KB Affiliate Referral Script 1.0 - Authentication Bypass

Exploit Title: KB Affiliate Referral PHP Script V1.0 - Authentication Bypass Google Dork: N/A Date: 26.01.2017 Vendor Homepage: http://kunals.com/ Software Download: http://phpscripts.kunals.com/d/item/files/kbaffiliate.rar Demo: http://phpscripts.kunals.com/d/item/detail/affiliate/demo/ Version:...

KB Messages PHP Script 1.0 - Authentication Bypass

Exploit Title: KB Messages PHP Script V1.0 - Authentication Bypass Google Dork: N/A Date: 26.01.2017 Vendor Homepage: http://kunals.com/ Software Download: http://phpscripts.kunals.com/d/item/files/kbmessages.rar Demo: http://phpscripts.kunals.com/d/item/detail/messages/demo/ Version: 1.0 Tested...

Job Site PHP Script 1.1 - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: ICJobSite-Job Site PHP Script - Authentication Bypass Google Dork: N/A Date: 20.01.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Buy: http://www.icloudcenter.com/jobs-site-script.htm Demo:...

Job Site PHP Script 1.1 - Authentication Bypass

Exploit Title: ICJobSite-Job Site PHP Script - Authentication Bypass Google Dork: N/A Date: 20.01.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Buy: http://www.icloudcenter.com/jobs-site-script.htm Demo: http://icloudcenter.net/demos/icjobsite/ Version: 1.1 Tested on: Win7 x64 Explo...

MC Hosting Coupons Cross-Site Request Forgery Vulnerability

MC Hosting Coupons is a PHP script for managing coupons. A cross-site request forgery vulnerability exists in MC Hosting Coupons. An attacker can exploit the vulnerability to trick users into clicking on it to obtain sensitive user information...

MC Buy and Sell Cars Script 1.1 - SQL Injection

Vulnerability: SQL Injection Web Vulnerability Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Buy and Sell Cars Script Script Version: V1.1 Script Buy Now: http://microcode.ws/product/mc-buy-and-sell-cars-php-script/3878 Author: İhsan Şencan Author Web: http://ihsan.net Ma...

Hindu Matrimonial Script - Authentication Bypass

Vulnerability:: Admin Login Bypass & SQLi + Add/Edit Date: 13.01.2017 Vendor Homepage: http://www.phpmatrimonialscript.in/ Script Name: Hindu Matrimonial Script Script Buy Now: http://www.phpmatrimonialscript.in/product/hindu-matrimonial-script/ Author: İhsan Şencan Author Web: http://ihsan.net...

Palo Alto Networks PanOS appweb3 - Stack Buffer Overflow Vulnerability

Exploit for linux platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=908 Palo Alto Networks have published a fix for this issue: http://securityadvisories.paloaltonetworks.com/Home/Detail/68 PanOS uses a modified version of the appweb3 embedded...

Palo Alto Networks PanOS - appweb3 Stack Buffer Overflow

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=908 Palo Alto Networks have published a fix for this issue: http://securityadvisories.paloaltonetworks.com/Home/Detail/68 PanOS uses a modified version of the appweb3 embedded webserver, it's used for a variety of tasks and is...

Rate-Me PHP Script 1.0 Cross Site Scripting

Exploit Title: Rate-Me PHP Script Persistent Cross Site Scripting Disclosure Date: 11/11/2016 Exploit Author: Boumediene KADDOUR a.k.a Sh311c0d3r Version: 1.0 Application website: https://www.phpjabbers.com/free-rate-me-script/ CVE : N/A Vulnerability Details: ===================== Rate-me php...

Arbitrary file upload vulnerability in earcms uplog.php

Ear Music Ear Music is an interface using Discuz backend style and UCHome user center style combined with the core by the high-speed template engine and caching mechanism and other frameworks coexist PHP open source music system. earcms uplog.php arbitrary file upload vulnerability , attackers ca...

CloudShare 1.6 Shell Upload

======================================================================== | Title : CloudShare v1.6 Shell upload vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : v1.6 | Vendor :...

Drupal coder module presence unauthenticated remote code execution vulnerability-vulnerability warning-the black bar safety net

! In a review of the coder module secure code when I'm on Drupal Security Advisory SA-CONTRIB-2 0 1 6 years-0 3 9 found that an unauthenticated remote code execution vulnerability. The vulnerability affects Drupal coder module version including 7. the x - 1.3 and 7. x -2.6 all of the following...

EyeLock nano NXT 3.5 - Local File Disclosure

EyeLock nano NXT 3.5 Local File Disclosure Vulnerability Vendor: EyeLock, LLC Product web page: http://www.eyelock.com Affected version: NXT Firmware: 3.05.1193 ICM: 3.5.1 NXT Firmware: 3.04.1108 ICM: 3.4.13 NXT Firmware: 3.03.944 ICM: 3.3.2 NXT Firmware: 3.01.646 ICM: 3.1.13 Platform: Hardware...

NUUO NVRmini 2 3.0.8 - 'strong_user.php' Backdoor Remote Shell Access

Exploit for php platform in category web applications NUUO Backdoor stronguser.php Remote Shell Access Vendor: NUUO Inc. Product web page: http://www.nuuo.com Affected version: fileD...

Open Source Real Estate Script 3.6.0 SQL Injection

Exploit Title: real-estate classified script Sql Injection Date: 2015-05-29 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.phpscriptsmall.com/product/open-source-real-estate-script/ Version: 3.6.0 Exploit :...

PHP Realestate Script Script 4.9.0 - SQL Injection

PHP Realestate Script Script 4.9.0 - SQL Injection Exploit Title: Property Agent RealeState Script Sql Injection Date: 2015-05-27 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://www.phpscriptsmall.com/product/php-realestate-script/ Version: 4.9.0...

GLPI 0.90.2 SQL Injection

Advisory ID: HTB23301 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.90.2 and probably prior Tested Version: 0.90.2 Advisory Publication: April 8, 2016 without technical details Vendor Notification: April 8, 2016 Vendor Patch: April 11, 2016 Public Disclosure: April 29, 2016 Vulnerability...

SQL Injection in GLPI

High-Tech Bridge Security Research Lab discovered a high-risk SQL injection vulnerability in a popular Information Resource Manager IRM system GLPI. IRM systems are usually used for management and audit of software packages, providing ITIL-compliant service desk. The vulnerability allows remote...

Wordpress-Exploit-Framework - A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems

A Ruby framework for developing and using modules which aid in the penetration testing of WordPress powered websites and systems. What do I need to run it? Ensure that you have Ruby 2.2.x installed on your system and then install all required dependencies by opening a command prompt / terminal in...