Zechat SQL Injection Vulnerability

Zechat is a PHP-based online chat application script . A SQL injection vulnerability exists in Zechat version 1.5. A remote attacker can exploit this vulnerability to inject SQL commands...

[SECURITY] Fedora 25 Update: mrbs-1.7.0-1.fc25

The Meeting Room Booking System MRBS is a PHP-based application for booking meeting rooms...

IBOS Enterprise Collaboration Management Software actionEdit Function has SQL Injection Vulnerability

IBOS Enterprise Collaboration Management Software is a PHP-based collaborative office management system. IBOS Enterprise Collaboration Management Software actionEdit function is vulnerable to SQL injection. Allow attackers to exploit the vulnerability to obtain database sensitive information...

SquirrelMail Remote Code Execution Vulnerability Patched

Developers behind the PHP-based webmail package SquirrelMail patched a remote code execution vulnerability that could let attackers execute arbitrary commands on the target and compromise the system on Thursday. Dawid Golunski, a researcher with Legal Hackers discovered the vulnerability and...

Critical Moodle Vulnerability Could Lead to Server Compromise

A critical vulnerability in Moodle, an open source PHP-based learning management system deployed across scores of schools and universities, could expose the server its running on to compromise. Tens of thousands of universities worldwide, including the California State University system, the...

Responsive Filemanager 9.11.0 Arbitrary File Disclosure

Exploit Title: Responsive Filemanger = 9.11.0 - Arbitrary File Disclosure/Deletion + Date: 7 Feb 2017 + Vulnerability and Exploit Author: Wiswat Aswamenakul + Vendor Homepage: http://www.responsivefilemanager.com/ + Affected version: only tested on 9.11.0 and 9.7.3 other versions might be...

Grimbb hash disclosure vulnerability

Grimbb is an open source PHP-based flat file electronic publishing version of the system . Grimbb version 1.3 has a hash information leakage vulnerability, the vulnerability stems from unauthorized access to the system's configuration file to store user information, an attacker can use this...

PHPIPAM 1.2.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications PHPIPAM 1.2.1 Multiple Vulnerabilities Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: 06 Sep 2016 Tested Version: phpipam-1.2.1 Latest Version - modified on 2016-02-13 Vendor: http://phpipam.net/ Product URL:...

Not Your Average Banner Grabber: BannerGrab

Not Your Average Banner Grabber BannerGrab is a PHP-based banner-grabber, which not only helps you find juicy response headers but also, fetches subdomains, and scans the site’s plugins/themes/components if the site is running WordPress/Joomla. To get the subdomains, It uses one of the best...

WebCalendar 1.2.7 - Multiple Vulnerabilities

Credits: John Page aka HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WEBCALENDAR-V1.2.7-CSRF-PROTECTION-BYPASS.txt + ISR: ApparitionSec Vendor: ========================== www.k5n.us/webcalendar.php Product: ================== WebCalendar v1.2.7...

eXtplorer 2.1.9 - '.ZIP' Directory Traversal

Exploit for php platform in category web applications / + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EXTPLORER-ARCHIVE-PATH-TRAVERSAL.txt + ISR: apparitionsec Vendor: ============== extplorer.net Product:...

Oliver 1.3.0 / 1.3.1 Cross Site Scripting

Advisory Information Title: Multiple Reflected XSS vulnerabilities in Oliver formerly Webshare v1.3.1 Date published: 2016-15-04 Date of last update: 2014-03-04 Vendors contacted: Oliver formerly Webshare v1.3.1 Discovered by: Rv3Laboratory Research Team Severity: Medium 02. Vulnerability...

Drupal 7.x < 7.43 Multiple Vulnerabilities

Binary data 9220.prm...

Drupal 7.x < 7.38 Multiple Vulnerabilities

Binary data 9217.prm...

ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities

Exploit Title: Multiple persistent XSS in ProjectSend Discovery Date: 2016/02/19 Public Disclosure Date: 2016/03/17 Exploit Author: Michael Helwig Contact: https://twitter.com/c0dmtr1x Project Homepage: http://www.projectsend.org/ Software Link: http://www.projectsend.org/download/108/ Version:...

ProjectSend r582 Cross Site Scripting

Exploit Title: Multiple persistent XSS in ProjectSend Discovery Date: 2016/02/19 Public Disclosure Date: 2016/03/17 Exploit Author: Michael Helwig Contact: https://twitter.com/c0dmtr1x Project Homepage: http://www.projectsend.org/ Software Link: http://www.projectsend.org/download/108/ Version:...

PHPIPAM 1.1.010 - Multiple Vulnerabilities

PHPIPAM 1.1.010 - Multiple Vulnerabilities Exploit Title: PHPIPAM v1.1.010 Multiple Vulnerabilities Date: 04/01/2016 Author: Mickael Dorigny @ Synetis Vendor or Software Link: http://phpipam.net/ Version: 1.1.010 Category: Multiple Vulnerabilities Tested on : 1.1.010 PHPIPAM description :...

PHPIPAM 1.1.010 CSRF / XSS / SQL Injection

Exploit Title: PHPIPAM v1.1.010 Multiple Vulnerabilities Date: 04/01/2016 Author: Mickael Dorigny @ Synetis Vendor or Software Link: http://phpipam.net/ Version: 1.1.010 Category: Multiple Vulnerabilities Tested on : 1.1.010 PHPIPAM description :...

TAGAWA Takao TransmitMail Cross-Site Scripting Vulnerability

TAGAWA Takao TransmitMail is a PHP-based mail program. TAGAWA Takao TransmitMail suffers from a cross-site scripting vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be used to gain access to sensitive information or hijack user sessions...

GeniXCMS 0.0.1 - Multiple Vulnerabilities

GeniXCMS 0.0.1 - Multiple Vulnerabilities GeniXCMS v0.0.1 Remote Unauthenticated SQL Injection Exploit Vendor: MetalGenix Product web page: http://www.genixcms.org Affected version: 0.0.1 Summary: GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight...