TP-LINK TD-W8151N - Denial of Service

Exploit Title: TP-LINK TD-W8151N - Denial of Service Date: 2016-12-13 Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM Home : http://persian-team.ir/ Tested on: Windows AND Linux Demo : https://www.youtube.com/watch?v=WrGgHvhiCGg POC : flagFresh Parameter Vulnerable POST...

ARG-W4 ADSL Router Denial Of Service / Cross Site Request Forgery

Exploit Title: ARG-W4 ADSL Router - Multiple Vulnerabilities Date: 2016-12-11 Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM Tested on: Windows AND Linux Exploit Demo : http://persian-team.ir/showthread.php?tid=196 1 - Denial of Service !/usr/bin/python import urllib2 import...

Netgear R7000 - Cross-Site Scripting Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Netgear R7000 - XSS via. DHCP hostname Date: 11-12-2016 Exploit Author: Vincent Yiu Contact: https://twitter.com/vysecurity Vendor Homepage: https://www.netgear.com/ Category: Hardware / WebApp Version: V1.0.7.21.1.93 +...

WordPress Plugin Olimometer 2.56 - SQL Injection

Exploit Title: Olimometer Plugin for WordPress – Sql Injection Date: 14/11/2016 Exploit Author: TAD GROUP Vendor Homepage: https://wordpress.org/plugins/olimometer/ Software Link: https://wordpress.org/plugins/olimometer/ Contact: infoattad.group Website: https://tad.group Category: Web Applicati...

Wordpress BBS e-Franchise 1.1.1 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: BBS e-Franchise 1.1.1 Plugin of WordPress – Sql Injection Date: 12/11/2016 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/bbs-e-franchise/ Software Link: https://wordpress.org/plugins/bbs-e-franchise/...

SweetRice 1.5.1 - Arbitrary File Download

SweetRice 1.5.1 - Arbitrary File Download /usr/bin/python -- Coding: utf-8 -- Exploit Title: SweetRice 1.5.1 - Local File Inclusion Exploit Author: Ashiyane Digital Security Team Date: 03-11-2016 Vendor: http://www.basic-cms.org/ Software Link:...

nodCMS - Cross-Site Request Forgery

nodCMS - Cross-Site Request Forgery Exploit Title : nodcms Cross Site Request Forgery Author : Ashiyane Digital Security Team Google Dork : - Date : 29/10/2016 Type : webapps Platform : PHP Vendor Homepage : http://www.nodcms.com/en Software link :...

Redaxo 5.2.0 - Cross-Site Request Forgery

Exploit Title : redaxo CMS CSRFAdd Admin Author : Ashiyane Digital Security Team Google Dork : intitle:Login · REDAXO Date : 1/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://www.redaxo.org/ Software link :http://www.redaxo.org/de/download/file/?f=redaxo5.2.0.zip Version : 5.2lates...

Vivaldi 1.4.589.11 DLL Hijacking

Exploit Title: Vivaldi browser DLL Hijacking Author: Ashiyane Digital Security Team Vendor Homepage: https://vivaldi.com/ software link: https://downloads.vivaldi.com/stable/Vivaldi.1.4.589.11.exe Tested on:Windows 7 Date: 13-09-2016...

Oracle VM VirtualBox 4.3.28 - '.ovf' Crash (PoC)

Exploit Title: Oracle VM VirtualBox 4.3.28 Crash Author: sultan albalawi Tested on:win7 open viryualbox --ctrl+i--choose file --double+double+double next ban= '\x0d\x0a\x20\x20\x20\x20\x20\x20\x20\x5c\x20\x20\x20\x2d\x20\x20' ban+='\x2d\x20\x20\x2d\x20\x3c\x73\x65\x72\x76\x65\x72\x3e\x20\x20\x2d'...

ApPHP MicroBlog 1.0.2 Cross Site Request Forgery

Exploit Title : ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery Add New Author Author : Besim Google Dork : Date : 12/10/2016 Type : webapps Platform : PHP Vendor Homepage : - Software link : http://www.scriptdungeon.com/jump.php?ScriptID=9162 CSRF PoC function submitRequest var xhr = new...

BirdBlog 1.4.0 - (Add New Post) Cross-Site Request Forgery

Exploit for php platform in category web applications document.forms0.submit; !--...

WordPress Plugin RB Agency 2.4.7 - Local File Disclosure

WordPress Plugin RB Agency 2.4.7 - Local File Disclosure Exploit Title : WordPress RB Agency 2.4.7 Plugin - Local File Disclosure Exploit Author : Persian Hack Team Vendor Homepage : http://rbplugin.com/ Category Webapps Tested on Win Version : 2.4.7 Date 2016/09/03 PoC The Vulnerable page is...

KV Site Admin CMS 3.0 SQL Injection

Exploit Title : KV Site Admin CMS 3.0 SQL injection Vulnerability Exploit Author : xBADGIRL21 Dork : e.World Technology Ltd. All rights reserved "Admin Area - Version 3.0" Version: 3.0 MyBlog: http://xbadgirl21.blogspot.com Tested on: BackBox skype:xbadgirl21 Video Proof :...

Linux/x86-64 - Ncat Shellcode (SSL, MultiChannel, Persistant, Fork, IPv4/6, Password) (176 bytes)

include include // Exploit Title: Linux 64bit Ncat + SSL + MultiChannel + Persistant + Fork + IPv4/6 + Password 176byte // Date: 7/5/2016 // Exploit Author: CripSlick // Tested on: Kali 2.0 // Version: Ncat: Version 7.01 // email protected // OffSec ID: OS-20614 // http://50.112.22.183/...

XuezhuLi FileSharing Cross Site Request Forgery

document.forms.csrfpoc.submit; cat /srv/userlists.txt aaaa csrftest --...

XuezhuLi FileSharing Path Traversal

Exploit Title: XuezhuLi FileSharing - Path Traversal Vulnerability Date: 2016-06-23 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/XuezhuLi Software Link: https://github.com/XuezhuLi/FileSharing/archive/master.zip Version: Latest commit Tested on:...

Airia Cross Site Request Forgery

document.forms.csrfpoc.submit;...

Electroweb Online Examination System 1.0 SQL Injection

Exploit Title: Online examination system 1.0 - SQL Injection Google Dork: inurl:showtest.php?subid= Date: 2016/06/05 Exploit Author: Ali Ghanbari Vendor Homepage: http://www.onlinefreeprojectdownload.com Sofware Link :...

WordPress Event Registration 6.02.02 XSS / SQL Injection

Exploit Title: WordPress Plugin event-registration 6.02.02: SQL-Injection and persistent XSS Discovery Date: 2016/03/13 Public Disclosure Date: 2016/05/09 Exploit Author: Michael Helwig Contact: https://twitter.com/c0dmtr1x | https://codemetrix.net Vendor Homepage: http://wpeventregister.com/...