18 matches found
Event Registration System with QR Code 1.0 - Authentication Bypass / Remote Code Execution Exploit
Exploit Title: Event Registration System with QR Code 1.0 - Authentication Bypass & RCE Exploit Author: Javier Olmedo Vendor: Sourcecodester Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/event0.zip Affected Version: 1.0 Category: WebApps Platform: PHP Tested...
Joplin Desktop 1.0.184 - Cross-Site Scripting
Exploit Title: Joplin Desktop 1.0.184 - Cross-Site Scripting Exploit Author: Javier Olmedo Date: 2020-02-27 Vendor: Laurent Cozic Software Link: https://github.com/laurent22/joplin/archive/v1.0.184.zip Affected Version: 1.0.184 and before Patched Version: 1.0.185 Category: Remote Platform: Window...
Joplin Desktop 1.0.184 - Cross-Site Scripting
Joplin Desktop 1.0.184 - Cross-Site Scripting Exploit Title: Joplin Desktop 1.0.184 - Cross-Site Scripting Exploit Author: Javier Olmedo Date: 2020-02-27 Vendor: Laurent Cozic Software Link: https://github.com/laurent22/joplin/archive/v1.0.184.zip Affected Version: 1.0.184 and before Patched...
XMLBlueprint 16.191112 - XML External Entity Injection
XMLBlueprint 16.191112 - XML External Entity Injection Exploit Title: XMLBlueprint 16.191112 - XML External Entity Injection Exploit Author: Javier Olmedo Date: 2018-11-14 Vendor: XMLBlueprint XML Editor Software Link: https://www.xmlblueprint.com/update/download-64bit.exe Affected Version:...
XMLBlueprint 16.191112 - XML External Entity Injection Vulnerability
Exploit Title: XMLBlueprint 16.191112 - XML External Entity Injection Exploit Author: Javier Olmedo Vendor: XMLBlueprint XML Editor Software Link: https://www.xmlblueprint.com/update/download-64bit.exe Affected Version: 16.191112 and before Patched Version: unpatched Category: Local Platform: XML...
XMLBlueprint 16.191112 - XML External Entity Injection
Exploit Title: XMLBlueprint 16.191112 - XML External Entity Injection Exploit Author: Javier Olmedo Date: 2018-11-14 Vendor: XMLBlueprint XML Editor Software Link: https://www.xmlblueprint.com/update/download-64bit.exe Affected Version: 16.191112 and before Patched Version: unpatched Category:...
Easy XML Editor 1.7.8 - XML External Entity Injection
Easy XML Editor 1.7.8 - XML External Entity Injection Exploit Title: Easy XML Editor 1.7.8 - XML External Entity Injection Exploit Author: Javier Olmedo Date: 2018-11-21 Vendor: Richard Wuerflein Software Link: https://www.edit-xml.com/EasyXMLEditor.exe Affected Version: 1.7.8 and before Patched...
Easy XML Editor 1.7.8 - XML External Entity Injection Vulnerability
Exploit Title: Easy XML Editor 1.7.8 - XML External Entity Injection Exploit Author: Javier Olmedo Vendor: Richard Wuerflein Software Link: https://www.edit-xml.com/EasyXMLEditor.exe Affected Version: 1.7.8 and before Patched Version: unpatched Category: Local Platform: XML Tested on: Windows 10...
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Exploit Author: Javier Olmedo Website: https://www.sidertia.com Google Dork: N/A Vendor: https://www.phpservermonitor.org/ Software Link:...
Ticketly 1.0 - kind_id SQL Injection
Ticketly 1.0 - kindid SQL Injection Exploit Title: Ticketly 1.0 – Multiple SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link:...
Ticketly 1.0 - kind_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Ticketly 1.0 – Multiple SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link:...
Ticketly 1.0 - name SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Ticketly 1.0 – 'name' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Vendor: Abisoft https://abisoftgt.net Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql...
Ticketly 1.0 - 'name' SQL Injection
Exploit Title: Ticketly 1.0 – 'name' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql Affected Version: 1...
Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)
Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link:...
Ticketly 1.0 Cross Site Request Forgery
Exploit Title: Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql...
WordPress Export Users to CSV plugin <= 1.1.1 - CSV Injection vulnerability
CSV Injection vulnerability found by Javier Olmedo in WordPress Export Users to CSV plugin versions = 1.1.1. Solution 2018.09.01 - we were unable to find a patched version of this plugin...
Sentrifugo HRMS 3.2 - deptid SQL Injection Vulnerability
Exploit for windows platform in category web applications Exploit Title: Sentrifugo HRMS 3.2 - 'deptid' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version: 3.2 and possibly...
WordPress All In One Favicon plugin <= 4.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities
Multiple Stored Authenticated Cross-Site Scripting XSS vulnerabilities found by Javier Olmedo in WordPress All In One Favicon plugin versions = 4.6. Solution This plugin was closed on July 13, 2018 and is no longer available for download. Deactivate and delete asap...