XPL-SEARCH - Search Exploits In Multiple Exploit Databases

XPL SEARCH Search exploits in multiple exploit databases! Exploit databases available: Exploit-DB MIlw0rm PacketStormSecurity IntelligentExploit IEDB CVE TO RUN THE SCRIPT PHP Version cli 5.5.8 or higher php5-cli Lib cURL support Enabled php5-curl Lib cURL Version 7.40.0 or higher allowurlfopen O...

TeamSpeak Client <= 3.0.18.1 - RFI to RCE Exploit

Exploit for windows platform in category remote exploits Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac OS X and Linux...

TeamSpeak Client 3.0.18.1 - Remote File Inclusion / Remote Code Execution

Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client / 0x6FB30B11 my pgp keyid Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - 3.0.18.1 Platforms: Windows, Mac OS X and Linux Exploitation: Remote Risk : Very High ========= The Bug...

Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution

Dream CMS 2.3.0 CSRF Add Extension And File Upload PHP Code Execution/t...

Kirby CMS 2.1.0 - Cross-Site Request Forgery Content Upload PHP Script Execution

Kirby CMS 2.1.0 - Cross-Site Request Forgery Content Upload PHP Script Execution ============================================= - Release date: 14.09.2015 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- Kirby...

Kirby CMS 2.1.0 - Cross-Site Request Forgery / Content Upload / PHP Script Execution

============================================= - Release date: 14.09.2015 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- Kirby CMS = 2.1.0 CSRF Content Upload and PHP Script Execution II. BACKGROUND...

CVE-2015-6548

Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway SWG appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2015-6548

CVE-2015-6548 is part of multiple vulnerabilities affecting Symantec Web Gateway (SWG) management console on appliances running software before 5.2.2 with DB 5.0.0.1277. The connected documents confirm a concrete SQL injection issue in the edit_alert.php script that allows an authenticated, remot...

Weevely3 - Weaponized Web Shell

Weevely is a command line web shell dynamically extended over the network at runtime designed for remote administration and pen testing. It provides a weaponized telnet-like console through a PHP script running on the target, even in restricted environments. The low footprint agent and over 30...

Kirby CMS multi-vulnerability analysis-vulnerability warning-the black bar safety net

Kirby CMS is an easy to use, easy to install and setup is very flexible CMS system, no database support, the use of file system storage. Support Markdown grammar, templates and plug-ins. Vulnerability details In Kirby CMS found two vulnerabilities: 1. By path traversal authentication bypass 2. Th...

Security researcher exposure FireEye core product 0day vulnerabilities-vulnerability warning-the black bar safety net

Recently, researchers Kristian Erik Hermansen from the FireEye core product found a 0day vulnerability will result in unauthorized file disclosure. He also provides a short trigger vulnerability of the examples and the user database file copy. In addition, he also disclosed selling three other...

Alibaba Clone B2B Marketplace Script Shell Upload Vulnerability

Alibaba Clone B2B Marketplace Script Shell Upload Vulnerability All Versions Usage Info Usage:alibaba.php host shell-file.php Ex:alibaba.php www.example.com c99.php Test : php alibaba.php tibastore.com c99.php php alibaba.php hechoenmexicob2b.com c99.php $val $data .= "--$boundary\n"; $data .=...

FreiChat 9.6 - SQL Injection

/ Exploit Title: FreiChat 9.6 SQL Injection Date: 27-11-2014 Software Link: http://codologic.com/page/freichat-free-php-chat-script-software Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description $GET'time' is no...

phpSFP 'remember me()' function SQL Injection Vulnerability

phpSFP is a PHP script for adding website content and sharing it on Facebook pages and admin groups. A SQL injection vulnerability exists in phpSFP, which allows remote attackers to exploit the vulnerability to submit specially crafted SQL queries to manipulate or obtain database data...

WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting Cross-Site Request Forgery Arbitrary File Upload Vulnerabilities

WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting Cross-Site Request Forgery Arbitrary File Upload Vulnerabilities Exploit Title: Multiple Persistent XSS & CSRF & File Upload on Ultimate Product Catalogue 3.1.2 Google Dork: inurl:"SingleProduct"...

Ultimate Product Catalogue <= 3.1.4 - Multiple Vulnerabilities

Product Name and Description and File Upload formulary of plugin Ultimate Product Catalog lacks of proper CSRF protection and proper filtering. Allowing an attacker to alter a product presented to a customer or the wordpress administrators and insert XSS in his product name and description. It al...

WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross-Site Request Forgery / Arbitrary File Upload Vulnerabilities

Exploit Title: Multiple Persistent XSS & CSRF & File Upload on Ultimate Product Catalogue 3.1.2 Google Dork: inurl:"SingleProduct" intext:"Back to catalogue" intext:"Category", inurl:"/wp-content/plugins/ultimate-product-catalogue/product-sheets/" Date: 22/04/2015 Exploit Author: Felipe Molina de...

[SECURITY] Fedora 22 Update: yourls-1.7-3.20150410gitabc7d6c.fc22

YOURLS is a small set of PHP scripts that will allow you to run your own URL shortening service a la TinyURL. You can make it private or public, you can pick custom keyword URLs, it comes with its own API...

CMS Contenido 4.9.5 Cross Site Scripting

Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Advisory ID: SROEADV-2014-03 Author: Steffen Rösemann Affected Software: CMS Contenido 4.9.x-4.9.5 Release: 10th Dec 2014 Vendor URL: http://www.contenido.org/de/ Vendor Status: fixed CVE-ID: - ==========================...

Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities

Document Title: =============== Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1386 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239 CVE-ID: ======= CVE-2014-2239 Release Date:...