vulnerability Google Dork = "Powered by : BitraNet" Exploit Author = Zikou-16 My Facebook = http://www.facebook.com/ZIkOou.16 Software Link = http://www.bitranet.com/ Exploit =...

AraDown Blind SQL Injection Vulnerability

Exploit for php platform in category web applications "; $target = stdin; $ar = array'1','2','3','4','5','6','7','8','9','0','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z'; echo " Username : "; for$i=1;$i=3...