PHPfileNavigator 2.3.3 - Cross-Site Request Forgery

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812a.txt Vendor: ================================ pfn.sourceforge.net Product: =================================== PHPfileNavigator v2.3.3 pfn Is...

Sagemcom F@ST 3864 V2 - Get Admin Password

Sagemcom F@ST 3864 V2 - Get Admin Password !/bin/bash Exploit Title: Sagemcom 3864 V2 get admin password Date 2015-08-15 Author: Cade Bull Software Link: null Tested on: Sagemcom F@ST 3864 V2 Version: 7.253.2F3864V2Optus The sagemcom modem does not authenticate users when requesting pages, only...

Sagemcom F@ST 3864 V2 - Get Admin Password

!/bin/bash Exploit Title: Sagemcom 3864 V2 get admin password Date 2015-08-15 Author: Cade Bull Software Link: null Tested on: Sagemcom F@ST 3864 V2 Version: 7.253.2F3864V2Optus The sagemcom modem does not authenticate users when requesting pages, only whilst posting forms the password.html page...

Apple Mac OSX Keychain - EXC_BAD_ACCESS Denial of Service

Apple Mac OSX Keychain - EXCBADACCESS Denial of Service Exploit Title: OSX Keychain - EXCBADACCESS Date: 22/07/2015 Exploit Author: Juan Sacco Vendor Homepage: https://www.apple.com Software Link: https://www.apple.com/en/downloads/ Version: 9.0 55161 Tested on: OSX Yosemite 10.10.4 CVE : None...

Pineapple 2.3.0 Autopwn Script

I have wrote PoC half a year ago, because i needed to try it on my Chinese router, and it still works on freshly purchased pineapple devices. hello from Defcon ; And guys, it’s not a talk for the defcon, especially if you have done a botnet based on that shit… ; See ya tomorrow at WiFi village...

Ninja Forms <= 2.9.21 - Authenticated Reflected Cross-Site Scripting (XSS)

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting XSS security vulnerability. http://www.example.com/wp-admin/admin.php?page=nf-processing&title=alert123;...

金蝶销管家逻辑缺陷重置任意用户密码(工作人员账户测试/秒改)

简要描述： 可绕过验证码直接修改用户密码。 详细说明： 0x1:先信息收集一些工作人员的账户用来测试，来证明漏洞的危害性。 13580111111 13752248075 13456231475 13456879564 15578945623 13456231245 13456231245 13648776985 13400002111 13625668852 15018517663 15915533696 13888888888 13456789123 18090700000 13165454756 13654213923 13654213923 13760368754...

Download Manager <= 2.7.94 - Authenticated Stored XSS

The stored XSS vulnerability allows any authenticated user to inject malicious code via the name of the uploaded file: Example: .jpg The vulnerability exists because the file name is not properly sanitized and this can lead to malicious code injection that will be executed on the target’s browser...

NewStatPress <= 1.0.4 - SQL Injection

The Search functionality is susceptible to a SQL Injection attack due to usage of user input without sanitation. In particular, at line 98 of 'includes/nspsearch.php'. Utilising a specially crafted SQL query, we can trigger disclosure of user hashes through an IMG tag as the data channel. The...

Swim Team <= v1.44.10777 - Local File Inclusion

The code in ./wp-swimteam/include/user/download.php doesn't sanitize user input from downloading sensitive system files. $ curl...

wp-instance-rename <= 1.0 - Arbitrary File Download

The wp-instance-rename WordPress plugin was affected by an Arbitrary File Download security vulnerability. url --data "dbname=wp&dumpfname=/etc/passwd&backupfolder=." http://www.example.com/wp-instance-rename/mysqldumpdownload.php -o p.zip...

Apexis IP CAM - Information Disclosure

Apexis IP CAM - Information Disclosure Exploit Title: Apexis IP CAM - Full Info Disclosure Google Dork: inurl:"getstatus.cgi"cgi-bin/ Date: 01/06/2015 Exploit Author: Sunplace Solutions - Soluciones Informáticas - RE Remoteexecution.net Vendor Homepage: http://www.apexis.com.cn/ Tested on: Linux...

ViArt Shop 4.2.1 CSRF / XSS / SQL Injection / File Upload

ViArt Shop 4.2.1 Mullti Vulnerability ===================================== Author : indoushka Vondor : www.viart.com/ Dork : PHP Ecommerce Solutions by ViArt ========================================= XSS : C:\AppServ\www\viart\articlesrss.php Line : 190 echo $xml Remote/Local File Inclusion :...

Seagate Central Remote Facebook Access Token

!/usr/bin/python seagatecentralfacebook.py Seagate Central Remote Facebook Access Token Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central stores linked Facebook account access tokens in /etc/archiveaccounts.ser and this exploit takes advantage of two bugs: 1 Passwordless...

PHPCollab 2.5 /topics/deletetopics.php SQL注入漏洞

No description provided by source...

WordPress WP Fast Cache 1.4 CSRF / Cross Site Scripting

Exploit Title : WP Fast Cache 1.4 and below CSRF Stored/Reflected XSS Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage : https://wordpress.org/plugins/wp-fast-cache/ Software Link :...

Microsoft Windows 8.08.1 (x64) - TrackPopupMenu Local Privilege Escalation (MS14-058)

Microsoft Windows 8.08.1 x64 - TrackPopupMenu Local Privilege Escalation MS14-058 Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation MS14-058 CVE-2014-4113 Privilege Escalation http://www.offensive-security.com Thx to Moritz Jodeit for the beautiful writeup...

ManageEngine EventLog Analyzer 10.0 Build 10001 - Cross-Site Request Forgery

ManageEngine EventLog Analyzer 10.0 Build 10001 - Cross-Site Request Forgery input type="hidden"...

D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting

!/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod URL Filter Developed by Mauricio Corrêa XLabs Information Security WebSite: www.xlabs.com.br CAUTION! This exploit disables some features of the modem, forcing the...

D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting

D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting !/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod URL Filter Developed by Mauricio Corrêa XLabs Information Security WebSite:...