130 matches found
CVE-2021-24867
Numerous Plugins and Themes from the AccessPress Themes aka Access Keys vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to...
OpenCart Core 4.0.2.3 SQL Injection
Exploit Title: OpenCart Core 4.0.2.3 - 'search' SQLi Date: 2024-04-2 Exploit Author: Saud Alenazi Vendor Homepage: https://www.opencart.com/ Software Link: https://github.com/opencart/opencart/releases Version: 4.0.2.3 Tested on: XAMPP, Linux Contact: https://twitter.com/dmaral3noz Description :...
Juniper Networks Junos OS 安全漏洞
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Junos OS. Details of the vulnerability are not available at this time, bu...
Atomic Alarm Clock 6.3 - Stack Overflow (Unicode+SEH)
Exploit Title: Atomic Alarm Clock 6.3 - Stack Overflow Unicode+SEH Exploit Author: Bobby Cooke Date: 2020-04-17 Vendor: Drive Software Company Vendor Site: http://www.drive-software.com Software Download: http://www.drive-software.com/download/ataclock.exe Tested On: Windows 10 - Pro 1909 x86...
Restaurant Management System 1.0 - Remote Code Execution
Restaurant Management System 1.0 - Remote Code Execution Exploit Title: Restaurant Management System 1.0 - Remote Code Execution Date: 2019-10-16 Exploit Author: Ibad Shah Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link:...
Uber: Unauthorized access to █████████.com allows access to Uber Brazil tax documents and system.
A website operated by an Uber vendor, allowed any unauthenticated user to access pages within the site. Due to the site's purpose, this vulnerability could expose sensitive information. This was a interesting vulnerability as the site did not have any sensitive information that I could find, but...
Uber: SQLI on desafio5estrelas.com
Vendor created and managed site desafio5estrelas.com had a SQLI vulnerability which could potentially expose sensitive data. A time-based blind MYSQL SQLI vulnerability existed at the endpoint https://desafio5estrelas.com/login in the URL parameters "codigo". Basic SQLI that was found on an uber...
CirCarLife SCADA 4.3.0 - Credential Disclosure
Exploit Title: CirCarLife SCADA 4.3.0 - Credential Disclosure Date: 2018-09-10 Exploit Author: David Castro Vendor Homepage: https://circontrol.com/ Shodan Dork: Server: CirCarLife Server: PsiOcppApp Version: CirCarLife Scada all versions under 4.3.0 OCPP implementation all versions under 1.5.0 C...
Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in Whitelist/Blacklist
Exploit Title: Pi-Hole Web Interface Stored XSS in White/Black list file Author: loneferret from Kioptrix Product: Pi-Hole Version: Web Interface 1.3 Web Interface software: https://github.com/pi-hole/AdminLTE Version: Pi-Hole v2.8.1 Discovery date: July 20th 2016 Vendor Site: https://pi-hole.net...
MyBB 1.6.x / 1.8.x Tags Cross Site Scripting
@@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@...
Cyclope Employee Surveillance 8.6.1 Insecure File Permissions
Author: loneferret of Offensive Security Product: Cyclope Employee Surveillance Solution again Version: = 6.8.1 Vendor Site: http://www.cyclope-series.com/ Software Download: http://www.cyclope-series.com/download/index.html Link: http://www.cyclope-series.com/setups/setup.exe Software descriptio...
MooPlayer 1.3.0 - m3u SEH Buffer Overflow PoC
Exploit for windows platform in category local exploits !/usr/bin/env python Exploit Title: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC Date Discovered: 09-02-2015 Exploit Author: Samandeep Singh SaMaN - @samanL33T Vulnerable Software: Moo player 1.3.0 Software Link: https://mooplayer.jaleco.co...
MooPlayer 1.3.0 - 'm3u' Buffer Overflow (SEH) (PoC)
!/usr/bin/env python Exploit Title: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC Date Discovered: 09-02-2015 Exploit Author: Samandeep Singh SaMaN - @samanL33T Vulnerable Software: Moo player 1.3.0 Software Link: https://mooplayer.jaleco.com/ Vendor site: https://mooplayer.jaleco.com/ Version:...
Xshopsaz CMS Cross Site Scripting / SQL Injection
@@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@...
STI-CS Cross Site Scripting
@@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@...
Web3news <= 0.95 (PHPSECURITYADMIN_PATH) Remote Include Vuln
No description provided by source. ============================================================================================== Web3news = v0.95 PHPSECURITYADMINPATH Remote File Inclusion Exploit ===============================================================================================...
Tycoon CMS Record Script 1.0.9 - SQL Injection Vulnerability
No description provided by source. % TycoonCMS Record Script Sql vulnerability ------------------------------------------------------------------------------- 0 | | | | | | TM 1 | | | | | | 0 | / | ' \ / | ' \ / |/ | |/ / \ '| ' \ / \ | 1 / / | | | | / | | | | | | | / | | | | | / | 0 //|| |||...
Quest Toad for Oracle Explain Plan Display ActiveX Control (QExplain2.dll 6.6.1.1115) Remote File Creation / Overwrite PoC
No description provided by source. !-- Quest Toad for Oracle Explain Plan Display ActiveX Control QExplain2.dll 6.6.1.1115 Remote File Creation / Overwrite vendor site: http://www.quest.com/ file tested: QuestToad-Development-Suite-for-Oracle110R2.exe CLSID: F7014877-6F5A-4019-A3B2-74077F2AE126...
syndeocms 2.8.02 - Multiple Vulnerabilities
No description provided by source. ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 4 0day | | | | || / \ || | | | || ||// \/|/ ''' Title : syndeocms 2.8.02 Multiple Vulnerabilities Affected Version : syndeocms = 2.8.02 Vendor Site :...
vbLOGIX Tutorial Script <= 1.0 (cat_id) SQL Injection Vulnerability
No description provided by source. ===================================================================================================== vbLOGIX Tutorial Script = v1.0 catid Remote SQL Injection Exploit...