Lazarus Guestbook 1.22 XSS / SQL Injection

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Exploit Title: Lazarus Guestbook 1.22 Multiple Persistent Cross-Site Scripting - Sql Injection Vulnerability Date: 23/12/2014 Url Vendor:...

PHPMyRecipes 1.2.2 - 'browse.php?category' SQL Injection

Exploit Title : phpMyRecipes 1.2.2 SQL injectionpage browse.php, parameter category Author : Manish Kishan Tanwar Download Link : http://prdownloads.sourceforge.net/php-myrecipes/phpMyRecipes-1.2.2.tar.gz?download Date : 23/12/2014 Discovered at : IndiShell Lab Love to : zero cool,Team...

eBay.com ocsnext CSS Injection

Exploit Title: eBay.com ocsnext sub-domain Reflected CSS injection Date: 20/12/2014 Author: Yann CAM @ Synetis - ASafety Vendor or Software Link: www.ebay.com Version: / Category: Reflected CSS injection Google dork: Tested on: eBay.com ocsnext sub-domain Adobe description :...

WordPress Plugin DB Backup - Arbitrary File Download

|||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | Exploit Title: Wordpress db-backup plugin File Download Vulnerability | | Google Dork: inurl:wp-content/plugins/db-backup/ | | Date : Date: 2014-11-26 | | Exploit Autho...

Joomla Mac Gallery 1.5 - Arbitrary File Download

No description provided by source. Exploit Title : Joomla Mac Gallery = 1.5 Arbitrary File Download Exploit Author : Claudio Viviani Vendor Homepage : https://www.apptha.com Software Link : https://www.apptha.com/downloadable/download/sample/sampleid/18 Dork Google: inurl:option=commacgallery Dat...

Seafile-server 3.1.5 - Remote Denial of Service

Exploit Title: ccnet-server remote DoS assert seafile-server = 3.1.5 Date: Sep 4, 2014 Exploit Author: retset Vendor Homepage: seafile.com Software Link: https://bitbucket.org/haiwen/seafile/downloads/seafile-server3.1.4win32.tar.gz Version: seafile-server 3.1.4 Tested on: Windows 7/seafile-serve...

WordPress Urban City Arbitrary File Download Vulnerability

WordPress Urban City theme suffers from an arbitrary file download vulnerability. Note that this finding houses site-specific data. |||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | Exploit Title: Wordpress urban city...

SHARP MX Series - Denial of Service

SHARP MX Series - Denial of Service Exploit Title: SHARP MX Series - Denial Of Service Date: 08/08/2014 Exploit Author: pws Vendor Homepage: Sharp Printers Firmware Link: Not found Tested on: Latest version Shodan d0rk: "SHARP Telnet server" 4000 devices CVE : None yet $ python -c 'print "A"200 +...

Joomla! Component Youtube Gallery 4.1.7 - SQL Injection

Joomla! Component Youtube Gallery 4.1.7 - SQL Injection Exploit Title: Joomla component comyoutubegallery - SQL Injection vulnerability Google Dork: inurl:index.php?option=comyoutubegallery Date: 15-07-2014 Exploit Author: Pham Van Khanh [email protected] Vendor Homepage:...

Open Web Analytics 1.5.7 Cross Site Scripting / Remote File Inclusion

Exploit Title : Open Web Analytics - v: 1.5.7 multiple vulnerability Author : Govind Singh aka NullPort Vendor : http://www.openwebanalytics.com/ Download Link : http://downloads.openwebanalytics.com/ Google Dork : "powered by Open Web Analytics" Date : 14/07/2014 Discovered at : IHT Lab 1ND14N...

HP Data Protector Manager 8.10 - Remote Command Execution

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: HP-Data-Protector-8.10 Remote command execution. Date: July 11 2014 Exploit Author: Christian Polunchis Ramirez https://intrusionlabs.org Exploit Author: Henoch Chanoc Barrera https://intrusionlabs.org...

HP Data Protector Manager 8.10 - Remote Command Execution

HP Data Protector Manager 8.10 - Remote Command Execution !/usr/bin/python Exploit Title: HP-Data-Protector-8.10 Remote command execution. Date: July 11 2014 Exploit Author: Christian Polunchis Ramirez https://intrusionlabs.org Exploit Author: Henoch Chanoc Barrera https://intrusionlabs.org...

Microsoft Internet Explorer 910 - CFormElement Use-After-Free Memory Corruption (PoC) (MS14-035)

Microsoft Internet Explorer 910 - CFormElement Use-After-Free Memory Corruption PoC MS14-035 loaded = false ; function func if loaded document.body.innerHTML = "" ; // free CFormElement input1 = document.getElementById"input1" ; input1.onclick = func ; loaded = true ; input1.click; // Call DoClic...

Atom CMS Shell Upload / SQL Injection / Bypass Vulnerabilities

Atom CMS suffers from remote shell upload and remote SQL injection vulnerabilities. Exploit Title : Atom CMS SQL Injection and file upload vulnerability Author : Jagriti Sahu Vendor : https://github.com/thedigicraft/Atom.CMS Date : 07/07/2014 Discovered at : IndiShell Lab Love to : Surbhi, Mradul...

FoeCMS Multiple Vulnerabilities

FoeCMS suffers from cross site scripting, open redirect, and remote SQL injection vulnerabilities. Exploit Title : FoeCMS multiple vulnerability Author : Govind Singh aka NullPort Vendor : http://foecms.com/ Download Link : https://github.com/themarioga/FoeCMS/archive/master.zip Date : 05/07/2014...

Traidnt UP - Cross-Site Request Forgery Add Admin Account

No description provided by source. Exploit Title: Traidnt UP - CSRF Add Admin Account Date: 24-09-2010 Author: G0D-F4Th3r Software Link: http://www.traidnt.net Software Download: http://traidntup.googlecode.com/files/Traidnt%20up%20V3.0.zip Version: 3.0 Exploit html body onload=javascript:fireFor...

MyBB Forum Userbar Plugin (Userbar 2.2) - SQL Injection

No description provided by source. ?--------------------------------------------------------------------- Exploit Title : MyBB Forum Userbar Plugin Userbar v2.2 --------------------------------------------------------------------- Author : MarioVs Date : 10/10/2011 Site : http://mariovs.pl/ @ :...

QQPlayer 2.3.696.400p1 (.wav) Denial of Service Vulnerability

No description provided by source. !/usr/bin/python Exploit Title: QQPlayer 2.3.696.400p1.wav Denial of Service Vulnerability Date: 07-09-2010 Author: Hadji Samir , s-Dzathotmaildotfr Software Link: www.qq.com Version: QQPlayer 2.3.696.400p1 Tested on: Windows XP sp2 CVE : Notes: Working with...

Wordpress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion

No description provided by source. Exploit Title: Mini Mail Dashboard Widget Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

iSO Filer Lite 2.1.0 - Directory Traversal

No description provided by source. Exploit Title: Filer Lite v2.1.0 for iPhone / iPod touch, Directory Traversal Date: 02/24/2011 Author: R3d@l3rt, Sp@2K, Sunlight, H@ckk3y Software Link : http://itunes.apple.com/kr/app/filer-lite-download-view-manage/id350939597?mt=8 Version: 2.1.0 Tested on:...