Portaneo Portal 2.2.3 - Remote Arbitrary File Upload Exploit

No description provided by source. ?php / 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ ...

phpMyManga <= 0.8.1 (template.php) Multiple File Include Vulnerabilities

No description provided by source. +------------------------------------------------------------------------------------------- + PhpMyManga = 0.8.1 template.php Multiple File Include Vulnerabilities +------------------------------------------------------------------------------------------- +...

Php-Stats <= 0.1.9.1b (ip) Remote SQL Injection Exploit

No description provided by source. ?php printr' --------------------------------------------------------------------------- Php-Stats = 0.1.9.1b ip urldecode/ ereg / sql injection / cleat text admin pass disclosure exploit method ii by rgod mail: retrog at alice dot it site:...

WordPress GD Star Rating plugin <= 1.9.10 SQL Injection

No description provided by source. Exploit Title: WordPress GD Star Rating plugin = 1.9.10 SQL Injection Vulnerability Date: 2011-09-26 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/gd-star-rating.zip Version: 1.9.10 tested Not...

WordPress WP-Filebase Download Manager plugin <= 0.2.9 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress WP-Filebase Download Manager plugin = 0.2.9 SQL Injection Vulnerability Date: 2011-09-09 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/wp-filebase.0.2.9.zip Version:...

BtiTracker <= 1.4.1 (become admin) Remote SQL Injection Vulnerability

No description provided by source. BtiTracker =v1.4.1 Remote SQL Injection Exploit Discovered by: m@ge|ozz - [email protected] Vulnerabitity: Remote Sql Injection / Problem: Any user can be Administrator Website Vendor: http://www.btiteam.org Vulnerable Code accountchange.php: if isset$GETstyle...

Wordpress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion

No description provided by source. Exploit Title: Mini Mail Dashboard Widget Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

Cells Blog 3.3 - XSS Reflected & Blind SQLite Injection

No description provided by source. + Exploit: Cells v3.3 XSS Reflected & Blind SQLite Injection + Author: vinicius777 + Contact: vinicius777 AT gmail @vinicius777 + version: Cells Blog 3.3 + Vendor Homepage: http://cells.tw + 14/01/2014 vendor contacted + 17/01/2014 no response from vendor +...

LightBlog <= 9.9.2 (register.php) Remote Code Execution Exploit

No description provided by source. ? / --------------------------------------------------------------- LightBlog = 9.9.2 register.php Remote Code Execution Exploit --------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...

WordPress Contact Form plugin <= 2.7.5 - SQL Injection

No description provided by source. Exploit Title: WordPress Contact Form plugin = 2.7.5 SQL Injection Vulnerability Date: 2011-10-13 Author: Skraps jackie.craig.sparksatlive.com jackie.craig.sparksatgmail.com @skrapsfoo Software Link: http://downloads.wordpress.org/plugin/contact-form-wordpress.z...

PHPsFTPd 0.2/0.4 Inc.Login.PHP Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14222/info PHPsFTPd is affected by a privilege escalation vulnerability. PHPsFTPd is affected by a privilege escalation vulnerability. This issue is due to a failure in 'inc.login.php' when processing login credentials. A...

WordPress CevherShare Plugin 2.0 - SQL Injection

No description provided by source. = WordPress CevherShare 2.0 plugin SQL Injection Vulnerability = Bugfounder: bd0rk = Contact: bd0rkathackermail.com = Greetings: Perle, Martin K., Carsten R., x0r32 = Affected-Software: WordPress CevherShare 2.0 plugin = Vendor: http://phpkode.com/ = Download:...

Facebook Profile MyBB Plugin 2.4 - Persistant XSS

No description provided by source. Exploit Title: MyBB Facebook Profile Plugin Persistant XSS Date: 12/12/2012 Exploit Author: limb0 Vendor Homepage: http://www.collectiontricks.it/ Software Link: http://mods.mybb.com/view/facebook-profile-link-on-postbit-2-2 Version: 2.4 Tested on: Linux P-XSS...

WordPress Couponer plugin <= 1.2 - SQL Injection

No description provided by source. Exploit Title: WordPress Couponer plugin = 1.2 SQL Injection Vulnerability Date: 2011-08-31 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/couponer.zip Version: 1.2 tested Note: magicquotes has...

PHPDirector Game Edition 0.1 - Multiple Vulnerabilities (LFI/SQLi/Xss)

No description provided by source. Exploit Title: PHPDirector Game Edition Multiple Vulnerabilities LFI/SQLi/Xss Date: 2010-01-05 Author: Zer0 Thunder Site : http://www.play-online.bzh.be/forum/ Version: v0.1 Tested on: Windows XP sp2 WampServer 2.0i / LinuxBox Ubuntu Server 9.10 CVE : Code : Loc...

WordPress Evarisk plugin <= 5.1.3.6 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Evarisk plugin = 5.1.3.6 SQL Injection Vulnerability Date: 2011-08-28 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/evarisk.5.1.3.6.zip Version: 5.1.3.6 tested Note:...

Dokeos LMS <= 1.8.5 (whoisonline.php) PHP Code Injection Exploit

No description provided by source. ?php / ----------------------------------------------------------------------- Dokeos LMS = 1.8.5 whoisonline.php Remote PHP Code Injection Exploit ----------------------------------------------------------------------- author...: EgiX mail.....:...

XMB <= 1.9.6 Final basename() Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo XMB = 1.9.6 Final basename 'langfilenew' arbitrary local inclusion / remote commands xctn\n; echo by rgod [email protected]\n; echo site: http://retrogod.altervista.org\n; echo dork: \Powered by XMB\n\n; / works...

pragmaMX Module Landkarten 2.1 - Local File Inclusion Exploit (win)

No description provided by source. !Perl pragmaMX Landkartenmodule 2.1 Local File Inclusion Exploit Vendor: http://www.pragmamx.org/Downloads-op-getit-lid-599-noJpC-.html Vulnerable Code: requireoncemodules/$modulename/inc/conf.php; Coded by bd0rk || SOH-Crew Greetz: str0ke, Diddi, seduce, TheJT,...

Linux Kernel <= 2.4.20 decode_fh Denial of Service Exploit

No description provided by source. / Linux 2.4.20 knfsd kernel signed/unsigned decodefh DoS Author: jared stanbrough jareds pdx edu Vulnerable code: fs/nfsd/nfs3xdr.c line 52-64 static inline u32 decodefhu32 p, struct svcfh fhp int size; fhinitfhp, NFS3FHSIZE; size = ntohlp++; if size NFS3FHSIZE...