Neo Billing 3.5 Cross Site Scripting

Exploit Title: Neo Billing 3.5 - Stored Cross Site Scripting Vulnerability Date: 18.8.2019. Exploit Author: n1x MS-WEB Vendor Homepage: https://codecanyon.net/item/neo-billing-accounting-invoicing-and-crm-software/20896547 Version: 3.5 CWE : CWE-79 Description Neo Billing os an accounting,...

Neo Billing 3.5 - Persistent Cross-Site Scripting

Neo Billing 3.5 - Persistent Cross-Site Scripting Exploit Title: Neo Billing 3.5 - Stored Cross Site Scripting Vulnerability Date: 18.8.2019. Exploit Author: n1x MS-WEB Vendor Homepage: https://codecanyon.net/item/neo-billing-accounting-invoicing-and-crm-software/20896547 Version: 3.5 CWE : CWE-7...

DEBIAN-CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

AZL-44598 CVE-2019-13464 affecting package mod_security_crs 3.0.0-11

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

UBUNTU-CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

FaceSentry Access Control System 6.4.8 - Remote Root Exploit

Exploit for hardware platform in category web applications !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568...

CVE-2019-12744

SeedDMS prior to 5.1.11 is affected by CVE-2019-12744 due to an unvalidated file upload of PHP scripts, enabling Remote Command Execution over the network. The root cause is the upload of PHP-backdoor-like content into documents, allowing execution of arbitrary commands on the server when the upl...

Fiverr Clone Script 1.2.2 - SQL Injection / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: email protected Vendor Homepage: https://www.phpscriptsmall.com Software Link :...

Fiverr Clone Script 1.2.2 Cross Site Scripting / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: email protected Discovery Date: Apr 1, 2019 Vendor Homepage: https://www.phpscriptsmall.com Software Link :...

Fiverr Clone Script 1.2.2 Cross Site Scripting / SQL Injection

Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: Apr 1, 2019 Vendor Homepage: https://www.phpscriptsmall.com Software Link : https://www.phpscriptsmall.com/product/fiverr-clone-scrip...

Classified Ad Lister 2.0 Arbitrary File Upload

=========================================================================================== Exploit Title: Classified Ad Lister v2.0 - 'uploads' Arbitrary File Upload Dork: N/A Date: 25-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.netartmedia.net/adlister Software Link:...

Classified Ad Lister 2.0 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: Classified Ad Lister v2.0 - 'uploads' Arbitrary File Upload Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

phpMussel - PHP-based Anti-Virus Anti-Trojan Anti-Malware Solution

phpMussel is an ideal solution for shared hosting environments, where it's often not possible to utilize or install conventional anti-virus protection solutions, phpMussel is a PHP script designed to detect trojans, viruses,malware and other threats within files uploaded to your system wherever t...

CVE-2019-9604

PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery CSRF for Edit Profile actions...

CVE-2018-20643

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory...

CVE-2018-20635

PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory...