Hindu Matrimonial Script - Authentication Bypass

Vulnerability:: Admin Login Bypass & SQLi + Add/Edit Date: 13.01.2017 Vendor Homepage: http://www.phpmatrimonialscript.in/ Script Name: Hindu Matrimonial Script Script Buy Now: http://www.phpmatrimonialscript.in/product/hindu-matrimonial-script/ Author: İhsan Şencan Author Web: http://ihsan.net...

Palo Alto Networks PanOS appweb3 - Stack Buffer Overflow Vulnerability

Exploit for linux platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=908 Palo Alto Networks have published a fix for this issue: http://securityadvisories.paloaltonetworks.com/Home/Detail/68 PanOS uses a modified version of the appweb3 embedded...

Palo Alto Networks PanOS - appweb3 Stack Buffer Overflow

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=908 Palo Alto Networks have published a fix for this issue: http://securityadvisories.paloaltonetworks.com/Home/Detail/68 PanOS uses a modified version of the appweb3 embedded webserver, it's used for a variety of tasks and is...

Rate-Me PHP Script 1.0 Cross Site Scripting

Exploit Title: Rate-Me PHP Script Persistent Cross Site Scripting Disclosure Date: 11/11/2016 Exploit Author: Boumediene KADDOUR a.k.a Sh311c0d3r Version: 1.0 Application website: https://www.phpjabbers.com/free-rate-me-script/ CVE : N/A Vulnerability Details: ===================== Rate-me php...

Arbitrary file upload vulnerability in earcms uplog.php

Ear Music Ear Music is an interface using Discuz backend style and UCHome user center style combined with the core by the high-speed template engine and caching mechanism and other frameworks coexist PHP open source music system. earcms uplog.php arbitrary file upload vulnerability , attackers ca...

CloudShare 1.6 Shell Upload

======================================================================== | Title : CloudShare v1.6 Shell upload vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : v1.6 | Vendor :...

Drupal coder module presence unauthenticated remote code execution vulnerability-vulnerability warning-the black bar safety net

! In a review of the coder module secure code when I'm on Drupal Security Advisory SA-CONTRIB-2 0 1 6 years-0 3 9 found that an unauthenticated remote code execution vulnerability. The vulnerability affects Drupal coder module version including 7. the x - 1.3 and 7. x -2.6 all of the following...

EyeLock nano NXT 3.5 - Local File Disclosure

EyeLock nano NXT 3.5 Local File Disclosure Vulnerability Vendor: EyeLock, LLC Product web page: http://www.eyelock.com Affected version: NXT Firmware: 3.05.1193 ICM: 3.5.1 NXT Firmware: 3.04.1108 ICM: 3.4.13 NXT Firmware: 3.03.944 ICM: 3.3.2 NXT Firmware: 3.01.646 ICM: 3.1.13 Platform: Hardware...

NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access

Exploit for php platform in category web applications NUUO Backdoor stronguser.php Remote Shell Access Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: fileD...

Open Source Real Estate Script 3.6.0 SQL Injection

Exploit Title: real-estate classified script Sql Injection Date: 2015-05-29 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.phpscriptsmall.com/product/open-source-real-estate-script/ Version: 3.6.0 Exploit :...

PHP Realestate Script Script 4.9.0 - SQL Injection

PHP Realestate Script Script 4.9.0 - SQL Injection Exploit Title: Property Agent RealeState Script Sql Injection Date: 2015-05-27 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.phpscriptsmall.com/product/php-realestate-script/ Version: 4.9.0...

GLPI 0.90.2 SQL Injection

Advisory ID: HTB23301 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.90.2 and probably prior Tested Version: 0.90.2 Advisory Publication: April 8, 2016 without technical details Vendor Notification: April 8, 2016 Vendor Patch: April 11, 2016 Public Disclosure: April 29, 2016 Vulnerability...

SQL Injection in GLPI

High-Tech Bridge Security Research Lab discovered a high-risk SQL injection vulnerability in a popular Information Resource Manager IRM system GLPI. IRM systems are usually used for management and audit of software packages, providing ITIL-compliant service desk. The vulnerability allows remote...

Wordpress-Exploit-Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command prompt / terminal in...

Analyzing Linux Malware Sandbox: Limon

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect the Linux malware before execution, during execution, and after execution post-mortem analysis by...

iScripts EasyCreate 3.0 - Remote Code Execution

iScripts EasyCreate 3.0 - Remote Code Execution !C:/Python27/python.exe -u iScripts EasyCreate 3.0 Remote Code Execution Exploit Vendor: iScripts.com Product web page: http://www.iscripts.com Affected version: 3.0 Summary: iScripts EasyCreate is a private label online website builder. This softwa...

CVE-2015-8279

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script...

Design/Logic Flaw

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script...

CVE-2015-8279

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script...

Wirecard Checkout Page 1.0 Price Manipulation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Advisory ID: SYSS-2015-061 Product: Wirecard Checkout Page Manufacturer: Wirecard AG Affected Versions: 1.0 Tested Versions: 1.0 Vulnerability Type: Improper Validation of Integrity Check Value CWE-354 Risk Level: High Solution Status: Fixed...