Complain Management System - Hard-Coded Credentials Blind SQL injection

Complain Management System - Hard-Coded Credentials Blind SQL injection Exploit Title : Complain Management System Blind SQL Injection Date: 10 October 2017 Exploit Author: havysec Tested on: ubuntu14.04 Vendor: https://sourceforge.net/projects/complain-management-system/ Version: not supplied...

Tiny HTTPd 0.1.0 - Directory Traversal

Tiny HTTPd 0.1.0 - Directory Traversal ====================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: Tiny HTTPd 0.1.0 Local File Traversal Date: 26-09-2017 Website: www.touhidshaikh.com Vulnerable Software: Tiny HTTPd Version...

WS-Attacker v1.8 - Modular Framework For Web Services Penetration Testing

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...

CVE-2017-12067

Potrace 1.14 has a heap-based buffer over-read in the interpolatecubic function in mkbitmap.c...

CVE-2017-11332

The startread function in wav.c in Sound eXchange SoX 14.4.2 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a crafted wav file...

CVE-2017-11720

There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file...

c78.sourceforge.net XSS vulnerability

Vulnerable URL: http://c78.sourceforge.net/html/bbs/flvmp4/player.swf?debug=alert/OPENBUGBOUNTY/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website...

APNGDis 2.8 - chunk size descriptor Heap Buffer Overflow Exploit

Exploit for multiple platform in category dos / poc Exploit Title: APNGDis chunk size descriptor Buffer Overflow Date: 14-03-2017 Exploit Author: Alwin Peppels Vendor Homepage: http://apngdis.sourceforge.net/ Software Link: https://sourceforge.net/projects/apngdis/files/2.8/ Version: 2.8 Tested o...

phplist 3.2.6 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected phplist 3.2.6 Product: Fixed in: 3.3.1 Fixed Version https://sourceforge.net/projects/phplist/files/phplist/3.3.1/ Link: phplist-3.3.1.zip/download Vendor Website: https://www.phplist.org/ Vulnerability XSS Type: Remote Yes...

MailZu 0.8RC3 Cross Site Scripting

Title: MailZu 0.8RC3 - Reflected Cross Site Scripting + Credits / Discovery: Nassim Asrir + Author Email: [email protected] + Author Company: Henceforth + Vendor: =============== https://sourceforge.net/ Product: =============== 0.8RC3 Download: ===========...

Roundcube 1.2.2: Command Execution via Email

The mirror on SourceForge counts more than 260,000 downloads for Roundcube in the last 12 months1 which is only a small fraction of the actual users. Once Roundcube is installed on a server, it provides a web interface for authenticated users to send and receive emails with their web browser. RIP...

NetCat 0.7.1 - Denial of Service

NetCat 0.7.1 - Denial of Service /usr/bin/python -- Coding: utf-8 -- GNU Netcat 0.7.1 - Out of bounds array write Access Violation by n30m1nd Date: 2016-11-19 Exploit Author: n30m1nd Vendor Homepage: http://netcat.sourceforge.net/ Software Link:...

phpWebAdmin 1.0 SQL Injection

!/usr/bin/perl -w phpWebAdmin Version 1.0 SQL Injection Proof Of Concept Exploit =============================================================== Discovered by NA , NAattutanota.com ======================================== Description ============ php web admin file and folder manager. currently...

OpenGB 1.2.3 Cross Site Scripting

OpenGB version 1.2.3 Cross Site Scripting XSS Vulnerability ================================================================= Discovered by NA, NAattutanota.com ====================================== Description ============ A simple PHP MySQL website guestbook, user friendly and easily...

OpenGB 1.2.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications OpenGB version 1.2.3 Cross Site Scripting XSS Vulnerability ================================================================= Discovered by NA, NAattutanota.com ====================================== Description ============ A simple PHP MySQL...

PHP Support Tickets 1.3 Local File Inclusion

PHPSTicketsv1.3 File Inclusion Vulnerability ================================================ Discovered by NA, NAattutanota.com ======================================= Description ============ PHP Support Tickets; will allow a webmaster the ability to offer its user base a means to contact its...

wxcode.sourceforge.net XSS vulnerability

Vulnerable URL: http://wxcode.sourceforge.net/showcomp.php?name=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...

uSQLite 1.0.0 - Denial of Service

uSQLite 1.0.0 - Denial of Service !/usr/bin/python Exploit Title: Remote buffer overflow vulnerability in uSQLite 1.0.0 PoC Date: 27/10/1016 Exploit Author: Peter Baris Software Link: https://sourceforge.net/projects/usqlite/?source=directory Version: 1.0.0 Tested on: windows 7 and XP SP3 Longer...

uSQLite 1.0.0 Denial Of Service

!/usr/bin/python Exploit Title: Remote buffer overflow vulnerability in uSQLite 1.0.0 PoC Date: 27/10/1016 Exploit Author: Peter Baris Software Link: https://sourceforge.net/projects/usqlite/?source=directory Version: 1.0.0 Tested on: windows 7 and XP SP3 Longer strings will cause heap based...

GIU Gallery File 1.0.2 SQL Injection Vulnerability

Exploit for php platform in category web applications GIU Gallery File 1.0.2 Upload SQL Injection Vulnerability ========================================================== Discovered by NA , NAattutanota.com ======================================== Description ============ Output and stored data...