Esotalk CMS 1.0.0g4 - Cross-Site Scripting

/ Exploit Title: esotalk cms topics xss vulnerability Google Dork: powered by esotalk Date: 2014-11-01 Vul Author: Evi1m0ff0000team Vul Advisory: http://www.hackersoul.com/post/ff0000-hsdb-0006.html Vendor Homepage: http://esotalk.org/ Software Link: http://esotalk.org/download Tested on: Linux /...

tinfoleak - Get detailed information about a Twitter user activity

tinfoleak is a simple Python script that allow to obtain: basic information about a Twitter user name, picture, location, followers, etc. devices and operating systems used by the Twitter user applications and social networks used by the Twitter user place and geolocation coordinates to generate ...

CVE-2014-5178

CVE-2014-5178 affects Easy File Sharing (EFS) Web Server 6.8. The vulnerability is cross-site scripting (XSS) triggered by the content parameter during topic creation or when posting an answer, exploitable by remote authenticated users. The provided documents do not specify a patch or a remediati...

ViArt CMS forum_topic_new.php forum_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36003/info ViArt CMS is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context ...

PHPTB Topic Board 2.0 admin_o.php absolutepath Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/14592/info PHPTB is prone to multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to...

JaxUltraBB <= 2.0 Topic Reply Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo JaxUltraBB v2.0 Topic Reply Command Execution Exploit\r\n; echo by BlackHawk [email protected]\r\n; echo Thanks to rgod for the php code and Marty for the Love\r\n; echo You need a valid Username and Password to get ...

phpBB Admin Topic Action Logging Mod <= 0.94b File Include Vuln

No description provided by source. / \ \ \ ,, / / '-./.-' .--' '--. / / /\ \ \ SpiderZ Hacking Security | | | | \ \ / / '..' Author: SpiderZ Admin Topic Action Logging Remote File Inclusion Vulnerability Version 0.95 Admin Topic Action Logging For: phpBB 2.0.x - 2.0.21 Site:...

RiotPix <= 0.61 (forumid) Blind SQL Injection Exploit

No description provided by source. ?php / $Id: riotpix-0.61.txt,v 0.1 2009/01/06 03:47:30 cOndemned Exp $ RiotPix = 0.61 forumid Blind SQL Injection Exploit Bug found && Exploited by cOndemned Download : http://www.riotpix.com/download/riotpix061.zip Description : It's just simple Blind SQL...

portalapp 4.0 (sql/xss/auth bypasses) Multiple Vulnerabilities

No description provided by source. Title: PortalApp 4.0 Multiple vulnerabilities Discovered By: r3dm0v3 http://r3dm0v3.persianblog.ir r3dm0v3 4t yahoodotcom Tehran - Iran Vendor: http://www.portalapp.com Vulnerable Version: 4.0, prior versions maybe vulnerable Remote Exploit: Yes Dork: Copyright...

DUware DUportal 3.4.3 Pro Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14029/info DUportal Pro is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful...

Adam Ismay Print Topic Mod 1.0 - SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10757/info Print Topic Mod is reportedly affected by a remote SQL injection vulnerability in the 'printview.php' script. This issue is due to a failure of the application to properly sanitize user-supplied URI parameter...

CVE-2014-3135

Multiple cross-site scripting XSS vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to privatemessage/new/, 2 the folderid parameter to a private message in privatemessage/view, 3 a fragment indicator to /help, or 4 the vie...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to privatemessage/new/, 2 the folderid parameter to a private message in privatemessage/view, 3 a fragment indicator to /help, or 4 the vie...

Discuz! X3. 1 Background to arbitrary code execution can take shell-vulnerability warning-the black bar safety net

See someone ask Discuz! X3. 1 Background how get shell, download it a look, before someone says HTML generation can take the shell, I yesterday the official website to download the version found, the static file extensions, limiting the htm/html. If the server does not exist parsing vulnerability...

CVE-2014-1914

Multiple cross-site scripting XSS vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the 1 topic parameter to sw/addtopic.php or 2 nick parameter to sw/chat/message.php...

CVE-2014-1914

Multiple cross-site scripting XSS vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the 1 topic parameter to sw/addtopic.php or 2 nick parameter to sw/chat/message.php...

Command School Student Management System - &#039;/sw/add_topic.php&#039; Cross-Site Request Forgery (Topic Creation)

source: https://www.securityfocus.com/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. A cross-site request forgery vulnerability 3. A cross-site scripting vulnerability 4. An HTML injection...

John CMS 5.1 Cross Site Scripting

Exploit Title : JohnCMS 5.1 Persistent XSS Vulnerability Author : DevilScreaM Date : 08/09/2013 Category : Web Applications Vendor : http://johncms.com/ Product Link : http://johncms.com/download/?cat=481 Version : 1.0 - 5.1 Dork intext:Powered by JohnCMS Vulnerability : Persistent XSS...

NanoBB 0.7 - Multiple Vulnerabilities

Exploit Title : NanoBB 0.7 Multiple Vulnerabilities Date : 10 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://nanobb.sourceforge.net/ Software Link : heanet.dl.sourceforge.net/project/nanobb/v0.7.zip Version : 0.7 Tested on : Window and Linux...

CVE-2012-4401

Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabilities...