Simple PHP Polling System - Multiple Vulnerabilities

Simple PHP Polling System - Multiple Vulnerabilities Exploit Title : Multiple Vulnerabilities in Simple PHP Polling System. Author : WICS Date : 05-Jan-2016 Software Link : http://sourceforge.net/projects/pollingsystem/ Overview : Simple PHP Polling System helps organizations to make polls of...

Simple PHP Polling System XSS / SQL Injection / Password Reset

Exploit Title : Multiple Vulnerabilities in Simple PHP Polling System. Author : WICS Date : 05-Jan-2016 Software Link : http://sourceforge.net/projects/pollingsystem/ Overview : Simple PHP Polling System helps organizations to make polls of different types of positions with a number of candidates...

Rejetto HTTP File Server 2.3.x Remote Code Execution

!/usr/bin/python Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 04-01-2016 Remote: Yes Exploit Author: Avinash Kumar Thapa aka "-Acid" Vendor Homepage: http://rejetto.com/ Software Link: http://sourceforge.net/projects/hfs/ Version: 2.3...

Notepad++ NPPFtp Plugin 0.26.3 - Buffer Overflow

Notepad++ NPPFtp Plugin 0.26.3 - Buffer Overflow Title : Notepad ++ NPPFtp Plugin Buffer Overflow Date : 19/12/2015 Author : R-73eN Tested on : NPPFtp 0.26.3 Latest Version Software : http://sourceforge.net/projects/nppftp/ Vendor : https://notepad-plus-plus.org/ | | / | / | / \ | | | || ' | | /...

html-templates.sourceforge.net XSS vulnerability

Vulnerable URL: http://html-templates.sourceforge.net/web-templates/how2/index.php?dir=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

PHP Address Book 8.2.5.2 SQL Injection Vulnerability

PHP Address Book version 8.2.5.2 suffers from a remote SQL injection vulnerability. Full Disclosure Exploit Title : PHP Address Book SQL Injection Vulnerability Exploit Author : Rahul Pratap Singh Date : 14/Nov/2015 Home Page Link : http://sourceforge.net/projects/php-addressbook/ Blog Url :...

Magmi Magento Zero Day Under Attack

A zero-day in a popular plugin for the Magento ecommerce platform is under attack. Attackers are using a few IP addresses to scan for vulnerable versions of Magmi, which is an open source database client that imports data into Magento. “We’ve seen a couple hundred requests for this specific attac...

Milw0rm Clone Script 1.0 Cross Site Scripting

Exploit Title: Milw0rm Clone Script 1.0 - XSS Vulnerability Date: 03.09.2015 Exploit Author: CrashBandicot @DosPerl Vendor Homepage: http://milw0rm.sourceforge.net/ Software Link: http://sourceforge.net/projects/milw0rm/files/milw0rm.rar/download Version: v1.0 Tested on: MSWin64 Vulnerable File :...

Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow (PoC)

Exploit Title: Mpxplay Multimedia Commander Stack-based BOF Date: 9/1/2015 Exploit Author: UnN0n Software Link: http://sourceforge.net/p/mpxplay/activity?source=projectactivity Version: V2.00a Tested on: Windows 7 x8632 BIT Steps to Produce the Crash: 1- open 'mpxpmmc.exe'. 2- Browser Crash.m3u i...

PHPWiki 1.5.4 Cross Site Scripting / Local File Inclusion

Title: phpwiki 1.5.4 - Cross Site Scripting / Local File Inclusion Date: 29.08.15 Vendor: sourceforge.net/projects/phpwiki/ Affected versions: = 1.5.4 current Tested on: Apache2.2 / PHP5 / Deb32 Author: Smash Contact: smash at devilteam.pl 1/ Cross Site Scripting Cross-site scripting vulnerabilit...

phpwiki 1.5.4 - Cross Site Scripting / Local File Inclusion Vulnerabilities

Exploit for php platform in category web applications Title: phpwiki 1.5.4 - Cross Site Scripting / Local File Inclusion Date: 29.08.15 Vendor: sourceforge.net/projects/phpwiki/ Affected versions: = 1.5.4 current Tested on: Apache2.2 / PHP5 / Deb32 Author: Smash Contact: smash at devilteam.pl 1/...

PHPfileNavigator 2.3.3 XSS / CSRF Vulnerabilities

PHPfileNavigator version 2.3.3 suffers from persistent and reflective cross site scripting and cross site request forgery vulnerabilities. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-PHPFILENAVIGATOR0812c.txt Vendo...

WideImage 11.02.19 Cross Site Scripting

WideImage Demo Code Cross Site Scripting XSS Description: WideImage is an object-oriented library for image manipulation. It requires PHP 5.2+ with GD2 extension. The library provides a simple way to loading, manipulating and saving images in the most common image formats. Type of vulnerability:...

PHPXMLRPC < 1.1 - Remote Code Execution

PHPXMLRPC Remote Code Execution Vendor: Useful Information Inc. Product: PHPXMLRPC Version: = 1.1 Website: http://phpxmlrpc.sourceforge.net/ BID: 14088 CVE: CVE-2005-1921 OSVDB: 17793 SECUNIA: 15852 PACKETSTORM: 38394 Description: PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-R...

PHPXMLRPC 1.1 - Remote Code Execution

PHPXMLRPC 1.1 - Remote Code Execution PHPXMLRPC Remote Code Execution Vendor: Useful Information Inc. Product: PHPXMLRPC Version: = 1.1 Website: http://phpxmlrpc.sourceforge.net/ BID: 14088 CVE: CVE-2005-1921 OSVDB: 17793 SECUNIA: 15852 PACKETSTORM: 38394 Description: PHPXMLRPC aka XML-RPC For PH...

charlix.sourceforge.net XSS vulnerability

Open Bug Bounty ID: OBB-68589 Description| Value ---|--- Affected Website:| charlix.sourceforge.net Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

XtMediaPlayer 0.93 (.wav) - Crash PoC

Exploit for windows platform in category dos / poc !/usr/bin/python + Author: SATHISH ARTHAR + Exploit Title: XtMediaPlayer - 0.93 Memory Corruption PoC + Date: 16-06-2015 + Category: DoS/PoC + Tested on: WinXp/Windows 7 + Vendor:...

XtMediaPlayer 0.93 - .wav Crash (PoC)

XtMediaPlayer 0.93 - .wav Crash PoC !/usr/bin/python + Author: SATHISH ARTHAR + Exploit Title: XtMediaPlayer - 0.93 Memory Corruption PoC + Date: 16-06-2015 + Category: DoS/PoC + Tested on: WinXp/Windows 7 + Vendor:...

Milw0rm Clone Script 1.0 - adminlogin.php Authentication Bypass

Milw0rm Clone Script 1.0 - adminlogin.php Authentication Bypass | Exploit Title: Milw0rm Clone Script v1.0 Auth Bypass SQL Injection Vulnerability | | Date: 06.13.2015 | | Exploit Daddy: Walid Naceri | | Vendor Homepage: http://milw0rm.sourceforge.net/ | | Software Link:...

Milw0rm Clone Script 1.0 - '/admin/login.php' Authentication Bypass

| Exploit Title: Milw0rm Clone Script v1.0 Auth Bypass SQL Injection Vulnerability | | Date: 06.13.2015 | | Exploit Daddy: Walid Naceri | | Vendor Homepage: http://milw0rm.sourceforge.net/ | | Software Link: http://sourceforge.net/projects/milw0rm/files/milw0rm.rar/download | | Version: v1.0 | |...