GHSA-MM5F-8Q57-4FC4 Video: Reflected XSS in plugin/Meet/iframe.php via Unescaped user and pass Parameters in JavaScript String Literal

Summary plugin/Meet/iframe.php echoes the attacker-controlled user and pass query parameters unescaped into a JavaScript double-quoted string literal inside a block. An attacker who sends a victim to a crafted URL can break out of the string and execute arbitrary JavaScript in the victim's browse...

TEM Opera Plus FM Family Transmitter 35.45 Cross Site Request Forgery Vulnerability

CSRF Change Forward Power: -------------------------...

CVE-2015-10063 saemorris TheRadSystem _login.php redirect sql injection

A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The identifier of the patch is...

Easy Social Icons < 3.1.4 - Admin+ SQL Injection

The plugin does not sanitize the selectedicons attribute to the cnsswidget before using it in an SQL statement, leading to a SQL injection vulnerability. PoC Author : Qerogram import requests from bs4 import BeautifulSoup BASEURL = "http://localhost:8000" id = "wordpress" pw = "wordpress" def...

Advertiz PHP Script 0.2 Cross Site Request Forgery

Exploit Title: Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Advertiz-PHP-Script--No-Accounts-Required--i-2.html Demo: http://dijiteol.com/demos/advertiz/...

Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)

Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin Exploit Title: Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link:...

Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)

Exploit Title: Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Advertiz-PHP-Script--No-Accounts-Required--i-2.html Demo: http://dijiteol.com/demos/advertiz/...

Western Digital MyBook Live Login Utility

This module simply attempts to login to a Western Digital MyBook Live instance using a specific user/pass. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...

Jenkins-CI Login Utility

This module attempts to login to a Jenkins-CI instance using a specific user/pass. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...

Snaps! Gallery 1.4.4 - Remote User Pass Change Exploit

No description provided by source. ?php / \|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ /...

AV Tutorial Script 1.0 - Remote User Pass Change Exploit

No description provided by source. ?php / \|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ /...

Comersus Shopping Cart <= 6.0 - Remote User Pass Exploit

No description provided by source. Title : Comersus Shopping Cart = v6 Remote User Pass Exploit Author : ajann from Turkey Contact : : S.Page : http://www.comersus.com/ $$ : Free Dork : Powered by Comersus v6 Shopping Cart DorkEx :...

Extcalendar <= 2 (profile.php) Remote User Pass Change Exploit

No description provided by source. form name=userform action=http://target/register.php method=post input name=step type=hidden value=regform tr td class='tableh2' colspan='2'Account Information/td /tr tr td class='tableb' width='160'Username/td td class='tableb' /td /tr tr td class='tableb'...

Enthrallweb eClassifieds 1.0 - Remote User Pass Change Exploit

No description provided by source. form action=target/myprofile.asp method=POST name=form2 p /p table align=center cellpadding=1 cellspacing=1 tr valign=baseline td align=right nowrap class=title Change Profile=Username input type=text name=MMrecordId value=ajann /td td input type=text...

WordPress Spiffy XSPF Player 0.1 SQL Injection

Exploit Title : Wordpress Spiffy XSPF Player plugin SQL Injection Exploit Author : Ashiyane Digital Security Team Home : www.ashiyane.org Security Risk : High Version : 0.1 Dork : inurl:wp-content/plugins/spiffy/playlist.php?playlistid=...

WordPress Kakao Theme SQL Injection

Exploit Title : Wordpress theme kakao Sql Injection Author : Iranian DataCoders Security Team Discovered By : sil3nt Home : www.datacoders.org/ Security Risk : High - SQL Injection Dork : inurl:themes/wilderness/gallery.php Expl0iTs : Target/wp-content/themes/kakao/sonHaberler.php?ID=sql D3m0 :...

InterPhoto Gallery 2.5.0 File Disclosure

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

India's Railway Email System hacked by Pakistan Cyber Army !

India's Railway Email System hacked by Pakistan Cyber Army ! The Indian Railway Email System is Hacked by Pakistan Cyber Army pca, They have taken complete backup of all important mails and user-pass of all email id's . Have a look to the images below as HACK PROOF and thier statement on this Hac...

WordPress Plugin Event Registration 5.32 - SQL Injection

WordPress Plugin Event Registration 5.32 - SQL Injection Wordpress Event Registration SQL injection Author: k3m4n9i Homepage: http://alko.web.id/ Date: 13 November, 2010 Software Information + Vendor : http://edgetechweb.com/ + Software Link: http://wordpress.org/extend/plugins/event-registration...

(Gabriels FTP Server) Open Compact FTP Server 1.2 - PORT Remote Denial of Service

Gabriels FTP Server Open Compact FTP Server 1.2 - PORT Remote Denial of Service ============================================================================= Tilte: Open&Compact Ftp Server 1.2 "PORT" command Remote Denial of Service...