Kagao 3.0 - Multiple Vulnerabilities

Kagao 3.0 - Multiple Vulnerabilities Application Name : Kagao v3.0 - Professional Classified Market Google Dork : inurl:/cat1.php?id2= Exploit Author : Cyber Warrior | Bug Researchers Group | N4TuraL Vendor Homepage : http://kogaoscript.com/ Vulnerable Type : SQL Injection & Cross Site Scripting...

WordPress Ultimate Product Catalog 3.8.6 Shell Upload

Exploit Title: Wordpress Ultimate-Product-Catalog v3.8.6 Arbitrary file RCE Date: 2016-06-23 Google Dork: Index of /wp-content/plugins/ultimate-product-catalogue/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Vendor Homepage: http://www.EtoileWebDesign.com/ plugin uri:...

Netgear ReadyNAS Remote Code Execution

Unauthenticated Remote Command Execution in Netgear ReadyNAS Surveillance ========================================================================= Product Description =================== Netgear ReadyNAS Surveillance is a NVR Network Video Recorder available for Netgear NAS systems. Vulnerabilit...

Centreon 2.5.3 - Remote Command Execution

Centreon 2.5.3 - Remote Command Execution Unauthenticated Remote Command Execution in Centreon Web Interface ================================================================== Description =========== Centreon is a popular monitoring solution. A critical vulnerability has been found in the Centreo...

CVE-2016-2049

examples/consumer/common.php in JanRain PHP OpenID library aka php-openid improperly checks the openid.realm parameter against the SERVERNAME element in the SERVER superglobal array, which might allow remote attackers to hijack the authentication of arbitrary users via vectors involving a crafted...

WordPress Appointment Booking Calendar 1.1.24 SQL Injection

Exploit Title: WordPress appointment-booking-calendar =1.1.24 - SQL injection through ´addslashes´ wordpress ´wpmagicquotes´ function Date: 2016-01-28 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez now i0 security-lab...

WordPress Appointment Booking Calendar 1.1.23 SQL Injection

Exploit Title: WordPress appointment-booking-calendar =1.1.23 - Unauthenticated SQL injection Date: 2016-01-26 Google Dork: Index of /wordpress/wp-content/plugins/appointment-booking-calendar/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY --now i0 security-lab Software Link:...

SSO Authentication Bypass and Website Takeover in DOKEOS

High-Tech Bridge Security Research Lab discovered a high-risk vulnerability in a popular e-learning software DOKEOS. A remote unauthenticated attacker can bypass authentication process and login to the vulnerable website with an arbitrary account including administrator's one. Successful...

PHP Melody CMS 2.3 SQL Injection

================================================================================ PHP Melody CMS v2.3 SQL injection ================================================================================ Vendor Homepage: https://www.phpsugar.com Date: 26/12/2015 Script Link:...

Pinger Remote Code Execution

================================================================================ Pinger - Simple Pinging Webapp Remote Code Execution ================================================================================ Vendor Homepage: https://github.com/wcchandler/pinger Date: 17/12/2015 Software...

Tequila File Hosting 1.5 Arbitrary File Download

================================================================================ Tequila File Hosting Arbitrary File Download ================================================================================ Vendor Homepage: http://codecanyon.net/item/tequila-file-hosting-script/7604312 Software...

WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery

Exploit Title: WP Easy Poll 1.1.3 XSS and CSRF Exploit Author : Ahn Sung Jun Date : 2015-12-09 Vendor Homepage : https://wordpress.org/plugins/wp-easy-poll-afo/ Software Link : https://downloads.wordpress.org/plugin/wp-easy-poll-afo.1.1.3.zip Version : 1.1.3 Tested On : kail linux Iceweasel...

WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting Cross-Site Request Forgery

WordPress Plugin WP Easy Poll 1.1.3 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: WP Easy Poll 1.1.3 XSS and CSRF Exploit Author : Ahn Sung Jun Date : 2015-12-09 Vendor Homepage : https://wordpress.org/plugins/wp-easy-poll-afo/ Software Link :...

CVE-2015-8383

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...

ATutor 2.2 Session Variable Overloading Vulnerability

ATutor versions 2.2 and below suffer from a session variable overloading vulnerability. ---------------------------------------------------------------------- ATutor = 2.2 confirm.php Session Variable Overloading Vulnerability ----------------------------------------------------------------------...

Shadow Infosystem Arbitrary File Download

|||||||||||||||||||||||||||||||||||||||||| |--------------------------------------------------------------| |+ Exploit Title: Shadow Infosystem Arbitrary File Download |+ |+ Exploit Author: Ashiyane Digital Security Team |+ |+ Vendor Homepage: http://shadowinfosystem.com |+ |+ Google Dork:...

Shadow Infosystem Arbitrary File Download Vulnerability

Exploit for php platform in category web applications |||||||||||||||||||||||||||||||||||||||||| |--------------------------------------------------------------| |+ Exploit Title: Shadow Infosystem Arbitrary File Download |+ |+ Exploit Author: Ashiyane Digital Security Team |+ |+ Vendor Homepage:...

Endian Firewall - Password Change Command Injection (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'Endian Firewall Proxy Password Change Command Injection', 'Description' = %q This module exploits an OS command injection...

WordPress eShop 6.3.13 Cross Site Scripting

" / Exploit : -- alertdocument.cookie setTimeout'form1.submit', 1;...

WordPress sourceAFRICA 0.1.3 Cross Site Scripting

Exploit Title : Wordpress sourceAFRICA Plugin Cross Site Scripting Exploit Author : Ashiyane Digital Security Team Vendor Homepage : https://wordpress.org/plugins/sourceafrica/ Date: 2015-08-29 Tested On : Elementary Os - Firefox Software Link :...