Roteador Wireless Intelbras WRN150 - Cross-Site Scripting

Roteador Wireless Intelbras WRN150 - Cross-Site Scripting Exploit Title: XSS persistent on intelbras router with firmware WRN 250 Date: 07/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150Mbps - WRN 240 Tested on: kali linux, windows...

Advertiz PHP Script 0.2 Cross Site Request Forgery

Exploit Title: Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Advertiz-PHP-Script--No-Accounts-Required--i-2.html Demo: http://dijiteol.com/demos/advertiz/...

Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link:...

Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)

Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin Exploit Title: Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link:...

Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)

Exploit Title: Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Advertiz-PHP-Script--No-Accounts-Required--i-2.html Demo: http://dijiteol.com/demos/advertiz/...

User Login and Management - Multiple Vulnerabilities

Exploit for php platform in category web applications ----------------------------------------------------------------------------------- | |---------------------------------------------------------------------------------- 1 admin dashboard authentication bypass Description : An Attackers are ab...

User Login and Management - Multiple Vulnerabilities

----------------------------------------------------------------------------------- | |---------------------------------------------------------------------------------- 1 admin dashboard authentication bypass Description : An Attackers are able to completely compromise the web application built...

Smart Chat 1.0.0 - SQL Injection

Smart Chat 1.0.0 - SQL Injection Exploit Title: Smart Chat - PHP Script 1.0.0 - Authentication Bypass Dork: N/A Date: 28.08.2017 Vendor Homepage: http://codesgit.com/ Software Link: https://www.codester.com/items/997/smart-chat-php-script Demo: http://demos.codesgit.com/smartchat/ Version: 1.0.0...

Smart Chat 1.0.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Smart Chat - PHP Script 1.0.0 - Authentication Bypass Dork: N/A Date: 28.08.2017 Vendor Homepage: http://codesgit.com/ Software Link: https://www.codester.com/items/997/smart-chat-php-script Demo:...

Flash Poker 2.0 - game SQL Injection

Flash Poker 2.0 - game SQL Injection Exploit Title: Flash Multiplayer Poker PHP Script 2.0 - SQL Injection Dork: N/A Date: 28.08.2017 Vendor Homepage: http://www.flashpoker.it/ Software Link: https://www.codester.com/items/559/flash-poker-v2-multiplayer-poker-php-script Demo:...

Flash Poker 2.0 - 'game' SQL Injection

Exploit Title: Flash Multiplayer Poker PHP Script 2.0 - SQL Injection Dork: N/A Date: 28.08.2017 Vendor Homepage: http://www.flashpoker.it/ Software Link: https://www.codester.com/items/559/flash-poker-v2-multiplayer-poker-php-script Demo: http://www.flashpoker.it/index/ Version: 2.0 Category:...

Apache2Triad Cross-Site Request Forgery Vulnerability

Apache2Triad is a server software deployment solution for Windows-based platforms. A cross-site request forgery vulnerability exists in Apache2Triad version 1.5.4. A remote attacker can exploit this vulnerability by sending a request to the phpsftpd/users.php file to add or remove user accounts...

REDDOXX Appliance Cross Site Scripting

Advisory: Cross-Site Scripting in REDDOXX Appliance RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details ======= Product: REDDOXX Appliance Affected Versions:...

CVE-2017-11347

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...

Remote code execution

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...

MetInfo 5.3.17 Authenticated Code Execution Vulnerability(CVE-2017-11347)

MetInfo 5.3.17 Authenticated Code Execution Vulnerability Technical Description: We can use the GPC data to register variables in admin/include/common.inc.php: php foreacharray'COOKIE', 'POST', 'GET' as $request foreach$$request as $key = $value $key0 != '' && $$key = daddslashes$value,0,0,1;...

CVE-2017-11347

Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php...

Cross-site Scripting (XSS)

teampass is vulnerable to cross-site scripting XSS. The library does not sanitize input string for the role and labels fields. This allows a malicious user to inject and execute arbitrary php script...

Coppermine Gallery 1.5.44 Directory Traversal

Coppermine Gallery = 1.5.44 directory traversal vulnerability ============================================================== Coppermine is a multi-purpose fully-featured and integrated web picture gallery script written in PHP using GD or ImageMagick as image library with a MySQL backend. A...

Membership Formula - order Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Membership Formula - Best Membership Site PHP Script - SQL Injection Google Dork: N/A Date: 31.03.2017 Vendor Homepage: http://www.zeescripts.com/ Software:...