1370 matches found
Wordpress grapefile plugin <= 1.1 - Arbitrary File Upload
No description provided by source. Title: Wordpress grapefile plugin = 1.1 Arbitrary file upload Date: 30-8-2011 Author: Hrvoje Spoljar hrvoje.spoljaratgmail.com Version: 1.1 Software link:http://wordpress.org/extend/plugins/grapefile/ PoC: curl -F [email protected]...
Seagull PHP Framework <= 0.6.4 (fckeditor) Arbitrary File Upload Exploit
No description provided by source. ?php / ------------------------------------------------------------------------ Seagull PHP Framework = 0.6.4 fckeditor Arbitrary File Upload Exploit ------------------------------------------------------------------------ author...: EgiX mail.....:...
WordPress Random Banner 1.1.2.1 Cross Site Scripting
Exploit Title : Wordpress random-banner.1.1.2.1 Cross Site Scripting Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://wordpress.org/plugins/random-banner/ Software Link : http://downloads.wordpress.org/plugin/random-banner.1.1.2.1.zip Date : 2014-06-28 Tested on : Windows ...
WordPress Easy Banners 1.4 Cross Site Scripting
Exploit Title : Wordpress easy-banners.1.4 Cross Site Scripting Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://wordpress.org/plugins/easy-banners/ Software Link : http://downloads.wordpress.org/plugin/easy-banners.1.4.zip Date : 2014-06-28 Tested on : Windows 7 / Mozilla...
CVE-2013-1668
The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file. Recent assessments: wchen-r7 at September 12, 2019 6:08pm UTC reported: In fact, doesn’t seem like the user shoul...
Python - Interpreter Heap Memory Corruption (PoC)
Python - Interpreter Heap Memory Corruption PoC Title: Python Interpreter Heap Memory Corruption Date: Sun, 30 Mar 2014 20:09:44 -0400 Vulnerability Discovered By : Unknown Proof of Concept : Debasish Mandal https://twitter.com/debasishm89 Software Link: https://www.python.org/ Version: All , Fix...
Crime24 Stealer Panel 1.0 - Multiple Vulnerabilities
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | \ | | | \ | | | |/ | / | | | | |/ / \ | | | |/ | ' \ | || | | | \ \ || | Twitter @TheHackersBay Pentester / Underground hacker Exploit Title: Crime24 Stealer Panel &in=1&search=Search Example: http://i.imgur.com/zyIr5xv.png...
Crime24 Stealer Panel 1.0 - Multiple Vulnerabilities
Crime24 Stealer Panel 1.0 - Multiple Vulnerabilities =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | \ | | | \ | | | |/ | / | | | | |/ / \ | | | |/ | ' \ | || | | | \ \ || | Twitter @TheHackersBay Pentester / Underground hacker Exploit Title: Crime24 Stealer Panel...
Memory corruption
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. NOTE: this iss...
Madss Software Solution SQL Injection
Exploit Title : Developed by Madss Software Solution Login page Bypass Vulnerability Exploit Author : Ashiyane Digital Security Team Vendor Homepage : http://madsssoftwaresolution.com Tested on: Windows 7 , Linux Google Dork : intext:"Developed by Madss Software Solution Pvt. Ltd." Date: 2014/4/1...
Catia V5-6R2013 "CATV5_Backbone_Bus" - Stack Buffer Overflow
A stack buffer overflow occurs when copying a user supplied input to a fixed size stack buffer. The copying procedure stops when a null byte is found and no size check is proceeded. The same copying pattern is used for more than one time in the vulnerable procedure but only the below one can be...
Catia V5-6R2013 - 'CATV5_Backbone_Bus' Stack Buffer Overflow (PoC)
''' Title: Dassault Syst�mes Catia V5-6R2013 "CATV5BackboneBus" Stack Buffer Overflow Date: 2-18-2014 Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage: http://www.3ds.com/products-services/catia/portfolio/catia-v5/latest-release/ Tested on: Windows 7 & Windows XP...
Easy POS System SQL注入漏洞
No description provided by source. 1 Sql Injection POST Time Based Blind Note: Time based Injection on POST requests using burp, as output indicated. You might use ‘sqlmap -l’ to load it though. PoC: POST /login.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Linux i686; rv:22.0...
Simple E-Document 1.31 SQL Injection
Exploit: Simple e-document v1.31 Login Bypass + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777sec + version: Simple e-document v1.31 + Vendor Homepage: http://sourceforge.net/projects/simplee-doc/files/ 1 Sql Injection on username field PoC: username=-4731' OR 2708=2708 Burp...
Simple e-document 1.31登录绕过漏洞
No description provided by source. 1 Sql Injection on username field PoC: username=-4731' OR 2708=2708 Burp output POST /simpleedocumentv131/login.php HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Linux i686; rv:22.0 Gecko/20100101 Firefox/22.0 Iceweasel/22.0 Accept:...
mySeatXT 0.2134 - SQL Injection
mySeatXT 0.2134 - SQL Injection + Exploit: mySeatXT 0.2134 + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/myseat 1 Sql Injection PoC: http://localhost/mySeatXT/web/ajax/autocompleteres.php?term=99' 'SQL INJECT' Vulnerable Code...
Easy POS System - 'login.php' SQL Injection
Exploit: Easy POS System - SQL Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/easypossystem/ 1 Sql Injection POST Time Based Blind Note: Time based Injection on POST requests using burp, as output indicated. You...
Cells Blog 3.3 - Reflected Cross-Site Scripting Blind SQLite Injection
Cells Blog 3.3 - Reflected Cross-Site Scripting Blind SQLite Injection + Exploit: Cells v3.3 XSS Reflected & Blind SQLite Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + version: Cells Blog 3.3 + Vendor Homepage: http://cells.tw + 14/01/2014 vendor contacted +...
mySeatXT 0.2134 - SQL Injection Vulnerability
Exploit for php platform in category web applications + Exploit: mySeatXT 0.2134 + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/myseat 1 Sql Injection PoC: http://localhost/mySeatXT/web/ajax/autocompleteres.php?term=99' 'SQL...
mySeatXT 0.2134 - SQL Injection
Exploit: mySeatXT 0.2134 + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + Vendor Homepage: http://sourceforge.net/projects/myseat 1 Sql Injection PoC: http://localhost/mySeatXT/web/ajax/autocompleteres.php?term=99' 'SQL INJECT' Vulnerable Code: + autocompleteres.php $sql =...