11967 matches found
forklifts4sale.com XSS vulnerability
Vulnerable URL: http://www.forklifts4sale.com/search.php?txt=%3E%3C%2Ftitle%3E%3Cscript%3Ealert%28KCF%29%3C%2Fscript%3E%27%22%3E%3Cmarquee%3E%3Ch1%3Etest%3C%2Fh1%3E%3C%2Fmarquee%3E%3Csvg%2Fonload%3Dprompt%28%2FXSSPOSED%2F%29%3E=Choose...type=Choose...=Choose... Details: Description| Value ---|---...
Microsoft Windows 8.08.1 (x64) - TrackPopupMenu Local Privilege Escalation (MS14-058)
Microsoft Windows 8.08.1 x64 - TrackPopupMenu Local Privilege Escalation MS14-058 Windows 8.0 - 8.1 x64 TrackPopupMenu Privilege Escalation MS14-058 CVE-2014-4113 Privilege Escalation http://www.offensive-security.com Thx to Moritz Jodeit for the beautiful writeup...
D-Link DSL-500B Gen 2 - Parental Control Configuration Panel Persistent Cross-Site Scripting
D-Link DSL-500B Gen 2 - Parental Control Configuration Panel Persistent Cross-Site Scripting !/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod Developed by Mauricio Corrêa XLabs Information Security WebSite:...
elFinder 2 - Remote Command Execution (via File Creation)
elFinder 2 - Remote Command Execution via File Creation + Author: TUNISIAN CYBER + Title: elFinder 2 Remote Command Execution Via File Creation Vulnerability + Date: 06-05-2015 + Vendor: https://github.com/Studio-42/elFinder + Type: WebAPP + Tested on: KaliLinux Debian + Twitter: @TCYB3R + Time...
MiniUPnPd 1.0 (MIPS) - Remote Stack Overflow Remote Code Execution for AirTies RT Series
MiniUPnPd 1.0 MIPS - Remote Stack Overflow Remote Code Execution for AirTies RT Series !/usr/bin/env python Exploit Title: MiniUPnPd 1.0 Stack Overflow RCE for AirTies RT Series Date: 26.04.2015 Exploit Author: Onur ALANBEL BGA Vendor Homepage: http://miniupnp.free.fr/ Version: 1.0 Architecture:...
Free MP3 CD Ripper 2.6 2.8 (Windows 7) - .wav File Buffer Overflow (SEH) (DEP Bypass)
Free MP3 CD Ripper 2.6 2.8 Windows 7 - .wav File Buffer Overflow SEH DEP Bypass !/usr/bin/python original p0c https://www.exploit-db.com/exploits/36465/ credit to TUNISIAN CYBER modified SEH Exploit https://www.exploit-db.com/exploits/36826/ credit to ThreatActor at CoreRed.com Software Link:...
IP. Board <= 3.4.7 SQL Injection analysis-vulnerability warning-the black bar safety net
IPB stands for Invision Power Board is a PHP Development Forum program, foreign used more widely. In its 3. 4. 7 version and the previous presence of a SQL injection vulnerability, this article to its analysis. poc link http://seclists.org/fulldisclosure/2014/Nov/20 !/ usr/bin/env python Sunday,...
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities
Document Title: =============== SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1314 Release Date: ============= 2015-03-23 Vulnerability Laboratory ID VL-ID: ==================================== 1314...
Crayon Syntax Highlighter 2.0 - 2.6.10 - Defacement
The Crayon Syntax Highlighter plugin allows access to the AJAX method 'crayon-theme-editor-save' to any registered user. When called, the AJAX method ‘crayon-theme-editor-save’ will call the 'save' function within the CrayonThemeEditorWP class, defined in...
JBoss AS versions 3/4/5/6 - Remote Command Execution Exploit
Exploit for multiple platform in category web applications coding: utf-8 JexBoss v1.0. @autor: João Filho Matos Figueiredo email protected Updates: https://github.com/joaomatosf/jexboss Free for distribution and modification, but the authorship should be preserved. import httplib, sys, urllib, os...
Abrt (Fedora 21) - Race Condition
Abrt Fedora 21 - Race Condition include include include include include include include include include include include include include include include // // This is a race condition exploit for CVE-2015-1862, targeting Fedora. // // Note: It can take a few minutes to win the race condition. // /...
CVE-2013-6152
...
[SECURITY] Fedora 20 Update: mingw-qt5-qttranslations-5.4.1-1.fc20
This package contains the Qt software toolkit for developing cross-platform applications. This is the Windows version of Qt, for use in conjunction with the Fedora Windows cross-compiler...
PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 analysis-vulnerability warning-the black bar safety net
Last night security news broke of a“PHP arbitrary file upload Vulnerability”, CVE number: CVE-2 0 1 5-2 3 4 8 in. At the time landlord is ready to pack up and go home, see this news my heart a surprised: the lost rivers and lakes for many years the 0 character truncation upload vulnerability and...
WordPress Plugin Simple Ads Manager - Multiple SQL Injections
WordPress Plugin Simple Ads Manager - Multiple SQL Injections Vulnerability title: Wordpress plugin Simple Ads Manager - SQL Injection Product: Wordpress plugin Simple Ads Manager Vendor: https://profiles.wordpress.org/minimus/ Affected version: Simple Ads Manager 2.5.94 and 2.5.96 Download link:...
Adobe Flash Player ByteArray With Workers Use After Free Exploit
Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Adobe Flash Player ByteArray With Workers Use After Free', 'Description' = ...
HackerOne: Reflected Filename Download
First of all congratulations on awesome bounty system. Big fan here! I found out that it's possible run a RFD attack on Hackerone. If we visit: https://hackerone.com/dsopas We see the normal HTML webpage. Nothing new here. But if we add ?format=json to the URL we can see the JSON file generated b...
KPPW最新版本 绕过防护继续盲注
简要描述: KPPW2620150327UTF-8.zip 3月27 最新版本 详细说明: Url1: http://localhost/KPPW/index.php?do=user&view=message&op=detail&msgId=74&type=trends&intPage=1 Url2: http://localhost/KPPW/index.php?do=user&view=message&op=detail&type=trends&intPage=1&msgId=74%26%261%3D1 Url3:...
某政府系统#注入漏洞一枚
简要描述: RT 详细说明: 山东农友软件公司官网:http://www.nongyou.com.cn/ 案例如下: http://61.133.119.187:8091/newsymItemManage/Item1.aspx?id=1 http://222.135.76.147:8200/newsymItemManage/Item1.aspx?id=1 http://222.135.127.190:7200/newsymItemManage/Item1.aspx?id=1 http://221.2.149.47:8200/newsymItemManage/Item1.aspx?id=1...
IT-Grundschutz M4.020: Restriktive Attributvergabe bei Unix-Benutzerdateien und -verzeichnissen
IT-Grundschutz M4.020: Restriktive Attributvergabe bei Unix-Benutzerdateien und -verzeichnissen. Stand: 14. Ergaenzungslieferung 14. EL. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holder...