11967 matches found
AutoWeb 3.0 SQL Injection
!/usr/bin/env python -- coding:utf-8 -- Title : AutoWeb v3.0 noticias.php idcat SQL Injection Exploit Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Download : http://www.multdivision.com.br Demo : http://www.cbnmogi.com.br Other Vuln. :...
IPFire - CGI Web Interface (Authenticated) Bash Environment Variable Code Injection
!/usr/bin/env python Exploit Title : IPFire = 2.15 core 82 Authenticated cgi Remote Command Injection ShellShock Exploit Author : Claudio Viviani Vendor Homepage : http://www.ipfire.org Software Link: http://downloads.ipfire.org/releases/ipfire-2.x/2.15-core82/ipfire-2.15.i586-full-core82.iso Dat...
PayPal Inc BB #53 - Multiple Persistent Vulnerabilities
Document Title: =============== PayPal Inc BB 53 - Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=835 Release Date: ============= 2014-09-29 Vulnerability Laboratory ID VL-ID: ==================================== 835...
Linux/x86 - Add map in /etc/hosts file
Linux/x86 - Add map in /etc/hosts file. Shellcode exploit for linx86 platform / ;modifyhosts.asm ;this program add a new entry in hosts file pointing google.com to 127.1.1.1 ;author Javier Tejedor ;date 24/09/2014 global start section .text start: xor ecx, ecx mul ecx mov al, 0x5 push ecx push...
PayPal Inc BB #71 PPM - Persistent Filter Vulnerability
Document Title: =============== PayPal Inc BB 71 PPM - Persistent Filter Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=870 PayPal Security UID: Roc83bl Release Date: ============= 2014-09-24 Vulnerability Laboratory ID VL-ID:...
Wordpress WP Support Plus Responsive Ticket System 2.0 Plugin - Multiple Vulnerabilities
No description provided by source. Exploit Title: Wordpress WP Support Plus Responsive Ticket System 2.0 Plugin - Multiple Vulnerabilities Google Dork: N/A Date: 09.09.2014 Exploit Author: Fikri Fadzil - [email protected] Vendor Homepage - http://wpsuportplus.byethost7.com/ Softwar...
Comodo Internet Security - HIPS/Sandbox Escape
Exploit: http://www.joxeankoret.com/download/comodosandboxescape/sandboxtest1.tar.gz Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/34648.tar.gz sandboxtest1.tar.gz Video: http://www.joxeankoret.com/download/comodosandboxescape/video/sandboxescape1.htm...
Two final thoughts from the PCI Community Meeting
The 2014 North American PCI Community Meeting has drawn to a close, but the messages and lessons learned will continue to resonate with me long after Ive returned home to Denver. There were two messages from the SSC this week that really struck a chord with me and I wanted to expand on why I thin...
ALCASAR 2.8 - Remote Code Execution
!/usr/bin/env python -- coding: utf-8 -- ALCASAR = 2.8 Remote Root Code Execution Vulnerability Author: eF Date : 2014-02-10 db 88 ,ad8888ba, db ad88888ba db 88888888ba d88b 88 d8"' "8b d88b d8" "8b d88b 88 "8b d8'8b 88 d8' d8'8b Y8, d8'8b 88 ,8P d8' 8b 88 88 d8' 8b Y8aaaaa, d8' 8b 88aaaaaa8P'...
WooCommerce Store Exporter 1.7.5 - Multiple XSS Vulnerabilities
No description provided by source. Exploit Title: WooCommerce Store Exporter v1.7.5 Stored XSS Google Dork: inurl:"woocommerce-exporter" Date: 26/08/2014 Exploit Author: Mike Manzotti @ Dionach Vendor Homepage: http://www.visser.com.au/plugins/store-exporter/ Software Link:...
Arachni Web Application Scanner 0.4.7 Cross Site Scripting
Title: Arachni Web Application Scanner Web UI Stored XSS Vulnerability CVE: 2014-5469 Vendor Homepage: http://www.arachni-scanner.com/ Author: Prakhar Prasad Author Homepage: https://prakharprasad.com Reference: https://github.com/Arachni/arachni-ui-web/issues/71 Affected Version: Arachni...
Furniture Site Manager SQL Injection
Furniture Site Manager = Remote productid SQL Injection Vulnerability My + Author : KnocKout Contact : [email protected] onlymail HomePage : http://h4x0resec.blogspot.com - http://cyber-warrior.org GREETZ : DaiMon,BARCOD3UnDeRTaKeR Say: Görmeyeli nasýlsýnýz beyler? xoron hala buralarý takip...
glibc Off-by-One NUL Byte gconv_translit_find Exploit
glibc gconvtranslitfind single-fixed-byte heap metadata overflow local root exploit for Fedora 20 32-bit. This issue is not specific to Fedora, but the proof of concept is specifically for Fedora 20 32-bit. // --------------------------------------------------- // CVE-2014-5119 glibc...
Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities
Exploit Title: Pro Chat Rooms v8.2.0 - Multiple Vulnerabilities Google Dork: intitle:"Powered by Pro Chat Rooms" Date: 5 August 2014 Exploit Author: Mike Manzotti @ Dionach Ltd Vendor Homepage: http://prochatrooms.com Software Link: http://prochatrooms.com/software.php Version: v8.2.0 Tested on:...
Sql injection
Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and earlier allow remote authenticated users with certain permissions to execute arbitrary SQL commands via the rootnode parameter in the displaychildren function to 1 getrequirementnodes.php or 2 gettprojectnodes.php in lib/ajax/;...
CmsEasy最新版5.5_UTF-8_20140802绕过四次补丁继续SQL注入
简要描述: CmsEasy最新版5.5UTF-820140802绕过四次补丁继续SQL注入 详细说明: CmsEasy最新版5.5UTF-820140802,前面被雨神饶了三次 WooYun: cmseasy绕过补丁SQL注入一枚 WooYun: 继续绕过cmseasy补丁继续注入 WooYun: 持续绕过cmseasy两次补丁继续注入 最新的里面也修复了,但是修复不完整,这是第四次补丁了 继续绕过,进行SQL注入 来看看文件:archiveact.php function respondaction includeonce ROOT . '/lib/plugins/pay/'...
Ubiquiti UbiFi / mFi / AirVision - CSRF Vulnerability
Exploit for hardware platform in category web applications function sendCSRF var urlbase = "https://192.168.0.106:8443/api/add/admin" var postdata="%7B%22name%22%3A%22csrf%22%2C%22lang%22%3A%22enUS%22%2C%22xpassword%22%3A%22csrf%22%7D" var xmlhttp; xmlhttp = new XMLHttpRequest; xmlhttp.open"POST"...
D-Link AP 3200 Multiple Vulnerabilities
Exploit for hardware platform in category web applications Those vulnerabilities have only been tested on the D-Link AP 3200 serie but other series 8600, 7700, 2700, .. might also be vulnerable. 1. Unauthenticated request to change Wireless settings To do so, you just need to craft a specific POS...
Cisco IOS XE PPPoE Packet DoS (CSCuo55180)
According to its self-reported version, the remote IOS device is affected by a denial of service vulnerability. The issue is due to improper processing of malformed PPPoE packets. A remote attacker, with a specially crafted PPPoE packet, could cause the device to reboot. TRUSTED...
Lian Li NAS - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Exploit Title: Lian Li NAS Multiple vulnerabilities Date: 21/07/2014 Exploit Author: pws Vendor Homepage: http://www.lian-li.com/en/dtportfoliocategory/nas/ Firmware Link: https://www.dropbox.com/s/imvkndl8m5yj7qp/G5S604121826700.tar.gz...