CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

UBUNTU-CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Exploit for hardware platform in category web applications !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568...

CVE-2019-12744

SeedDMS prior to 5.1.11 is affected by CVE-2019-12744 due to an unvalidated file upload of PHP scripts, enabling Remote Command Execution over the network. The root cause is the upload of PHP-backdoor-like content into documents, allowing execution of arbitrary commands on the server when the upl...

Fiverr Clone Script 1.2.2 - SQL Injection / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: email protected Vendor Homepage: https://www.phpscriptsmall.com Software Link :...

Classified Ad Lister 2.0 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: Classified Ad Lister v2.0 - 'uploads' Arbitrary File Upload Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

Classified Ad Lister 2.0 Arbitrary File Upload

=========================================================================================== Exploit Title: Classified Ad Lister v2.0 - 'uploads' Arbitrary File Upload Dork: N/A Date: 25-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.netartmedia.net/adlister Software Link:...

Fiverr Clone Script 1.2.2 Cross Site Scripting / SQL Injection

Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: Apr 1, 2019 Vendor Homepage: https://www.phpscriptsmall.com Software Link : https://www.phpscriptsmall.com/product/fiverr-clone-scrip...

Fiverr Clone Script 1.2.2 Cross Site Scripting / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: email protected Discovery Date: Apr 1, 2019 Vendor Homepage: https://www.phpscriptsmall.com Software Link :...

phpMussel - PHP-based Anti-Virus Anti-Trojan Anti-Malware Solution

phpMussel is an ideal solution for shared hosting environments, where it's often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses,malware and other threats within files uploaded to your system wherever t...

CVE-2019-9604

PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery CSRF for Edit Profile actions...

CVE-2018-20643

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory...

CVE-2018-20639

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar...

CVE-2018-20635

PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory...

Netartmedia Deals Portal - Email SQL Injection

Netartmedia Deals Portal - Email SQL Injection Exploit Title: Netartmedia Deals Portal - 'Email' SQL Injection Date: 20.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/dealsportal/ Demo Site: https://www.phpscriptdemos.com/deals/i Version: Lastest Tested on:...

Netartmedia PHP Real Estate Agency 4.0 - SQL Injection

Netartmedia PHP Real Estate Agency 4.0 - SQL Injection Exploit Title: Netartmedia PHP Real Estate Agency 4.0 - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/propertyagency/ Demo Site: https://www.phpscriptdemos.com/agency/ Version: 4...

Netartmedia Event Portal 2.0 - Email SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Netartmedia Event Portal 2.0 - 'Email' SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/eventportal/ Demo Site: https://www.phpscriptdemos.com/events/ Version: 2.0...

Netartmedia Event Portal 2.0 SQL Injection

Exploit Title: Netartmedia Event Portal 2.0 - 'Email' SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/eventportal/ Demo Site: https://www.phpscriptdemos.com/events/ Version: 2.0 Tested on: Kali Linux CVE: N/A Description: Event Portal ...