Zabbix 3.0.3 SQL Injection

========================================== Title: Zabbix 3.0.3 SQL Injection Vulnerability Product: Zabbix Vulnerable Versions: 2.2.x, 3.0.x Fixed Version: 3.0.4 Homepage: http://www.zabbix.com Patch link: https://support.zabbix.com/browse/ZBX-11023 Credit: 1N3@CrowdShield...

WSO2 SOA Enablement Server Cross Site Scripting

Title: WSO2 SOA Enablement Server - Reflected Cross-Site Scripting Authors: Jakub Pałaczyński, Łukasz Juszczyk Date: 08. April 2016 Affected Software: ============= WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 Probably other versions are also vulnerable. Proof of Concept:...

WordPress User Frontend Plugin < 2.3.11 - Unrestricted Arbitrary File Upload

Exploit for php platform in category web applications ''' Exploit Title: WordPress WP User Frontend Plugin Unrestricted File Upload Discovery Date: 2016-02-04 Public Disclosure: 2016-02-08 Exploit Author: Panagiotis Vagenas Contact: https://twitter.com/panVagenas Vendor Homepage: https://wedevs.c...

WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities

Exploit Title: Albo Pretorio Online 3.2 Multiple Vulnerabilities Google Dork: inurl:/?action=visatto Date: 09/06/2015 Exploit Author: Alessandro Cingolani Vendor Homepage: http://plugin.sisviluppo.info/ Software Link: https://downloads.wordpress.org/plugin/albo-pretorio-on-line.3.2.zip Version: 3...

WordPress Plugin Zero-Day Vulnerability Affects Thousands of Sites

A critical zero-day vulnerability has been discovered in a popular WordPress plugin, called 'FancyBox for WordPress', which is being used by hundreds of thousands of websites running on the most popular Blogging Platform Wordpress. 0-DAY FLAW EXPLOITED IN THE WILD The security researchers at...

Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection Exploit

Symantec Encryption Management Server versions prior to 3.2.0 MP6 suffers from a remote command injection vulnerability. Title: Symantec Encryption Management Server - Remote Command Injection Vendor: Symantec Affected Product: Symantec Encryption Gateway Affected Versions: 3.2.0 MP6 Product...

RedaxScript 2.1.0 - Privilege Escalation Vulnerability

Exploit for php platform in category web applications Exploit Title: Privilege Escalation in RedaxScript 2.1.0 Date: 11-05-2014 Exploit Author: shyamkumar somana Vendor Homepage: http://redaxscript.com/ Version: 2.1.0 Tested on: Windows 8 Privilege Escalation in RedaxScript 2.1.0 RedaxScript 2.1....

RedaxScript 2.1.0 - Privilege Escalation

RedaxScript 2.1.0 - Privilege Escalation ​​​ Exploit Title: Privilege Escalation in RedaxScript 2.1.0 Date: 11-05-2014 Exploit Author: shyamkumar somana Vendor Homepage: http://redaxscript.com/ Version: 2.1.0 Tested on: Windows 8 Privilege Escalation in RedaxScript 2.1.0 RedaxScript 2.1.0 suffers...

Proticaret E-Commerce Script 3.0 - SQL Injection (1)

Proticaret E-Commerce Script 3.0 - SQL Injection 1 Document Title: ============ Proticaret E-Commerce Script v3.0 = SQL Injection Release Date: =========== 13 Nov 2014 Product & Service Introduction: ======================== Proticaret is a free e-commerce script. Abstract Advisory Information:...

Novell Sentinel Log Manager <= 1.2.0.2 - Retention Policy Vulnerability

No description provided by source. Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo Usage: basename $0 target exit 1 fi echo POST...

Invision Power Board <= 3.3.4 unserialize Regex Bypass

No description provided by source. ?php / So this is the patch that sanitizes, static public function safeUnserialize $serialized // unserialize will return false for object declared with small cap o // as well as if there is any ws between O and : if isstring $serialized && strpos $serialized, \...

SkyBlueCanvas CMS 1.1 r248-03 - Remote Command Execution

No description provided by source. Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an easy-to-use Web Content...

Wordpress User Role Editor Plugin 3.12 - CSRF Vulnerability

No description provided by source. Exploit Title: WP User Role Editor CSRF Date: 19/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor Software Link:https://wordpress.org/support/plugin/user-role-edito...

SkyBlueCanvas CMS 1.1 r248-03 Command Injection

Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an easy-to-use Web Content Management System, that makes it...

Synology DSM 4.3-3810 Directory Traversal

Title: Synology DSM multiple directory traversal Version affected: = 4.3-3810 Vendor: Synology Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: patched CVE: 2013-6987 I'm again here with a Synology DSM vulnerability. Synolo...

AjaXplorer 1.0 - Multiple Vulnerabilities

AjaXplorer 1.0 - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2013-027: Multiple Vulnerabilities in AjaXplorer Published: 09/05/13 Version: 1.0 Vendor: AjaXplorer http://ajaxplorer.info Product: AjaXplorer Version affected: 5.0.2 and prior Product description: AjaXplorer is...

AjaXplorer 5.0.2 Shell Upload / Traversal Vulnerability

AjaXplorer versions 5.0.2 and below suffer from remote shell upload and path traversal vulnerabilities. Vendor: AjaXplorer http://ajaxplorer.info Product: AjaXplorer Version affected: 5.0.2 and prior Product description: AjaXplorer is an open source file sharing platform which relies on PHP and t...

SocialEngine 4.5 Shell Upload

INTRODUCTION ------------------------------------------------------------- The plugin has the objective give you a better visual for the user profile, allowed the addition of cover image keeping the layout closest to the style of modern social networks, among other features. + DESCRIPTION OF...

Invision Power Board 1.x / 2.x / 3.x Admin Account Takeover

Invision Power Board IPD versions 1.x, 2.x, and 3.x suffer from an administrative account takeover vulnerability that allows for code execution. IPB Invision Power Board all versions 1.x? / 2.x / 3.x Admin account Takeover leading to code execution Written on : 2013/05/02 Released on : 2013/05/13...

TeamSHATTER Security Advisory: SQL Injection in Oracle EM &#40;Resource Manager&#41; &#40;CVE-2013-0358&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager Resource Manager February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remot...