CVE-2017-17641

Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter...

RPi Cam Control <= 6.3.14 - Multiple Vulnerabilities

Exploit for hardware platform in category remote exploits Exploit Title: RPi Cam Control = v6.3.14 RCE Multiple Vulnerabilities - preview.php Date: 16/08/2017 Exploit Author: Alexander Korznikov Vendor Homepage: https://github.com/silvanmelchior/RPiCamWebInterface Software Link:...

RPi Cam Control &lt; 6.3.14 - Multiple Vulnerabilities

Exploit Title: RPi Cam Control = v6.3.14 RCE Multiple Vulnerabilities - preview.php Date: 16/08/2017 Exploit Author: Alexander Korznikov Vendor Homepage: https://github.com/silvanmelchior/RPiCamWebInterface Software Link: https://github.com/silvanmelchior/RPiCamWebInterface Version: = v6.3.14 Dat...

RPi Cam Control &lt; 6.3.14 - Remote Command Execution

RPi Cam Control = v6.3.14 RCE preview.php Multiple Vulnerabilities A web interface for the RPi Cam Vendor github: https://github.com/silvanmelchior/RPiCamWebInterface Date 16/08/2017 Discovered by @nopernik https://www.linkedin.com/in/nopernik http://www.korznikov.com RPi Cam Control = v6.3.14 is...

CVE-2016-9128

Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted U...

CVE-2016-9128

Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted U...

Cross site scripting

Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted U...

CVE-2016-9128

Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to steal the session ID of an authenticated user, by tricking them into visiting a specifically crafted U...

PHP Forum Script 3.0 SQL Injection

Exploit Title: PHP Forum Script v3.0 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/php-forum-script/ Demo: http://demo.phpjabbers.com/index.php?demo=pfs&front=1&lid=1 Version: 3.0 Tested on: Win7 x64, Kali Linux...

Simple PHP Blog 0.8.4 Cross Site Scripting

======================================================================== | Title : Simple PHP Blog 0.8.4 XSS vulnerability | Author : indoushka | email : [email protected] | Tested on : windows 8.1 FranASSais V.Pro | Version : 0.8.4 | Vendor : https://sourceforge.net/projects/sphpblog/ |...

Akal Theme - Reflected Cross-Site Scripting (XSS)

The premium theme, Akal, suffers from a Reflected Cross-Site Scripting XSS vulnerability in the preview.php file located in framework/brad-shortcodes/tinymce...

Akal Theme - Reflected Cross-Site Scripting (XSS)

The premium theme, Akal, suffers from a Reflected Cross-Site Scripting XSS vulnerability in the preview.php file located in framework/brad-shortcodes/tinymce. PoC...

WordPress Instagram 1.1.0 Cross Site Scripting

Exploit Title : WordPress Instagram Plugin 1.1.0 Cross Site Scripting Exploit Author : Persian Hack Team Vendor Homepage : https://wordpress.org/ Software Link : https://wordpress.org/plugins/instalinker/ Date: 2016/02/04 Version : 1.1.0 Vulnerable code : File Name: instalinker-admin-preview.php...

Datalife Engine 9.7 preview.php Bindshell

?php // Exploit Title: Datalife Engine 9.7 Bindshell Exploit // Date: 13/12/2015 // Exploit Author: ssbostan // Vendor Homepage: http://dleviet.com/ // Version: == 9.7 // Tested on: Datalife Engine 9.7 // CVE: http://www.cvedetails.com/cve/CVE-2013-1412/...

shop.qs-tech.com XSS vulnerability

Vulnerable URL: http://shop.qs-tech.com/preview.php?productname=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculate...

Cross site scripting

Cross-site scripting XSS vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter...

CVE-2014-4516

Cross-site scripting XSS vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter...

CVE-2014-4516

The CVE-2014-4516 entry affects the WordPress BIC Media Widget plugin (

CVE-2013-1412

DataLife Engine DLE 9.7 allows remote attackers to execute arbitrary PHP code via the catlist parameter to engine/preview.php, which is used in a pregreplace function call with an e modifier...

Code injection

DataLife Engine DLE 9.7 allows remote attackers to execute arbitrary PHP code via the catlist parameter to engine/preview.php, which is used in a pregreplace function call with an e modifier...