Joomla 1.7 / 2.5 Civicrm Arbitrary File Upload

Exploit Title: joomla 1.7 & 2.5 comcivicrm Arbitrary File Upload Vulnerability Google Dork: inurl:/components/comcivicrm/ Date: 08/22/2012 Author: Crim3R download Link : http://sourceforge.net/projects/civicrm/files/civicrm-stable/ Tested on: all ================================== D3m0:...

PG Portal Pro - Cross-Site Request Forgery

Exploit Title: PG Portal pro CSRF Vulnerability Author: Noxious Team: WE SECRET Gr33tz: Fox link:http://www.hotscripts.com/listing/pg-portal-pro/ CSRF Change Password New Password: Confirm New Password:...

E-Mail Security Virtual Appliance (EVSA) Remote Command Execution

Exploit Title: E-Mail Security Virtual Appliance ESVA Remote Execution. Date: 10 Aug 2012 Exploit Author: iJoo Vendor Homepage: http://www.esvacommunity.com/ Software Link: http://sourceforge.net/projects/esva-project/ Version: ; while$cmd ! "exit" $content = ""; $ua = LWP::UserAgent-new;...

AraDown Blind SQL Injection Vulnerability

Exploit for php platform in category web applications "; $target = stdin; $ar = array'1','2','3','4','5','6','7','8','9','0','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z'; echo " Username : "; for$i=1;$i=3...

Joomla! Component com_joomgalaxy 1.2.0.4 - Multiple Vulnerabilities

Exploit Title: Joomla joomgalaxy 1.2.0.4 Multiple Vulnerabilites dork: inurl:comjoomgalaxy Date: 01-08-2012 Author: Daniel Barragan "D4NB4R" Twitter: @D4NB4R site: http://poisonsecurity.wordpress.com/ Vendor: http://www.joomgalaxy.com/ Version: 1.2.0.4 last update on Jul 27, 2012 License:...

pBot - Remote Code Execution

pBot - Remote Code Execution !/usr/bin/perl Exploit Title: pBot Remote Code Execution "" hostauth Date: 31.07.2012 Exploit Author: @bwallHatesTwits Software Link: https://www.firebwall.com/decoding/read.php?u=620d21fd31b87046e94975e03fdafa8a decoded from attempted attack Version: Various versions...

pBot - Remote Code Execution

!/usr/bin/perl Exploit Title: pBot Remote Code Execution "" hostauth Date: 31.07.2012 Exploit Author: @bwallHatesTwits Software Link: https://www.firebwall.com/decoding/read.php?u=620d21fd31b87046e94975e03fdafa8a decoded from attempted attack Version: Various versions Tested on: Linux 3.2 use...

pBot Remote Code Execution

!/usr/bin/perl Exploit Title: pBot Remote Code Execution "" hostauth Date: 31.07.2012 Exploit Author: @bwallHatesTwits Software Link: https://www.firebwall.com/decoding/read.php?u=620d21fd31b87046e94975e03fdafa8a decoded from attempted attack Version: Various versions Tested on: Linux 3.2 use...

AxMan ActiveX fuzzing <== Memory Corruption PoC

Exploit for windows platform in category dos / poc Exploit Title: AxMan ActiveX fuzzing == Memory Corruption PoC Crash : http://imageshack.us/f/217/axman.jpg/ Date: July 28, 2012 Author: coolkaveh email protected Https://twitter.com/coolkaveh Vendor Homepage: http://digitaloffense.net/tools/axman...

Symantec Web Gateway 5.0.2 Blind SQL Injection

!/usr/bin/python Exploit Title: Symantec Web Gateway 5.0.2 blocked.php id parameter Blind SQL Injection Date: Jul 23 2012 Author: muts Version: Symantec Web Gateway 5.0.2 Vendor URL: http://www.symantec.com Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012: Response received from...

Flogr 1.7 Cross Site Scripting

Exploit Title : Flogr V1.7 Xss Vulnerability Author : Iranian Security & Research Team Discovered By : Nafsh Home : sec-lab.ir Contact : research at sec-lab dot ir Date : 23/1/2012 - 16:00 Source : www.flogr.googlecode.com DorK : inurl:"tag=" "powered by flogr v1.7" Expl0iTs:...

Webify Link Directory SQL Injection

Exploit Title: Webify Link Directory / SQL Injection Date: 04/07/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Sofware web: http://webify.ws/index.php?page=getapp&id=10 Tested on: Linux Dork: allinurl: index.php?page=browse&id=...

Slimpdf Reader 1.0 Memory Corruption

Exploit for windows platform in category dos / poc Exploit Title: Date: June 24 2012 Exploit Author: Carlos Mario Penagos Hollmann Vendor Homepage: www.investintech.com Version:1.0 Tested on: Windows 7 CVE : cve-2011-4220 payload ="A"10000 crash="startxref" pdf=payload+crash filename =...

Ezhometech Ezserver 6.4 Stack Overflow

Exploit Title: Ezhometech EzServer =6.4 Stack Overflow Vulnerability Author: modpr0be Contact: researchatSpenteradotcom Platform: Windows Tested on: Windows XP SP3 OptIn, Windows 2003 SP2 OptIn Software Link: http://www.ezhometech.com/buyezserver.htm References:...

WordPress Plugin Omni Secure Files 0.1.13 - Arbitrary File Upload

WordPress Plugin Omni Secure Files 0.1.13 - Arbitrary File Upload Exploit Title: Wordpress Omni-secure-files 0.1.13 Arbitrary File Upload Google Dork: inurl:wp-content/plugins/omni-secure-files/ Date: 07/06/2012 Exploit Author: Adrien Thierry Vendor Homepage: http://omni-secure.com/ Software Link...

SN News 1.2 - &#039;visualiza.php&#039; SQL Injection

\n"; echo "Example:\n"; echo "php $argv0 http://www.website.com/snnews\n"; exit; $target = $argv1; ifsubstr$target, strlen$target-1!="/" $target .= "/"; $inject = $target . "visualiza.php?id=-0'%20"; $token = uniqid; $tokenhex = hex$token; echo " Trying to get informations...\n"; $infos =...

Results Unlimited CMS SQL Injection

Exploit Title : results-unlimited Cms Sql Injection Vulnerabilities Author : IrIsT Security Team - Security7 Security Team Discovered By : Am!r Home : http://IrIsT.Ir - http://Security7.Ir Software Link : http://www.results-unlimited.com/ Security Risk : High Version : All Version Tested on :...

AnvSoft Any Video Converter 4.3.6 Unicode Buffer Overflow

Exploit for windows platform in category local exploits Exploit Title: AnvSoft Any Video Converter 4.3.6 unicode buffer overflow. Software Link: http://www.any-video-converter.com Version: 4.3.6 Tested on: Win XP SP3 French trigger the bug : generate the .reg file, execute it, and then open the a...

eLearning Server 4G Remote File Inclusion / SQL Injection

Exploit Title: eLearning Server Multiple Remote Vulnerabilities Google Dork: intitle:"eLearning Server" Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link: http://www.hypermethod.ru/ Version: 4G Tested on: Microsoft Windows news.php4 "nid" SQL...

PHP Enter Code Injection

Exploit Title : Php Enter Php Code Injection Author : IrIsT.Ir & Sec4Ever.com Discovered By : L3b-r1'z Home : http://IrIsT.Ir & http://Sec4Ever.com P Blob : http://L3b-r1z.com/ Software Link : http://www.phpenter.net/ Security Risk : High Version : beta Tested on : win\XP Dork : allintext: "Power...