CVE-2017-7642

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable...

SolarWinds Log and Event Manager Local Elevation of Privilege Vulnerability

SolarWinds Log and Event Manager LEM, a.k.a. SIEM is a log and event manager from the U.S.-based SolarWinds that provides real-time log analysis, memory event correlation, and threat attack response. A local elevation of privilege vulnerability exists in SolarWinds Log and Event Manager versions...

chromium-browser: Parameter sanitization failure in DevTools

The Developer Tools aka DevTools subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different...

Google Chrome DevTools Access Restriction Vulnerability (CNVD-2016-06145)

Google Chrome is a web browsing tool developed by Google. Google Chrome has a security vulnerability. Due to incorrectly handling the hostname of a script path, it allows remote attackers to bypass intended access restrictions via URLs. Different from cve-2016-5144...

Gonafish LinksCaffe Authentication Bypass Vulnerability

An authentication bypass vulnerability exists in Gonafish LinksCaffe due to a lack of required authentication for the application's admin script. Allowing an attacker to simply use the admin function by knowing the name and location of the script...

DieselScripts Job Site Forgot.PHP Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19622/info Multiple cross-site scripting vulnerabilities affect Job Site because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker may...

Traidnt up 2.0 - (Cookie) Add Extension Bypass Exploit

No description provided by source. html center br br !-- Traidnt Up version 2.0 Add Extension By Pass Author: SP4rT Email : [email protected] DownLoad : http://traidnt.net/vb/showthread.php?t=943260 Downloads : 33712 1. Enter uploadcp url 2. javascript:documentcookie=trupuser=SP4rT;; 3. Enter this...

DieselScripts DieselPay Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19623/info DieselPay is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of ...

Fantastic News <= 2.1.2 (script_path) Remote Code Execution Exploit

No description provided by source...

UBUNTU-CVE-2013-4555

Cross-site request forgery CSRF vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the user via unspecified vectors...

phUploader Shell Upload

========================================================================== Script Name : phUploader Language : php email: [email protected] ============================================================ Dork : Powered By phUploader ============================================================ Exploit ...

Ultimate Uploader 1.3 - Arbitrary File Upload

Ultimate Uploader 1.3 - Arbitrary File Upload ========================================================================== Script Name : Ultimate Uploader 1.3 Language : php Vendor : http://www.element-it.com Author : Master Mind Home : www.shdowskill.com , www.vbspiders.com...

PHPhotoalbum Shell Upload

========================================================================== Script Name : PHPhotoalbum Language : php email: [email protected] ============================================================ Dork : Powered By PHPhotoalbum or inurl:"PHPhotoalbum-upload.php"...

phUploader 2 - Arbitrary File Upload

phUploader 2 - Arbitrary File Upload Exploit Title: phUploader Remote File Upload Vulnerability Date: 20-12-2009 Author: wlhaan-hacker Version: v2 CVE : N/A ========================================================================== Script Name : phUploader Language : php email: [email protected]...

ZEEJOBSITE 2.0 Remote File Upload Vulnerability

Exploit for unknown platform in category web applications =============================================== ZEEJOBSITE 2.0 Remote File Upload Vulnerability =============================================== ZEEJOBSITE v2.0 remote file Upload author: ZoRLu date: 08/11/2008 aha simdi gonderiyorum saat...

CaLogic Calendars 1.2.2 (langsel) Remote SQL Injection Vulnerability

No description provided by source. /---------------------------------------------------------------\ \ / / CaLogic Calendars V1.2.2 Remote SQL injection \ \ / ---------------------------------------------------------------/ Author : His0k4 ALGERIAN HaCkEr Dork : "CaLogic Calendars V1.2.2" POC :...

Advanced Links Management (ALM) 1.52 - SQL Injection

Advanced Links Management ALM 1.52 - SQL Injection ALM - Advanced Links Management remote SQL injection exploit Script download : http://www.easy-script.com/scripts-dl/almv152.zip Founder: His0k4 ALGERIAN HACKER Greetz : All friends & muslims HaCkErS... Contact: His0k4.hlmatgmail.com P.O.C :...

WebSihirbazi 5.1.1 (pageid) Remote SQL Injection Vulnerability

No description provided by source. ||---------------------------------------------------------------------- | Title : websihirbazi v5.1.1 Remote Blind SQL Injection Vulnerability| ||---------------------------------------------------------------------- | AUTHOR: bypas |...

Synergiser 1.2 RC1 - Local File Inclusion / Full Path Disclosure

--------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg --------------------------------------------------------------- Synergiser...

Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities

netVigilance Security Advisory 11 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , htm...