11967 matches found
SMF 2.1 Beta 2 Remote Code Execution 0day Exploit
SMF 2.1 Beta 2 0day Exploit allow a remote attacker with the ability to create a basic user account to execute arbitrary code with the privileges of the application. You use python exploit and can authomatic shell upload and remote code execution Usage Info example Remote code execution: exploit....
vBulletin 5.x - Remote Code Execution Exploit
Exploit for php platform in category web applications + Title: Vbulletin 5.x - Remote Code Execution Exploit + Product: vbulletin + Vendor: http://vbulletin.com + Vulnerable Versions: Vbulletin 5.x Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadote...
conlanspeugeot.ie XSS vulnerability
Vulnerable URL: http://www.conlanspeugeot.ie/usedcars/index.cfm?fuseaction=search=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 09:40 GMT Vulnerability type:| XSS Vulnerability status:| Publicly...
linux/x64 gghunter - 24 bytes
/ ;Title: x64 Linux egghunter in 24 bytes ;Author: David Velázquez a.k.a d4sh&r ;Contact: https://mx.linkedin.com/in/d4v1dvc ;Description: x64 Linux egghunter that looks for the string "h@ckh@ck" ; and then execute the shellcode ;Tested On: Linux kali64 3.18.0-kali3-amd64 x8664 GNU/Linux ;Compile...
mortgageprotectionplan.ca XSS vulnerability
Vulnerable URL: http://www.mortgageprotectionplan.ca/video-req.php?video=alert/XSSPOSED/;...
openhours.fr XSS vulnerability
Open Bug Bounty ID: OBB-103935 Description| Value ---|--- Affected Website:| openhours.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
[SECURITY] Fedora 23 Update: icecat-38.3.0-10.fc23
GNUZilla Icecat is a fully-free fork of Mozilla Firefox. Four extensions are included to this version of IceCat: LibreJS 6.0.10.20150620 GNU LibreJS aims to address the JavaScript problem described in Richard Stallman's article The JavaScript Trap. SpyBlock 2.6.9.0 Blocks privacy trackers while i...
MyWebSQL 3.6 Cross Site Request Forgery Vulnerability
MyWebSQL version 3.6 suffers from a cross site request forgery vulnerability. 1. Introduction Affected Product: MyWebSQL 3.6 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://mywebsql.net/ Vulnerability Type: CSRF Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed t...
destoon最新版注入(绕过过滤出任意数据)
简要描述: 我会告诉你是三次注入么. 详细说明: destoon最新版 漏洞文件:/module/club/mygroup.inc.php case 'add': if$MG'clubgrouplimit' && $limitused = $MG'clubgrouplimit' dalertlang$L'infolimit', array$MG'clubgrouplimit', $limitused, $MODULE2'linkurl'.$DT'filemy'.'?mid='.$mid.'&job='.$job; $needcaptcha = $MOD'captchagroup' == ...
Microsoft Compiled HTML Help Remote Code Execution
!/usr/bin/php pocEhsan Noreddini shot : http://ehsann.info/proof/MicrosoftCompiledHTMLhelpRCE.png Original Code : http://ehsann.info/exploit/5.txt video : http://ehsann.info/video/MicrosoftCompiledHTMLhelpRCE.mp4 print "Microsoft Compiled HTML Help - Remote Code Execution Exploit \r\n"; $port=80;...
The World Browser 3.0 Final - Remote Code Execution
The World Browser 3.0 Final - Remote Code Execution !/usr/bin/php ?php Author : Ehsan Noreddini E-Mail : [email protected] Social : @prot3ct0r Title : The World Browser Remote Code Execution TheWorld Browser is a tiny, fast and powerful web Browser. It is completely free. There is no function...
Network Time Protocol ntpd multiple integer overflow read access violations
Talos Vulnerability Report TALOS-2015-0052 Network Time Protocol ntpd multiple integer overflow read access violations October 21, 2015 CVE Number CVE-2015-7848 Description When processing a specially crafted private mode packet, an integer overflow can occur leading to out of bounds memory copy...
DNN (DotNetNuke) < 7.4.2 Multiple Vulnerabilities
The version of DNN installed on the remote host is affected by multiple vulnerabilities : - An unspecified cross-site scripting vulnerability exists due to a failure to properly sanitize content used by the tabs control. An unauthenticated, remote attacker can exploit this to execute arbitrary...
qibocms考试系统sql注入
No description provided by source...
PHP 5.5.x < 5.5.30 / 5.6.x < 5.6.14 Multiple Vulnerabilities
Binary data 8956.prm...
marsh-reef.org Open Redirect vulnerability
Vulnerable URL: http://www.marsh-reef.org/redirect-to/?redirect=http://xssposed.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 1143829 Google Pagerank| 2 VIP website...
CVE-2014-9297
...
0101SHOP CMS 商城模板存在SQL注入漏洞
CMS在处理浏览器提交的数据时使用filterPara函数过滤,这个函数接着调用了PreventSqlin和Checkxss两个函数进行字符过滤,PreventSqlin用来过滤SQL注入语句,而Checkxss是用来过滤跨站输入。 关键就是在PreventSqlin函数 /inc/AspCmsCommonFun.asp 函数内容如下: Function preventSqlincontent dim sqlStr,sqlArray,i,speStr...
Joomla Spider Random Article Component - SQL Injection
Exploit Title : Joomla Spider Random Article Component SQL Injection vulnerability Author : Jagriti Sahu AKA Incredible Vendor Link : http://demo.web-dorado.com/spider-random-article.html Date : 22/03/2015 Discovered at : IndiShell Lab Love to : error1046 ^^ ,Team IndiShell,Codebreaker ICA...
Windows ATMFD.DLL CFF table (ATMFD+0x3440b / ATMFD+0x3440e) Invalid Memory Access
CVE-2015-2460We have encountered a number of Windows kernel crashes in the ATMFD.DLL OpenType driver while processing corrupted OTF font files, such as: ---PAGEFAULTINNONPAGEDAREA 50Invalid system memory was referenced. This cannot be protected by try-except,it must be protected by a Probe...