The vulnerability of the PT MultiScanner malware protection system and the PT Sandbox network sandboxing solution lies in the lack of measures taken to protect the structure of web pages, allowing attackers to execute JavaScript code in the browser of the targeted user.

The vulnerability of the PT MultiScanner malware protection system and the PT Sandbox network sandboxing solution is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute JavaScript code in th...

eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution

Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution Date: 2020-07-27 Exploit Author: Berk KIRAS Vendor Homepage: https://www.egroupware.org/en/ Version: 1.14 Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist !/usr/bin/python3 import requests import sys import...

eGroupWare 1.14 - (spellchecker.php) Remote Command Execution Exploit

Exploit for php platform in category web applications Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution Exploit Author: Berk KIRAS Vendor Homepage: https://www.egroupware.org/en/ Version: 1.14 Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist !/usr/bin/python...

eGroupWare 1.14 Remote Command Execution

Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution Date: 2020-07-27 Exploit Author: Berk KIRAS Vendor Homepage: https://www.egroupware.org/en/ Version: 1.14 Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist !/usr/bin/python3 import requests import sys import...

Sophos VPN Web Panel 2020 Denial Of Service

Exploit Title: Sophos VPN Web Panel 2020 - Denial of Service Poc Date: 2020-06-17 Exploit Author: Berk KIRAS Vendor Homepage: https://www.sophos.com/ Version:2020 Web Panel Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist Sophos VPN Web Portal Denial of Service Vulnerability System...

WordPress GravityForms 1.9.15.11 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: WordPress plugin GravityForms Product URL: http://www.gravityforms.com/ Vendor: Rocketgenius Vulnerability Type: Reflected Cross-site Scripting CWE-79 Vulnerable Versions: 1.9.15.11 other versions not tested Fixed Version: 1.9.16 Solution...

CloudFlare Aims to Defeat Massive DDoS Attacks with Virtual DNS

DDoS attacks have been a persistent problem for the the better part of 20 years, and as ISPs and enterprises have adjusted their defenses, attackers have adapted their tactics. One of the more effective tools in the attackers’ arsenal now is the use of botnets to generate massive numbers of DNS...

Tinba Banker Trojan Source Code Posted

The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the...

MyBB (editpost.php, posthash) - SQL Injection Vulnerability

No description provided by source. MyBB 1.6.9 is vulnerable to Stored, Error based, SQL Injection. Vulnerable code: /editpost.php === Line 398 === $posthashquery = posthash='$posthash' OR ; === It can be done by using Tamper DataOr Live HTTP Headers, and when submitting a post, edit the 'posthash...

MyBB editpost.php SQL Injection

MyBB...

MyBB 1.6.9 - editpost.php?posthash Blind SQL Injection

MyBB 1.6.9 - editpost.php?posthash Blind SQL Injection MyBB...

MyBB 1.6.9 - 'editpost.php?posthash' Blind SQL Injection

MyBB...

Plogger Photo Gallery SQL Injection

Exploit Title: Plogger Photo Gallery Script SQL Injection Vulnerability Date: 2012 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr Issue: SQL Injection Risk level: High The remote attacker has the possibility to execute arbitrary SQ...

AZ Photo Album Script Cross Site Scripting

Exploit Title: AZ Photo Album Script Multiple Vulnerability Date: 2012 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE XSS can be done using the command input and shell script upload Vulnerable Page: index.php File Upload - XS...

SocialCMS Cross Site Scripting / SQL Injection

Exploit Title: SocialCMS SQL Injection and XSS Vulnerability Date: 2012 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE SQL Injection and XSS can be done using the POST method. Vulnerable Page: ajax/commentajax.php SQL Injecti...

P-Chat 0.9 Cross Site Scripting

Exploit Title: P-Chat v0.9 XSS Vulnerability Date: 2012 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE Cross Site Scripting can be done using the command input Vulnerable Page: index.php XSS Example: "/ XSS Code POC:...

Video Girls BiZ Video Chat Script Cross Site Scripting / SQL Injection

Exploit Title: Video Girls BiZ Video Chat Script - Blind SQL Injection and XSS Vulnerability Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE Blind SQL Injection and XSS can be done using. Vulnerable Page: forum.php...

Ajax Script Cross Site Scripting / SQL Injection

Exploit Title: Ajax Script SQL Injection and XSS Vulnerability Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE SQL Injection and XSS can be done using the POST method. Tamper data is available. Vulnerable Page:...

Social Book Facebook Clone Script Cross Site Scripting

Exploit Title: Social Book Facebook Clone Script Reflected XSS Vulnerability Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE XSS can be done using the command input Vulnerable Page: signup.php lostpass.php login.php...

Innovate Portal Cross Site Scripting

Exploit Title: Innovate Portal XSS Vulnerability Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability Web Site: www.eyupcelik.com.tr ISSUE XSS can be done using the command input Vulnerable Page: index.php Example:...