ZCMS 1.1 Cross Site Scripting / SQL Injection Vulnerabilities

ZCMS version 1.1 suffers from cross site scripting and remote SQL injection vulnerabilities. + Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-ZCMS0612.txt Vendor: =============================================...

ZCMS 1.1 - Multiple Vulnerabilities

Exploit for jsp platform in category web applications Exploit Title: SQL Injection & Persistent XSS Google Dork: intitle: SQL Injection & Persistent XSS Date: 2015-06-12 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: zencherry.com Software Link:...

ZCMS 1.1 - Multiple Vulnerabilities

Exploit Title: SQL Injection & Persistent XSS Google Dork: intitle: SQL Injection & Persistent XSS Date: 2015-06-12 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: zencherry.com Software Link: sourceforge.net/projects/zencherrycms Version: 1.1 Tested on:...

Milw0rm Clone Script 1.0 - 'related.php?program' Blind SQL Injection

| Exploit Title: Milw0rm Clone Script v1.0 - time based SQLi | | Date: 05.19.2015 | | Exploit Daddy: pancaker | | Vendor Homepage: http://milw0rm.sourceforge.net/ | | Software Link: http://sourceforge.net/projects/milw0rm/files/milw0rm.rar/download | | Version: v1.0 | | Tested On: Ubuntu 10.04 | ...

CmyDocument CMS Database Disclosure

!/usr/bin/perl -w CmyDocument Content Management Database Disclosure Exploit Author : indoushka Vondor : http://sourceforge.net/projects/cmydocument/ use LWP::Simple; use LWP::UserAgent; system'cls'; system'CmyDocument Content Management Database Disclosure Exploit'; system'color a'; if@ARGV new;...

pppBLOG 0.3.11 Cross Site Scripting / Access Bypass

pppBLOG v 0.3.11 Mullti Vulnerability ===================================== Author : indoushka Vondor : http://pppblog.sourceforge.net/ Dork : powered by pppBLOG v 0.3.11 ========================= By pass : http://127.0.0.1/pppblog/testtimeout.php Backup : http://127.0.0.1/pppblog/backup/ Xss :...

Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities

Exploit Title: FiyoCMS Multiple Vulnerabilities Date: 29 March 2015 Exploit Author: Mahendra Vendor Homepage: www.fiyo.org Software Link: http://sourceforge.net/projects/fiyo-cms/ Version: 2.0.1.8, other version might be vulnerable. Tested : Kali Linux 1.0.9a-amd64 CVEs:...

An Open Source SIP Sniffer: pcapsipdump

An open-source libpcap-based SIP sniffer with per-call sorting capabilities. Listens on a network interface and saves SIP/RTP sessions to files. Each session goes in a separate, fancy-named .pcap file. Those could be opened with tcpdump, wireshark and friends. SIP/RTP sessions are written to disk...

Magento Server MAGMI Plugin - Multiple Vulnerabilities

Magento Server MAGMI Plugin - Multiple Vulnerabilities Exploit Title: Magento Server MAGMI Plugin Local File Inclusion And Cross Site Scripting Software Link: http://sourceforge.net/projects/magmi/ Author: SECUPENT Website:www.secupent.com Email: researchatsecupentdotcom Date: 5-2-2015 ExploitLoc...

Magento Server MAGMI Plugin - Multiple Vulnerabilities

Exploit Title: Magento Server MAGMI Plugin Local File Inclusion And Cross Site Scripting Software Link: http://sourceforge.net/projects/magmi/ Author: SECUPENT Website:www.secupent.com Email: researchatsecupentdotcom Date: 5-2-2015 ExploitLocal file inclusion :...

OpenSchool Community Edition 2.2 XSS / Access Bypass

Exploit Title: OpenSchool Community Edition version 2.2 Multiple Vulnerabilities Date: 25 January 2015 Exploit Author: Mahendra Vendor Homepage: www.open-school.org Software Link: http://sourceforge.net/projects/fiyo-cms/ Full version demo: http://www.tryopenschool.com Version: 2.2 Tested : Kali...

PHP Address Book Cross Site Scripting / SQL Injection

Exploit Title : PHP Address Book SQL Injection and xss vulnerability Author : Manish Kishan Tanwar Home page Link : http://sourceforge.net/projects/php-addressbook/ Date : 01/01/2015 Discovered at : IndiShell Lab Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,jagriti,Kishan Singh and...

[SECURITY] Fedora 19 Update: nrpe-2.15-2.fc19

Nrpe is a system daemon that will execute various Nagios plugins locally on behalf of a remote monitoring host that uses the checknrpe plugin. Various plugins that can be executed by the daemon are available at: http://sourceforge.net/projects/nagiosplug This package provides the core agent...

Tiny Server 1.1.9 Arbitrary File Disclosure

!/usr/bin/perl -w Title : Tiny Server v1.1.9 Arbitrary File Disclosure Exploit Download : http://tinyserver.sourceforge.net/tinyserverfull.zip Author : ZoRLu / [email protected] Website : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Test : Windows7 Ultimat...

Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:228)

Multiple vulnerabilities has been discovered and corrected in phpmyadmin : - Multiple XSS vulnerabilities CVE-2014-8958. - Local file inclusion vulnerability CVE-2014-8959. - XSS vulnerability in error reporting functionality CVE-2014-8960. - Leakage of line count of an arbitrary file...

Restaurant Script (PizzaInn Project) - Persistent Cross-Site Scripting

Restaurant Script PizzaInn Project - Persistent Cross-Site Scripting Title: Pizza Inn Registration Stored XSS Severity: High CVE-ID: CVE-2014-6619 Release Date: 20 September 2014 Author: Kenneth F. Belva Websites: http://silverbackventuresllc.com http://xssWarrior.com http://securitymaverick.com...

Exponent CMS 2.3.0 Cross Site Scripting

Title: exponent-2.3.0 CMS index.php POST Reflected XSS Severity: High CVE-ID: To Be Assigned Release Date: 20 September 2014 Author: Kenneth F. Belva Websites: http://silverbackventuresllc.com http://xssWarrior.com http://securitymaverick.com Twitter: @infosecmaverick Contact: Please use website...

PHP Stock Management System 1.02 - Multiple Persistent Cross Site Scripting Vulnerabilities

No description provided by source. ​ Exploit Title: Multiple Persistent Cross Site Scripting Vulnerabilities in PHP Stock Management System 1.02 Date: 25 Aug 2014 Exploit Author: ​Ragha Deepthi K R Vendor Homepage: ​http://www.posnic.com/​ Software Link:​...

Phpwiki Ploticus Remote Code Execution Exploit

The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via command injection. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Phpwiki Ploticus Remote...

Phpwiki Ploticus Remote Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Phpwiki Ploticus Remote Code Execution', 'Description' = %q The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute...