Curfew e-Pass Management System 1.0 SQL Injection Vulnerability

Curfew e-Pass Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to gh1mau. Exploit Title: Curfew e-Pass Management System 1.0 Multiple SQL Injection Vulnerabilities Exploit Author: Mucahit...

UBICOD Medivision Digital Signage 1.5.1 CSRF Add Super Admin

Summary Medivision is a service that provides everything from DID operation to development of DID Digital Information Display optimized for hospital environment and production of professional contents, through DID product installation, image, video content planning, design work, and remote contro...

squarelovin.com Cross Site Request Forgery vulnerability

Open Bug Bounty ID: OBB-1164939 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Dotclear 2.9.1 Directory Download

Dotclear 2.9.1 Directory Download Vulnerability + Software: https://dotclear.org/ + Author: Wiswat Aswamenakul + Affected version: only tested on 2.9.1 previous version might be affected + Platform: tested on Ubuntu 14.04, PHP 5.5.9 + Description Authenticated users with media manager access...

Dotclear 2.9.1 Shell Upload

Dotclear 2.9.1 Malicious File Upload Restriction Bypass + Software: https://dotclear.org/ + Author: Wiswat Aswamenakul + Affected version: only tested on 2.9.1 previous version might be affected + Platform: tested on Ubuntu 14.04, PHP 5.5.9 + Description Dotclear has a feature to upload files in...

Zenario CMS 7.0.7c Remote Code Execution Vulnerability

Zenario CMS versions 7.0.7c and 7.1.0 and below suffer from a remote code execution vulnerability. Zenario CMS 7.0.7c Remote Code Execution Vulnerability Vendor: Tribal Ltd. Product web page: http://www.zenar.io Affected version: = 7.0.7c and 7.1.0 svn Summary: Zenario is a web-based content...

Zenario CMS 7.0.7c Remote Code Execution Vulnerability

Summary Zenario is a web-based content management system for sites with one or many languages. It's designed to grow with your site, adding extranet, online database and custom functionality when you need it. Description The vulnerability is caused due to the improper verification of uploaded fil...

PHP 5.5.9 - zend_executor_globals CGIMode FPM WriteProcMemFile Disable Functions Bypass Load Dynamic Library

PHP 5.5.9 - zendexecutorglobals CGIMode FPM WriteProcMemFile Disable Functions Bypass Load Dynamic Library ?php // EDB Note: Paper https://www.exploit-db.com/docs/english/38104-shoot-zendexecutorglobals-to-bypass-php-disablefunctions.pdf errorreporting0x66778899; settimelimit0x41424344;...

Bacula-Web 5.2.10 (joblogs.php, jobid param) - SQL Injection

谷歌搜索：joblogs.php?jobid= 案例：http://cep.treslagoas.ms.gov.br/backup/joblogs.php?jobid=23154 D:\sqlmappython sqlmap.py -u http://cep.treslagoas.ms.gov.br/backup/joblogs.php ?jobid=23154 --dbs | | 1.0-dev-nongit-20150806 | -| . | | | .'| . | || |||||,| | || || http://sqlmap.org ! legal disclaimer:...

Wordpress TimThumb 2.8.13 WebShot - Remote Code Execution Exploit

Exploit for php platform in category web applications | | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components...

Multiple WordPress Plugins (TimThumb 2.8.13 / WordThumb 1.07) - 'WebShot' Remote Code Execution

| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Wordpress TimThumb 2.8.13 WebShot Remote Code Execution 0-day Affected website : a lot Wordpress Themes, Plugins, 3rd party components Exploit Author : @u0x Pichaya Morimoto Release dates :...

PHP 'ext/gd/gd.c' gdImageCrop整数符号错误漏洞

CVE ID:CVE-2013-7328 PHP是一种HTML内嵌式的语言。 PHP 'ext/gd/gd.c' gdImageCrop函数存在多个整数符号错误，允许远程攻击者通过调用x或Y维度为负值的imagecrop函数，可使应用程序崩溃或获取敏感信息。 0 PHP 5.5.x PHP 5.5.9已经修复该漏洞，建议用户下载更新： http://php.net...