Symantec Web Gateway 5.0.2 (blocked.php id parameter) Blind SQL Injection

No description provided by source. !/usr/bin/python Exploit Title: Symantec Web Gateway 5.0.2 blocked.php id parameter Blind SQL Injection Date: Jul 23 2012 Author: muts Version: Symantec Web Gateway 5.0.2 Vendor URL: http://www.symantec.com Timeline: 29 May 2012: Vulnerability reported to CERT 3...

IPSwitch IMail Server WEB client 12.4 persistent XSS

Exploit for windows platform in category web applications Exploit Title: IPSwitch IMail Server WEB client 12.4 persistent XSS Google Dork: Date: 3 june 2014 Exploit Author: Peru GoSecure! Vendor Homepage: www.ipswitch.com Software Link: http://www.imailserver.com/try/ Version: Tested on 12.3 and...

WordPress bib2html 0.9.3 Cross Site Scripting Vulnerability

WordPress bib2html plugin version 0.9.3 suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data. |||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | Exploit Title: Wordpress...

CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow

Exploit for windows platform in category local exploits !/usr/bin/perl Exploit Title: CyberLink Power2Go Essential 9.0.1002.0 - Registry SEH/Unicode Buffer Overflow Discovery date: 11-26-2013 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software/Version: CyberLink Power2Go 9...

WordPress thecotton Themes Remote File Upload Vulnerability

@@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@...

vBulletin 5.1 Cross Site Scripting

Exploit Title: vBulletin 5.1 Multiple XSS vulnerabilities Authors: Romanian Security Team Website: https://rstforums.com/forum/ Date published: 19 April 2014 Software: vBulletin Version: 5.1.1 Alpha 9 XSS Random topic -...

Madss Software Solution SQL Injection

Exploit Title : Developed by Madss Software Solution Login page Bypass Vulnerability Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://madsssoftwaresolution.com Tested on: Windows 7 , Linux Google Dork : intext:"Developed by Madss Software Solution Pvt. Ltd." Date: 2014/4/1...

ICOMM 610 Wireless Modem - CSRF Vulnerability

Exploit for hardware platform in category web applications Exploit Title : ICOMM 610 Wireless Modem CSRF Vulnerability Google dork : N/A Date : 02/04/2014 Exploit Author : Blessen Thomas Vendor Homepage : http://www.icommtele.com/ Software Link : N/A Version : ICOMM 610 Tested on : Device softwar...

WordPress Kiddo Theme "uploadify.php"任意文件上传漏洞

WordPress Kiddo是WordPress的儿童主题。 WordPress Kiddo的/wp-content/themes/kiddo/app/assets/js/uploadify/uploadify.php脚本允许上传任意扩展名的文件到webroot的文件夹内，如果上传的文件包含恶意PHP脚本，即可导致执行任意PHP代码。 0 WordPress Kiddo 1.x 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

PCMan FTP Server 2.07 - 'CWD' Remote Buffer Overflow

Exploit Title: PCMAN FTP 2.07 CWD Command Buffer Overflow Date: Jan 25,2014 Exploit Author: Mahmod Mahajna Mahy Version: 2.07 Tested on: Windows 7 sp1 x64 english Email: [email protected] import socket as s from sys import argv iflenargv != 4: print "USAGE: %s host " % argv0 exit1 else: store...

Oracle Outside In MDB - File Parsing Stack Buffer Overflow (PoC)

!/usr/bin/python Exploit Title: Oracle Outside In MDB File Parsing Stack Based Buffer Overflow PoC Date: 16th January 2014 PoC Author: Citadelo Vendor Homepage: http://www.oracle.com Software Link: http://www.oracle.com/us/technologies/embedded/025613.htm Version: = 8.4.1.52 and 8.4.0.108 CVE :...

SoapUI 4.6.3 - Remote Code Execution Vulnerability

Exploit for windows platform in category remote exploits Exploit Title: SoapUI Remote Code Execution Date: 25.12.13 Exploit Author: Barak Tawily Vendor Homepage: http://www.soapui.org/ Software Link: http://www.soapui.org/Downloads/download-soapui-pro-trial.html Version: vulnerable before 4.6.4...

ALLPlayer 5.7 - '.m3u' UNICODE Buffer Overflow (SEH)

!/usr/bin/perl Exploit Title: ALLPlayer 5.7 .m3u - SEH Buffer Overflow Unicode Date: 11-23-2013 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software: ALLPlayer 5.7 Software Link: http://www.allplayer.org/download/allplayer Version: 5.7 Tested On: Windows XP SP3 and Windows 7 P...

WordPress Elemin Shell Upload

Exploit Title : Wordpress Themes Elemin Arbitrary File Upload Vulnerability Author : ReC0ded Vendor : http://themify.me/ Download : http://themify.me/themes/Elemin Date : 22, November 2013. Type : php, html, htm, asp, etc. Category : Web Applications Vulnerability : File Upload Tested On : Window...

ImpressPages CMS 3.8 - Persistent Cross-Site Scripting

ImpressPages CMS 3.8 - Persistent Cross-Site Scripting Exploit Title:stored vulnerability Author: sajith version: ImpressPages CMS v3.8 vulnerable app link:http://www.impresspages.org/download/ steps: 1 log into the admin panel http://127.0.0.1/cms/ImpressPages/?cmsaction=manage 2click on advance...

Light Alloy 4.7.3 - .m3u Local Buffer Overflow (SEH Unicode)

Light Alloy 4.7.3 - .m3u Local Buffer Overflow SEH Unicode !/usr/bin/perl Exploit Title: Light Alloy 4.7.3 .m3u - SEH Buffer Overflow Unicode Date: 11-18-2013 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software: Light Alloy v4.7.3 Vendor Site: http://www.light-alloy.ru/...

Light Alloy 4.7.3 - '.m3u' Local Buffer Overflow (SEH Unicode)

!/usr/bin/perl Exploit Title: Light Alloy 4.7.3 .m3u - SEH Buffer Overflow Unicode Date: 11-18-2013 Exploit Author: Mike Czumak Tv3rn1x -- @SecuritySift Vulnerable Software: Light Alloy v4.7.3 Vendor Site: http://www.light-alloy.ru/ Vulnerable Software Link:...

Testa Online Test Management SQL Injection

Exploit Title : Testa Online Test Management Sql Injection / Login page Bypass Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://testa.cc/ Software Link Download : http://download.aftab.cc/products/testa/Testawos2.0.0.2.zip Google Dork : intitle:Testa Online Test Management...

Anya Web Solutions SQL Injection Bypass

Exploit Title : Anya Web Solutions Login Page Bypass Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://www.anyawebsolutions.com Google Dork : intext:"Powered by Anya Web Solutions" inurl:asp Date: 2013/10/14 Tested on: Windows 7 , Linux...

ONO Hitron CDE-30364 Router Denial Of Service

!/usr/bin/python ----------------------------------------------------------------------------------------- Description: ----------------------------------------------------------------------------------------- Hitron Technologies CDE-30364 is a famous ONO Router. The Hitron Technologies CDE-30364...