Malicious code in fatidra-nutayua-tartu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 61d6d208d9963367c9ff8914cd85867c975b986d4faa4bd58dc71f4ad81a8c3a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

WordPress FV Flowplayer 7.2.0.727 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Reflected XSS in FV Flowplayer Wordpress plugin ================================================================ Author: Janek Vind "waraxe" Date: 20. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-107.html Target...

Invision Power Board <= 2.3.5 - Remote SQL Injection Exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IPB = 2.3.5 sql injection exploit // Version 1.0 // written by Janek Vind waraxe // Estoni...

Saurus CMS 4.7.1 Multiple Vulnerabilities

Saurus CMS version 4.7.1 suffers from cross site scripting, remote file inclusion, local file inclusion, information disclosure, remote SQL injection, HTTP response splitting, cross site request forgery, and directory traversal vulnerabilities. Saurus CMS 4.7.1 LFI / RFI / XSS / SQL Injection /...

Spider Event Calendar 1.3.0 Cross Site Scripting / Path Disclosure / SQL Injection

waraxe-2013-SA104 - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-104.html Descriptio...

phpMyAdmin 3.5.7 Cross Site Scripting Vulnerability

phpMyAdmin version 3.5.7 suffers from a reflective cross site scripting vulnerability. Reflected XSS in phpMyAdmin 3.5.7 ==================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html...

phpMyAdmin 3.5.7 Cross Site Scripting

waraxe-2013-SA102 - Reflected XSS in phpMyAdmin 3.5.7 =============================================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html Description of vulnerable software: phpMyAdmi...

PHP-Fusion 7.02.05 XSS / LFI / SQL Injection Vulnerabilities

PHP-Fusion version 7.02.05 suffers from insecure backup handling, cross site scripting, local file inclusion, and remote SQL injection vulnerabilities. Multiple Vulnerabilities in PHP-Fusion 7.02.05 ===================================================== Author: Janek Vind "waraxe" Date: 27. Februa...

WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite

waraxe-2012-SA094 - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin ============================================================================================= Author: Janek Vind "waraxe" Date: 24. October 2012 Location: Estonia, Tartu Web:...

WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite

WordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities. Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin...

WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities

WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities waraxe-2012-SA093 - Multiple Vulnerabilities in Wordpress Social Discussions Plugin ====================================================================================== Author: Janek Vind "waraxe" Date: 17. October 2012...

Invision Power Board 3.3.0 Local File Inclusion

waraxe-2012-SA086 - Local File Inclusion in Invision Power Board 3.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-86.html CVE:...

Invision Power Board 3.3.0 Local File Inclusion

Exploit for php platform in category web applications Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-86.html CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2226 Description of vulnerable software: Invision Power Board...

Uploadify 2.1.4 Cross Site Scripting / Shell Upload

waraxe-2012-SA083 - Multiple Vulnerabilities in Uploadify 2.1.4 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-83.html Description of vulnerable software:...

Coppermine 1.5.18 Multiple Vulnerabilities

Exploit for php platform in category web applications Author: Janek Vind "waraxe" Date: 29. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-81.html Affected Software: Coppermine is a multi-purpose fully-featured and integrated web picture gallery script written in PHP using...

NextBBS 0.6.0 Authentication Bypass / SQL Injection / XSS

waraxe-2012-SA080 - Multiple Vulnerabilities in NextBBS 0.6.0 =============================================================================== Author: Janek Vind "waraxe" Date: 27. March 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-80.html Description of vulnerable software:...

Invision Power Board <= 2.3.5 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================================== Invision Power Board = 2.3.5 Remote SQL Injection Exploit ========================================================== ?php errorreportingEALL;...

Invision Power Board &lt;= 2.3.5 Remote SQL Injection Exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IPB = 2.3.5 sql injection exploit // Version 1.0 // written by Janek Vind "waraxe" //...

[waraxe-2007-SA#058] - Critical Sql Injection in NukeSentinel 2.5.12

waraxe-2007-SA058 - Critical Sql Injection in NukeSentinel 2.5.12 ==================================================================== Author: Janek Vind "waraxe" Date: 27. September 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-58.html Target software description: Developer:...

waraxe-2007-SA054.txt

waraxe-2007-SA054 - Local File Inclusion in Dance Music module for phpNuke ============================================================================ Author: Janek Vind "waraxe" Date: 25. September 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-54.html Target software...