CVE-2026-5294

The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a nopriv AJAX route allowing attacker-controlled model/function dispatch and reaching a plugin installer helper that downloads and unzips attacker-supplied ZIP files...

englishgeeks.ru Improper Access Control vulnerability OBB-2199968

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

twins-com.com Cross Site Scripting vulnerability OBB-1277582

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

thealphabetsoup.com Cross Site Scripting vulnerability OBB-1277536

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

hentaipro.net Cross Site Scripting vulnerability OBB-1260912

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

damien-poyard.fr Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1108941 Security Researcher geeknik Helped patch 8729 vulnerabilities Received 8 Coordinated Disclosure badges Received 20 recommendations , a holder of 8 badges for responsible and coordinated disclosure, found a security vulnerability affecting damien-poyard.fr website a...

A week in security (May 28 – June 3)

Last week on Labs, we talked about the significance of SEO poisoning in the world of search marketing, blackmail attempts against financial institutions in Canada, voice command flaws in smart assistants, survey and potential phishing scams on Instagram, and the latest changes in Office 365. We...

A conversation with America Geeks

Thanks to NeeP for contributing significant research. You can check out NeeP's YouTube channel here. Malwarebytes has written quite a bit about tech support scammers, typically focusing on new scam techniques as they arise with new threat actor groups. But sometimes our research discovers scammer...

Wordpress endlesshorizon theme - Arbitrary file download Vulnerability

Exploit for php platform in category web applications -===================­====================­=================- Exploit title : Wordpress endlesshorizon theme - Arbitrary file download author : MrSqar Yemeni hacker Team : IT-Geeks Tested on : BackBox linux check if site is vulnerabe :...

Wordpress cafesalivation theme - Arbitrary file download Vulnerability

Exploit for php platform in category web applications -===================­====================­=================- Exploit title : Wordpress cafesalivation theme - Arbitrary file downloadliberator author : MrSqar Yemeni hacker Team : IT-Geeks Tested on : BackBox linux check if site is vulnerabe :...

Wordpress duena theme - Arbitrary file download Vulnerability

Exploit for php platform in category web applications -===================­====================­=================- Exploit title : Wordpress duena theme - Arbitrary file download author : MrSqar Yemeni hacker Team : IT-Geeks Tested on : BackBox linux check if site is vulnerabe :...

Wordpress newspro2891 theme - Arbitrary file download Vulnerability

Exploit for php platform in category web applications -===================­====================­=================- Exploit title : Wordpress newspro2891 theme - Arbitrary file download author : MrSqar Yemeni hacker Team : IT-Geeks dork : inurl:/wp-content/themes/newspro2891 Tested on : BackBox...

Wordpress liberator theme - Arbitrary file download Vulnerability

Exploit for php platform in category web applications -===================­====================­=================- Exploit title : Wordpress liberator theme arbitrary file download author : MrSqar Yemeni hacker Team : IT-Geeks Tested on : BackBox linux check if site is vulnerabe :...

Boonex Dolphin 7.3.2 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title : Boonex Dolphin all versoin array This will allow the attacker to bypass the authentication and can also enter in admin panel. Independent Pakistani Security Researcher 0day.today 2018-02-15...

Sam Spade 1.14 - S-Lang Command Field SEH Overflow Exploit

Exploit for windows platform in category dos / poc !/usr/bin/env python Exploit Title : Sam Spade 1.14 S-Lang Command Field SEH Overflow Crash PoC Discovery by : Nipun Jaswal Email : email protected Discovery Date : 12/11/2015 Vendor Homepage : http://samspade.org Software Link :...

Sam Spade 1.14 - (Crawl website) Buffer OverFlow Exploit

Exploit for windows platform in category local exploits Exploit Title : Sam Spade 1.14 - Buffer OverFlow Date : 10/30/2015 Exploit Author : MandawCoder Contact : email protected Vendor Homepage : http://samspade.org Software Link : http://www.majorgeeks.com/files/details/samspade.html Version :...

Concrete5 <= 5.4.2.1 - Multiple Vulnerabilities

No description provided by source. Exploit Title: Concrete5 = 5.4.2.1 SQL Injection and XSS Vulnerabilities Date: 2011-10-04 Author: Ryan Dewhurst ryandewhurst at gmail @ethicalhack3r www.ethicalhack3r.co.uk Software Link: http://sourceforge.net/projects/concretecms/files/concrete5/5.4.2.1/...

Web Cookbook - Multiple SQL Injection Vulnerabilities

No description provided by source. Exploit Title: Web Cookbook Multiple SQL Injection Date: 2013/3/12 Exploit Author: Saadat Ullah ? [email protected] Software Link: http://sourceforge.net/projects/webcookbook/ Author HomePage: http://security-geeks.blogspot.com/ Tested on: Server:...

ParsBlogger (blog.asp wr) - Remote SQL Injection Vulnerability

No description provided by source. -------------------------------------------------------------------------------------------------------------------- Script : ParsBlogger Version : ! Link : http://www.parsblogger.com Dork : Powered by ParsBlogger Author : BorN To K!LL TeaM : Security Geeks...

Web Cookbook SQL Injection

Exploit Title: Web Cookbook Multiple SQL Injection Date: 2013/3/12 Exploit Author: Saadat Ullah ， [email protected] Software Link: http://sourceforge.net/projects/webcookbook/ Author HomePage: http://security-geeks.blogspot.com/ Tested on: Server: Apache/2.2.15 Centos PHP/5.3.3 SQL...