Easy Blog PHP Script 1.3a SQL Injection

Exploit Title: Easy Blog PHP Script v1.3a - SQL Injection Date: 2017-09-27 Exploit Author: 8bitsec Vendor Homepage: https://www.codester.com/ Software Link: https://www.codester.com/items/4616/easy-blog-php-script Version: 1.3a Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...

Default credentials

Mojoomla Annual Maintenance Contract AMC Management System allows Arbitrary File Upload in profilesetting image handling...

Roteador Wireless Intelbras WRN150 - Autentication Bypass Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Autentication Bypass/Config file download - INTELBRAS WRN 150 Date: 28/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150 Mbps - WRN 150 Tested on: kali linux,...

trampus.si Open Redirect vulnerability

Vulnerable URL: http://www.trampus.si/desk/common/OpenLink.asp?url=https://www.openbugbounty.org\n Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.12.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated...

dconfianza.pe XSS vulnerability

Vulnerable URL: http://dconfianza.pe/proveedores?ob='--" alert4...

clorox.com XSS vulnerability

Open Bug Bounty ID: OBB-297854 Description| Value ---|--- Affected Website:| clorox.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

marketbosworth-pc.gov.uk Open Redirect vulnerability

Open Bug Bounty ID: OBB-296561 Description| Value ---|--- Affected Website:| marketbosworth-pc.gov.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4...

CVE-2017-12991

The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgpattrprint...

OLX: XSS in OLX.pl ("title" in new advertisement)

Hello, I found XSS vulnerability in "new advertisement" in OLX.pl Step to reproduce: 1. Go to https://www.olx.pl/nowe-ogloszenie/ 2. Put this payload "" in "add-title" element 3. Complete all data in this form and click Next 4. On the next page we can see executed XSS Regards, 4rch...

Nimble Professional 1.0 - Cross-Site Request Forgery (Update Admin) Vulnerability

Exploit for php platform in category web applications Edit Profile: Admin Name: Admin Email: Admin Password: Save Profile 0day.today 2018-02-15...

Linux/ARM (Raspberry Pi) - Reverse TCP Shell (192.168.0.12:4444/TCP) Shellcode (160 bytes)

/ Andrea Sindoni - @invictus1306 This schellcode is part of my episodes: - ARM exploitation for IoT - https://quequero.org/2017/07/arm-exploitation-iot-episode-2/ Enviroment: Raspberry pi 3 Default settings for port:4444 ip:192.168.0.12 .global start start: mov r1, 0x5C @ r1=0x5c mov r5, 0x11 @...

Gratipay: clickjacking on https://gratipay.com/on/npm/[text]

hi team .. i found clickjacking URL on https://gratipay.com/on/npm/here this clickjacking must be 3 characturs and must be 5 number this entered endpoint of URL .. please fixed soon https://gratipay.com/on/npm/text step respond 1- go to https://gratipay.com/on/npm/text 2 - check name or number...

Described in the CTF game found Python deserialization BUG vulnerability flaws-vulnerability warning-the black bar safety net

In the first few days, I had the privilege to join the ToorConCTF（https://twitter.com/toorconctf in addition this event the process of my first time in Python in the invention the sequence of the flaws. In our competition process, there are two provocative touch to be able to perhaps receive the...

Textra SMS - Dangerous filesystem permissions, Hardcoded secrets, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Textra SMS published at the 'play' market has multiple vulnerabilities...

Moderate: Red Hat Security Advisory: Red Hat Certificate System 8 security, bug fix, and enhancement update

An update is now available for Red Hat Certificate System 8 with Advanced Access. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Disk Pulse Enterprise 9.9.16 Buffer Overflow

!/usr/bin/env python Exploit Title: Disk Pulse Enterprise 9.9.16 Remote SEH Buffer Overflow Date: 2017-08-25 Exploit Author: Nipun Jaswal & Anurag Srivastava Author Homepage: www.pyramidcyber.com Vendor Homepage: http://www.diskpulse.com Software Link:...

Threat Outbreak Alert RuleID30293: Email Messages Distributing Malicious Software on August 24, 2017

Medium Alert ID: 54936 First Published: 2017 August 24 17:14 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID30293 may contain the following files: Name |...

Uber users beware; Faketoken Android malware hits ride-sharing apps

By Waqas The new version of Faketoken Malware Targets Uber-Like Apps to This is a post from HackRead.com Read the original post: Uber users beware; Faketoken Android malware hits ride-sharing apps...

CVE-2011-4933

...

CVE-2017-11590

There is a NULL pointer dereference in the caselesshash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack...