28 matches found
HikaShop 2.3.3 Local File Inclusion
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'HikaShop - LFI poc for authenticated users', 'Description' = %q HikaShop 2.3.3 is vulnerable to local file include attack...
PHP-CMDB 0.7.3 - Multiple Vulnerabilities
No description provided by source. ============================================================== Title ...| Multiple vulnerabilities in PHP-CMDB Version .| php-cmdb0.7.3 Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| ============================================================== + From...
webERP 4.11.3 (SalesInquiry.php, SortBy param) - SQL Injection Vulnerability
No description provided by source. ============================================================== Title ...| SQL Injection in webERP Version .| 4.11.3 Date ....| 28.02.2014 Found ...| HauntIT Blog Home ....| http://www.weberp.org ==============================================================...
PHP Ticket System Beta 1 (get_all_created_by_user.php, id param) - SQL Injection
No description provided by source. ============================================================== Title ...| PHP Ticket System SQL Injection Version .| BETA1.zip Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| http://sourceforge.net/projects/phpticketsystem/...
Welcart e-Commerce usc-e-shop.1.3.12 XSS / SQL Injection
============================================================== Title ...| SQL Injection in Welcart e-Commerce Version .| usc-e-shop.1.3.12 Date ....| 3.03.2014 Found ...| HauntIT Blog Home ....| http://wordpress.org/plugins/ ==============================================================...
Joomla 3.2.2 Cross Site Scripting
============================================================== Title ...| Persistent pre-auth XSS in Joomla Version .| Joomla 3.2.2 Date ....| 3.03.2014 Found ...| HauntIT Blog Home ....| http://www.joomla.org ==============================================================...
MantisBT 1.2.16 SQL Injection
============================================================== Title ...| MantisBT 1.2.16 Version .| 1.2.16 Date ....| 28.02.2014 Found ...| HauntIT Blog Home ....| http://www.mantisbt.org ============================================================== + for authorized user...
doorGets 6.0 Cross Site Scripting
============================================================== Title ...| doorGets 6.0 Multiple vulnerabilities Version .| doorGets 6.0 Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| http://sourceforge.net ==============================================================...
webERP 4.11.3 - SalesInquiry.php?SortBy SQL Injection
webERP 4.11.3 - SalesInquiry.php?SortBy SQL Injection ============================================================== Title ...| SQL Injection in webERP Version .| 4.11.3 Date ....| 28.02.2014 Found ...| HauntIT Blog Home ....| http://www.weberp.org...
PHP-CMDB 0.7.3 - Multiple Vulnerabilities
PHP-CMDB 0.7.3 - Multiple Vulnerabilities ============================================================== Title ...| Multiple vulnerabilities in PHP-CMDB Version .| php-cmdb0.7.3 Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| ==============================================================...
PHP Ticket System Beta 1 - get_all_created_by_user.php?id SQL Injection
PHP Ticket System Beta 1 - getallcreatedbyuser.php?id SQL Injection ============================================================== Title ...| PHP Ticket System SQL Injection Version .| BETA1.zip Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....|...
EPESI CRM 1.5.5 Cross Site Scripting
============================================================== Title ...| EPESI CRM vulnerable to persistent XSS Version .| epesi-1.5.5-20140113.zip Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| http://epe.si/download ==============================================================...
PHP Ticket System Beta 1 - 'get_all_created_by_user.php?id' SQL Injection
============================================================== Title ...| PHP Ticket System SQL Injection Version .| BETA1.zip Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| http://sourceforge.net/projects/phpticketsystem/ ==============================================================...
VideoWhisper Video Conference Cross Site Scripting
============================================================== Title ...| VideoWhisper Video Conference XSS Version .| Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| ==============================================================...
Open-School Community Edition 2.2 Cross Site Scripting
============================================================== Title ...| Open-School Community Edition 2.2 Version .| osv2.2-CE.zip Date ....| 23.02.2014 Found ...| HauntIT Blog Home ....| http://sourceforge.net ============================================================== + From admin user:...
X2Engine 3.7.3 Cross Site Scripting / Shell Upload / SQL Injection
============================================================== Title ...| Multiple vulnerabilities in X2Engine Version .| X2Engine 3.7.3 Date ....| .02.2014 Found ...| HauntIT Blog Home ....| ============================================================== + For admin logged in...
PHP Calendar 2.0.1 XSS / Information Disclosure
============================================================== Title ...| PHP Calendar Multiple vulnerabilities Version .| php-calendar-2.0.1.zip Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| http://sourceforge.net ============================================================== + As gue...
PHP-CMDB 0.7.3 Cross Site Scripting / SQL Injection
============================================================== Title ...| Multiple vulnerabilities in PHP-CMDB Version .| php-cmdb0.7.3 Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| ============================================================== + From admin logged-in...
Moodle 2.6.1 Cross Site Scripting
============================================================== Title ...| Moodle 2.6.1 Version .| Feb 27 2014 moodle-latest-26.zip Date ....| 27.02.2014 Found ...| HauntIT Blog Home ....| http://download.moodle.org ============================================================== + From admin user:...
WordPress Zedity 2.4.0 Cross Site Scripting
============================================================== Title ...| Zedity XSS Version .| zedity.2.4.0 Date ....| 23.02.2014 Found ...| HauntIT Blog Home ....| http://wordpress.org/plugins/ ==============================================================...