Budabot 4.0 - Denial of Service Exploit

Exploit Title: Budabot 4.0 - Denial of Service PoC Date: 2018-10-15 Exploit Author: Ryan Delaney Author Contact: email protected Vendor Homepage: http://budabot.com/ Software Link: http://budabot.com/forum/viewtopic.php?f=8&t=1413 Version: 0.6 - 4.0 Tested on: 4.0 CVE: CVE-2018-19290 1. Descripti...

Budabot 4.0 Denial Of Service

4.0 Tested on: 4.0 CVE: CVE-2018-19290 1. Description In modules/HELPBOTMODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified...

Webiness Inventory 2.9 - Arbitrary File Upload

Webiness Inventory 2.9 - Arbitrary File Upload Exploit Title: Webiness Inventory 2.9 - Arbitrary File Upload Date: 2018-10-27 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 3145728 61 continue; 62 63 64 /...

Webiness Inventory 2.9 Shell Upload

Exploit Title: Webiness Inventory 2.9 Arbitrary File Upload Date: 10/27/2018 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 46 foreach $FILES as $file 47 $fileName = $file'name'; 48 $fileTmp =...

phptpoint Pharmacy Management System 1.0 - 'username' SQL injection

Exploit Title: phptpoint Pharmacy Management System 1.0 - 'username' SQL injection Date: 2018-10-24 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link: https://www.phptpoint.com/pharmacy-management-system/ Version: 1 Tested...

CVE-2018-17282

An issue was discovered in Exiv2 v0.26. The function Exiv2::DataValue::copy in value.cpp has a NULL pointer dereference...

CVE-2018-17229

Exiv2::d2Data in types.cpp in Exiv2 v0.26 allows remote attackers to cause a denial of service heap-based buffer overflow via a crafted image file...

Avaya one-X 9.x / 10.0.x / 10.1.x Arbitrary File Disclosure / Deletion

=============================== - Advisory - =============================== Tittle: one-X portal arbitrary OS file access Risk: High Date: 07.Ago.2018 Author: Pedro Andujar Twitter: @pandujar .: INTRO : one-X Portal for IP Office is an application that runs on a web server connected to the IP...

Twitter-Clone 1 - userid SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Twitter-Clone 1 - 'userid' SQL Injection Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 POC : SQLi vulnerable files : follow.php , index.php vulnerable...

Twitter-Clone 1 - 'userid' SQL Injection

Exploit Title: Twitter-Clone 1 - 'userid' SQL Injection Date: 2018-08-21 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 POC : SQLi vulnerable files : follow.php , index.php vulnerable parameters : userid , username 1...

OpenEMR 5.0.1.3 File Read / Write / Delete

Exploit Title: OpenEMR 5.0.1.3 - Arbitrary File Actions Date: 2018-08-14 Exploit Author: Joshua Fam Twitter : @Insecurity Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Version: 5.0.1.3 Tested on: Ubuntu LAMP, OpenEMR Version...

OpenEMR 5.0.1.3 - (Authenticated) Arbitrary File Actions

OpenEMR 5.0.1.3 - Authenticated Arbitrary File Actions Exploit Title: OpenEMR 5.0.1.3 - Arbitrary File Actions Date: 2018-08-14 Exploit Author: Joshua Fam Twitter : @Insecurity Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Versio...

restforce vulnerable to Improper Input Validation

A flaw in how restforce constructs URLs may allow an attacker to inject additional parameters into Salesforce API requests. Impact ------ This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods...

Insufficient URI encoding in restforce

A flaw in how restforce constructs URL's may allow an attacker to inject additional parameters into Salesforce API requests. Impact ------ This flaw is only exploitable in applications that pass user input directly to restforce's select, find, describe, update, upsert, and destroy methods...

Vanilla: jsConnect Plugin: Takeover of existing account

Description ----------- The current version 1.5.5 of the official jsConnect plugin allows the takeover of an existing account that wasn't created using SSO - eg a previously existing admin user - by registering an account with the same name using SSO. A successfull attack requires one request to ...

Khan Academy: POST XSS in https://www.khanacademy.org.tr/ via page_search_query parameter

Hey there, while testing your program I came across a XSS vulnerability in the search area of your website. The vector uses HTTP POST request and the parameter is "pagesearchquery"" on www.khanacademy.org.tr/arama.asp In the next topics I will demonstrate how you can reproduce the vulnerability...

Instagram Clone Script 2.0 Cross Site Scripting

Exploit Title: Instagram-clone Script 2.0 - Cross-Site Scripting Date: 2018-07-10 Exploit Author: L0RD Vendor Homepage: https://github.com/yTakkar/Instagram-clone Version: 2.0 CVE: CVE-2018-13849 Tested on: Kali linux POC : Persistent Cross site scripting : vulnerable file : editrequests.php...

phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)

Exploit Title: phpLDAPadmin 1.2.2 - 'serverid' LDAP Injection Username Google Dork:N/A Date: 21.06.2018 Exploit Author: Berk Dusunur Vendor Homepage: http://phpldapadmin.sourceforge.net Software Link: http://phpldapadmin.sourceforge.net Version: 1.2.2 Tested on: Pardus / Debian Web Server CVE : N...

Liberapay: Exploiting JSONP callback on /username/charts.json endpoint leads to information disclosure despite user's privacy settings

Hello! Vulnerability Details The /username/charts.json endpoint can return a JSONP callback due to the fact that jsonpdump is used in the file charts.json.spt. It appears that the content of the JSONP request depends on the authentication of the user. If the user enabled the privacy setting which...

Smartshop 1 SQL Injection

Exploit Title: Smartshop 1 - SQL Injection Date: 2018-06-02 Exploit Author: L0RD or [email protected] Software Link: https://github.com/smakosh/Smartshop/archive/master.zip Vendor Homepage: https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website Version: 1 Tested on...