Vtiger CRM < = 6.3.0 远程代码执行

No description provided by source...

齐普生协同办公OA系统存在SQL注入漏洞

No description provided by source...

74cms jobs-list.php接口sql注入

首页 招聘信息 点击搜索 http://demo.74cms.com/jobs/jobs-list.php?sort=wage&page=1&jobcategory=&education=&citycategory=&experience=&settr=3&trade=&wage=&nature= 参数sort存在SQL注入...

phpwind v8.7 /goto.php 跨站脚本漏洞

No description provided by source...

WinRAR 5.21 - (Expired Notification) OLE Remote Command Execution Exploit

Exploit for windows platform in category local exploits !/usr/bin/python -w Title : WinRar Expired Notification - OLE Remote Command Execution Date : 30/09/2015 Author : R-73eN Tested on : Windows Xp SP3 with WinRAR 5.21 This exploits a vulnerability in the implementation of showing ads. When a...

w3tw0rk / Pitbul IRC Bot 远程命令执行

No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'w3tw0rk / Pitbul IRC Bot Remote Code Execution', 'Description' = %q This module allows remote...

工作易(workyi) 3.0 SQL注入漏洞

No description provided by source...

MASM32 11R - Crash POC Exploit

Exploit for windows platform in category dos / poc EXPLOIT TITLE: Masm32v11r Buffer OverflowSEH overwrite crash POC AUTHOR: VIKRAMADITYA "-OPTIMUS" Date of Testing: 22nd September 2015 Download Link : http://www.masm32.com/masmdl.htm Tested On : Windows 10 Steps to Crash :- Step 1: Execute this...

Total Commander 8.52 (Windows 10) - Local Buffer Overflow

Total Commander 8.52 Windows 10 - Local Buffer Overflow !/usr/bin/python EXPLOIT TITLE: Total Commander 8.52 Buffer Overflow AUTHOR: VIKRAMADITYA "-OPTIMUS" Credits: UnN0n Date of Testing: 19th September 2015 Download Link : http://tcmd852.s3-us-west-1.amazonaws.com/tc852x32b1.exe Tested On :...

Aol account hijack sessions 0day

hijacking sessions replaying information, to gain access to other account details. Usage Info you will need firefox live http headers FIXED for replay and the method below. This is private exploit. You can buy it at https://0day.today...

OS X 10.10 IOKit IntelAccelerator NULL Pointer Dereference

No description provided by source. include include include include include int main kernreturnt err; CFMutableDictionaryRef matching = IOServiceMatching"IntelAccelerator"; if!matching printf"unable to create service matching dictionary\n"; return 0; ioiteratort iterator; err =...

FAROL - SQL Injection

Exploit Title: Web Application Farol with anauthenticated SQLi injection Date: 2015-09-16 Exploit Author: Thierry Fernandes Faria a.k.a SoiL thierryfariaa at gmail dot com Vendor Homepage:http://www.teiko.com.br/pt/solucoes/infraestrutura-em-ti/farol Version: All CVE : CVE-2015-6962 OWASP Top10:...

Openfire 3.10.2 - Unrestricted Arbitrary File Upload

Openfire 3.10.2 - Unrestricted Arbitrary File Upload...

Discuz! X3.1 逻辑错误漏洞

Discuz! X3.1 在完成任务时（home.php?mod=draw&do=view&id=xx），任务先前的状态缺少判断完成任务的链接形如：home.php?mod=draw&do=view&id=xx这个地址最终在 source\class\classtask.php 中被处理约第370行：function draw$id global $G; if!$this-task = C::t'commontask'-fetchbyuid$G'uid', $id showmessage'tasknonexistence'; elseif$this-task'status' != 0...

EZ SQL Reports <= 4.11.33 - Authenticated Arbitrary File Download

The plugin allows a WordPress site administrator or collaborator to download arbitrary files from the host file system though the plugin functionality of downloading .sql, .sql.zip or .sql.gz files created by the WordPress administrator. The file name to download is not sanitized and path travers...

CubeCart 6.0.6 Administrative Bypass

Application: CubeCart 6.0.6 5.2.12 Fixed: 07/09/2015 6.0.7 Credits: Fernando Câmara @overflowy Title: Admin account hijacking vulnerability Dork: inurl:"index.php?a=" Requirements: Default admin recovery functions enabled... Knowledge of the admin account email P.O.C Its possible for an attacker ...

SiteFactory CMS 5.5.9 任意文件下载漏洞

漏洞详情：SiteFactory CMS 5.5.9 存在任意文件下载漏洞。问题链接：sitefactory/assets/download.aspx?file=测试链接：/sitefactory/assets/download.aspx?file=c%3a\windows\win.ini影响版本：SiteFactory CMS 5.5.9...

WordPress Shopping Cart 3.0.4 --任意文件上传

受影响版本: WordPress Shopping Cart 3.0.4 日期: 29-10-2014 软件链接: https://wordpress.org/plugins/wp-easycart/ CVE: CVE-2014-9308 类别: 应用程序漏洞详情：任何注册用户都可以上传任何文件。上传点: wp-easycart\inc\amfphp\administration\banneruploaderscript.php$date = $POST'datemd5';$usersqlquery = sprintf"SELECT ecuser., ecrole.adminaccess...

Wolf CMS Arbitrary File Upload To Command Execution Exploit

Exploit for php platform in category web applications Exploit Title : Wolf CMS 0.8.2 Arbitrary File Upload To Command Execution Reported Date : 05-May-2015 Fixed Date : 10-August-2015 Exploit Author : Narendra Bhati CVE ID : CVE-2015-6567 , CVE-2015-6568 Contact: Facebook :...

BSIGN 0.4.5 - Local Buffer Overflow

Exploit Author: Juan Sacco - http://www.exploitpack.com Program: bsign - embed and verify secure hashes and digital signatures Tested on: GNU/Linux - Kali Linux 2.0 Description: BSIGN v0.4.5 and prior is prone to a stack-based buffer overflow vulnerability because the application fails to perform...