Joomla! Component AJAX Search for K2 2.2 - SQL Injection

Joomla! Component AJAX Search for K2 2.2 - SQL Injection Exploit Title: Joomla! Component AJAX Search for K2 v2.2 - SQL Injection Google Dork: inurl:index.php?option=comk2ajaxsearch Date: 24.02.2017 Vendor Homepage: http://taleia.software/ Software Buy:...

Joomla Topics 1.6 SQL Injection

@@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@...

Tater - A PowerShell implementation of the Hot Potato Windows Privilege Escalation Exploit

Tater is a PowerShell implementation of the Hot Potato Windows Privilege Escalation exploit. Included In p0wnedShell - https://github.com/Cn33liz/p0wnedShell PowerShell Empire - https://github.com/PowerShellEmpire/Empire PSAttack - https://github.com/jaredhaight/psattack Functions Invoke-Tater Th...

Justdial Clone Script - Authentication Bypass

Justdial Clone Script - Authentication Bypass Vulnerability: SQL Injection + Authentication Bypass Date: 18.01.2017 Vendor Homepage: http://www.scriptgiant.com/ Script Name: Justdial Clone Script Script Buy Now: http://www.popularclones.com/products/Justdial-Directory Author: Ihsan Sencan Author...

MC Smart Shop Script - SQL Injection Vulnerability

Exploit for php platform in category web applications Vulnerability: SQL Injection Web Vulnerability Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Smart Shop Script Script Buy Now: http://microcode.ws/product/mc-smart-shop-php-script/3855 Author: İhsan Şencan Author Web:...

Million Pixels 3 - Authentication Bypass

Million Pixels 3 - Authentication Bypass Vulnerability: Authentication Bypass Date: 16.01.2017 Vendor Homepage: http://e-topbiz.com/ Script Name: Million Pixels 3 Script Buy Now: http://www.e-topbiz.com/oprema/pages/millionpixels3.php Author: İhsan Şencan Author Web: http://ihsan.net Mail :...

Article Directory Script Seo 3.2 - Improper Access Restrictions

Article Directory Script Seo 3.2 - Improper Access Restrictions Vulnerability: Improper Access Restrictions Date: 15.01.2017 Vendor Homepage: http://www.e-soft24.com/ Script Name: Article Directory Script Seo Script Version: V3.2 Script Buy Now:...

Malware exploit: Vertexnet

Type: Flood Bots Author: Xylitol !/usr/bin/perl VertexNet v1.1.1 Flood Bots http://www.virustotal.com/file-scan/report.html?id=fd373a8f4adf29001d282b963f126f760afcf3e58117f6024b2d65a36d41f617-1305491791 Xyl2k! :þ use HTTP::Request; use LWP::UserAgent; $URL = "http://localhost/Panel/adduser.php";...

Malware exploit: Spyeye

Wikipedia Type: SQLi http://localhost/frmboa-grabbersub.php?dt=11%2F11%2F1998...

Malware exploit: Zeus

Zeus & Zeus Evo Wikipedia Type: SQLi Vuln: http://localhost/gate.php?ip=8.8.8.8...

Malware exploit: Solar

SQL injection. localhost/index.php POSTDATA i=1881&p=80&u=8302&h=282&s=AUD...

Malware exploit: Gorynch\diamond

Gorynch\diamond Type: File Upload Vulnerability Author: Xylitol Gorynych v4.2.0.257- File Upload Vulnerability Gorynych/DiamondFox v4.2.0.257 - File Upload Vulnerability File naming convention: file.log.php go to logs/dump/file.log.php file.jpg.php go to logs/scr/file.jpg.php file.LOG.php go to...

Malware exploit: Dendroid

Type: Remote Code Execution Author: Xylitol import requests Add URL Set a PHP payload Go to http://website/config.php URL = 'http://localhost/Panel/applysettings.php' PAYLOAD = "isset$GET'tapz' ? eval$GET'tapz' : '" data = 'dbhost' : 'localhost', 'dbname' : 'dendroid', 'dbusername' : 'root',...

My Private Tutor Website Script - Authentication Bypass

My Private Tutor Website Script - Authentication Bypass Vulnerability: Admin Login Bypass & SQLi Date: 13.01.2017 Vendor Homepage: http://scriptfirm.com/ Script Name: Professional Service Booking Script Script Buy Now: My Private Tutor Website Author: İhsan Şencan Author Web: http://ihsan.net Mai...

Online Food Delivery 2.04 - Authentication Bypass

Vulnerability: Online Food Delivery v2.04 Authentication bypass Date: 12.01.2017 Software link: http://itechscripts.com/food-delivery/ Demo: http://restaurant.itechscripts.com Price: 49$ Category: webapps Exploit Author: Dawid Morawski Website: http://www.morawskiweb.pl Contact:...

Chrome OS exploit: one byte overflow and symlinks

The following article is an guest blog post from an external researcher i.e. the author is not a Project Zero or Google researcher. This post is about a Chrome OS exploit I reported to Chrome VRP in September. The Project Zero folks were nice to let me do a guest post about it, so here goes. The...

Malware exploit: Filestealer 1.3

FileStealer v1.3 Type: Upload vulnerability Author: Xylitol !-- FileStealer v1.3 panel upload vulnerability -- !-- Panel hash: be19e93878130b2f57d42d4dcf5ffcf0 -- form method="POST" action="http://localhost/panel/up.php" enctype="multipart/form-data" File: input type="file" name="file" / br / HWI...

Malware exploit: Vertexnet V1.1.1

Type: Flood Bots Author: Xylitol !/usr/bin/perl VertexNet v1.1.1 Flood Bots http://www.virustotal.com/file-scan/report.html?id=fd373a8f4adf29001d282b963f126f760afcf3e58117f6024b2d65a36d41f617-1305491791 Xyl2k! :þ use HTTP::Request; use LWP::UserAgent; $URL = "http://localhost/Panel/adduser.php";...

UBUNTU-CVE-2016-9774

The postinst script in the tomcat6 package before 6.0.45+dfsg-1deb7u4 on Debian wheezy, before 6.0.35-1ubuntu3.9 on Ubuntu 12.04 LTS and on Ubuntu 14.04 LTS; the tomcat7 package before 7.0.28-4+deb7u8 on Debian wheezy, before 7.0.56-3+deb8u6 on Debian jessie, before 7.0.52-1ubuntu0.8 on Ubuntu...

DLA-706-1 python-django - security update

Bulletin has no description...