Apple iTunes 10.6.1.7 - Extended m3u Stack Buffer Overflow (Metasploit)

Apple iTunes 10.6.1.7 - Extended m3u Stack Buffer Overflow Metasploit ============================================================================================ Apple iTunes 'iTunes Extended M3U Stack Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in iTunes...

Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload

source: https://www.securityfocus.com/bid/53944/info The Joomsport component for Joomla! is prone to an SQL-injection vulnerability and an arbitrary file-upload vulnerability because it fails to sanitize user-supplied data. Exploiting these issues could allow an attacker to compromise the...

Radius Manager V4.0.3 Sql injection/CSRF Vulnerabilties

Exploit for php platform in category web applications Radius Manager V4.0.3 Sql injection/CSRF Vulnerabilties ======================================================================= .:. Author : AtT4CKxT3rR0r1ST email protected .:. Script : http://dmasoftlab.com/cont/home .:. Tested On Demo :...

PHP 5.4 Win32 Code Execution

Exploit for php platform in category remote exploits // Exploit Title: PHP 5.4 5.4.3 Code Execution 0day Win32 // Exploit author: 0in Maksymilian Motyl // Email: 0indotemailatgmail.com // Bug with Variant type parsing originally discovered by Condis // Tested on Windows XP SP3 fully patched Polis...

MyClientBase CSRF Vulnerability (Add Admin)

Exploit for php platform in category web applications MyClientBase CSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST email protected .:. Script :...

appRain 0.1.5 File Upload

File upload vulnerability in appRain uploadify.php Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

discuz! X1. 0 – X1. 5 Blind SQL injection exploit & Get Shell-vulnerability warning-the black bar safety net

Exploit Title: discuz! X1. 0 - X1. 5 Blind SQL injection exploit &Get Shell Date: 06-04-2012 Author: Hacker-Fire Category:: webapps Google dork: Powered by Discuz Tested on: Windows 7 P0c : ? Php printr ' + ------------------------------------------------- -------------------------- + Discuz! 1-1...

idev-QuoteManager 1.0 Cross Site Request Forgery

Exploit Title: idev-QuoteManager 1.0 CSRF Author: Jonturk75 Vendor or Software Link: http://idevspot.com/ Category:: webapps Demo : http://idevspot.com/demos/idev-quotemanager/admin Greetz: Inj3ct0r Exploit DataBase 1337day.com ShowShowHide...

idev-ArticleDirectory 1.0 Cross Site Request Forgery

Exploit Title: idev-ArticleDirectory 1.0 CSRF Author: Jonturk75 Vendor or Software Link: http://www.idevspot.com/ Category:: webapps Demo : http://idevspot.com/demos/idev-articledirectory/admin/ Greetz: Inj3ct0r Exploit DataBase 1337day.com...

osCMax 2.5 - adminstats_customers.php?sorted Cross-Site Scripting

osCMax 2.5 - adminstatscustomers.php?sorted Cross-Site Scripting source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiti...

HP Data Protector Media Operations DBServer opcode 0x10 Traversal Arbitrary File Access

HP Data Protector Media Operations is affected by a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Successfully exploiting the issue may allow an attacker to obtain read arbitrary files that could aid in further attacks. %NASLMINLEVEL 70300 C...

Drupal AES encryption File Disclosure

Information disclosure Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Booking Calendar Lite CSRF (change password)

Exploit for php platform in category web applications Exploit Title: Booking Calendar Lite CSRF change password Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/booking-calendar-lite/27644/ Category:: webapps Demo : http://dev.kreci.net/calendar/admin.php Greetz:...

4Images 1.7.7 Cross Site Request Forgery

Title: 4images - Image Gallery Management System - CSRF Change mail user or admin Author: Dmar al3noOoz Mail : wafeesathotmail.com Name : 4images - Image Gallery Management System dork : Google Dork: "4images - Image Gallery Management System" Software Link : http://www.4homepages.de Version: 1.7...

BPowerItaliano CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: BPowerItaliano CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/bpoweritaliano-unique-low-bid-auction-italian-ver/27150/ Category:: webapps Demo :...

idev-TextAds 3.0 CSRF (change e-mail address)

Exploit for php platform in category web applications Exploit Title: idev-TextAds 3.0 CSRF change e-mail address Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/php-scripts/ad-management-programs/idevtextads-30-ad-rotator-sell-text-ads/ Category:: webapps Demo :...

Zend Server 5.6.0 Script Insertion

Exploit for php platform in category web applications 0day.today 2018-01-03...

Bontq - 'user/' URI Cross-Site Scripting

source: https://www.securityfocus.com/bid/52183/info Bontq is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Hloun v1.0.x => xss csrf to inject php code

Exploit for php platform in category web applications !/usr/bin/perl Title : Hloun v1.0.x = xss csrf to inject php code Author : Or4nG.M4n Version : 1.0.x Homepage : http://www.hloun.in/ video : http://youtu.be/62H3ojk2c-k Note : : welcome back www.Sec4ever.com : Hloun v1.0.x = xss csrf to inject...

DZ社区动力管理添加

简要描述： 可以添加管理员用户，然后进入后台 进行一系列操作，除了sql命令不能运行。 详细说明： 今天朋友丢了个后台，仔细一看竟然是http://nt.discuz.net ，直接管理员的用户。 漏洞证明： 废话不多说 直接上图...