Webiness Inventory 2.9 Shell Upload

Exploit Title: Webiness Inventory 2.9 Arbitrary File Upload Date: 10/27/2018 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 46 foreach $FILES as $file 47 $fileName = $file'name'; 48 $fileTmp =...

phptpoint Hospital Management System 1.0 - 'user' SQL injection

Exploit Title: phptpoint Hospital Management System 1.0 - 'user' SQL injection Date: 2018-10-24 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link: Version: 1 Tested on: WAMP windows 10 x64 CVE: unknown Description: Phptpoin...

phptpoint Pharmacy Management System 1.0 - 'username' SQL injection

Exploit Title: phptpoint Pharmacy Management System 1.0 - 'username' SQL injection Date: 2018-10-24 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link: https://www.phptpoint.com/pharmacy-management-system/ Version: 1 Tested...

WordPress WP-Contact-Widgets 1.4.1 Cross Site Scripting Vulnerability

WordPress WP-Contact-Widgets plugin version 1.4.1 suffers from a stored cross site scripting vulnerability. Exploit Title: Stored XSS on wp-contact-widgets 1.4.1 wordpress plugin Exploit Author: Boumediene KADDOUR Publisher: R&D Unit Algerie Telecom Version: 1.4.1 Application website:...