iPhone 7 Jailbreak Has Already Been Achieved In Just 24 Hours!

It has only been a few days since the launch of Apple's brand new iPhone 7 and iPhone 7 Plus, but it appears that the new iPhone has already been jailbroken. That didn't take long. Right? Security researcher and well-known hacker Luca Tedesco shared an image of his jailbroken smartphone on his...

N-Media Website Contact Form with File Upload - Arbitrary File Upload

The website-contact-form-with-file-upload WordPress plugin was affected by an Arbitrary File Upload security vulnerability...

Siemens IP Camera 0.1.69 Arbitrary File Download

Exploit Title: Siemens IP Camera :: Arbitrary file download Date: 14-september-2016 Exploit Author: vuppala.Dhanunjaya Vendor Homepage: www.siemens.com Version: V0.1.69 Tested on: Windows 10,ubuntu 14.04 LTS Email : [email protected] ======================================== TEAM...

ZKTeco ZKBioSecurity 3.0 - Cross-Site Request Forgery (Add Superadmin)

!-- ZKTeco ZKBioSecurity 3.0 CSRF Add Superadmin Exploit Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 3.0.1.0R230 Platform: 3.0.1.0R230 Personnel: 1.0.1.0R1916 Access: 6.0.1.0R1757 Elevator: 2.0.1.0R777...

chatNow 0.0.0 Cross Site Scripting

Exploit Title: chatNow - Reflected XSS Date: 2016-08-23 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://chatnow.thiagosf.net/ Software Link: https://github.com/thiagosf/chatNow/archive/master.zip Version: Latest commit Tested on: Debian wheezy Vulnerability This...

SimplePHPQuiz - Blind SQL Injection

Exploit for php platform in category web applications Exploit Title: SimplePHPQuiz - Blind SQL Injection Date: 2016-08-23 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/valokafor/SimplePHPQuiz Software Link:...

MESSOA IP-Cameras Authentication Bypass / Credential Changer

Multiple MESSOA IP-Cameras auth bypass admin user/password changer Tested: MESSOA NIC 835 Release: X.2.1.8 MESSOA NIC 835-HN5 Release: X.2.1.17 MESSOA NIC 836 Release: X.2.1.7 MESSOA NDZ 860 Release: X.3.0.6.1 MESSOA Copyright 2016 c Todor Donev http://www.ethical-hacker.org/...

CVE-2016-4999

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the 1 Data Set Authoring or 2...

SIRIUS news.php parameters gid a SQL injection vulnerability

No description provided by source...

ask2 \control\favorite.php parameter id SQL injection

No description provided by source...

Woo Email Control <= 1.01 - Reflected Cross-Site Scripting (XSS) & CSRF

Due to a lack of encoding and CSRF mitigation in the testemail function found on line 106 of classes/class-wooctrl.php, it is possible to automate a request to the AJAX handler for the wooctrlsendtestemail action which will reflect the specified script back to the end user...

Joomla com_branch SQL注入漏洞

No description provided by source...

Struts2 exploits tool Devmode version released with the source code-the vulnerabilities and early warning-the black bar safety net

! Disclaimer: This tool is for security testing purposes, the prohibition of the illegal use. Please pay attention and check the tool Safety. When Struts2 turn on devMode mode, will lead to a serious remote code execution vulnerability. If the WebService to start a permission is the highest...

CVE-2016-3646

creationtimestamp| type| source ---|---|--- 2016-06-29 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/40036...

FinderView - Multiple Vulnerabilities

FinderView - Multiple Vulnerabilities Exploit Title: FinderView - Multiple VulnerabilityPath Traversal/Reflected XSS Date: 2016-06-23 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/proin/ Software Link:...

ETMV9 digital campus platform any download

No description provided by source...

Samsung SCX-4x24 Series not authorized to access

No description provided by source...

Airia Cross Site Scripting

Exploit Title: Airia - Multiple XSS VulnerabilityStored/Reflected Date: 2016-06-20 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ytyng.com Software Link: https://github.com/ytyng/airia/archive/master.zip Version: Latest commit Tested on: Debian wheezy Stored X...

phpATM 1.32 - Arbitrary File Upload / Remote Command Execution (Windows Servers)

Exploit for php platform in category web applications ?php / Exploit Title : "phpATM = 1.32 Remote Command Execution Shell Upload on Windows Servers" Date : 17/06/2016 Author : Paolo Massenio - pmassenioATgmail Vendor : phpATM - http://phpatm.org/ Version : = 1.32 Tested on : Windows 10 with XAMP...

WordPress Gravity Forms 1.8.19 Shell Upload

&formid=1&name=khan.php5&gformuniqueid=../../../../&fieldid=3'; curlsetopt$ch, CURLOPTRETURNTRANSFER, true; $response = curlexec$ch; curlclose$ch; if eregi'ok', $response echo "$separator\nShell at $shell\n$separator\n\n"; while $testCom != 'bubye!' $user =...