1370 matches found
MyBB KingChat Plugin - SQL Injection
Exploit Title: KingChat MyBB plugin SQL Injection 0day Google Dork: inurl:"kingchat.php" Date: 13.10.2012 Exploit Author: RedHat NullSec Software Link: http://mods.mybb.com/view/kingchat Tested on: Windows & Linux. Vulnerable code : query"SELECT FROM ".TABLEPREFIX."users WHERE...
Incomedia WebSite X5 Evolution 9.0.4.1748 XSS / Bypass
========================================= Vulnerable Software: Incomedia WebSite X5 Evolution alert1; Fix: Open imsearch.php and find: =============VULNERABLE CODE============== search@$GET'search', @$GET'page'; ? ==========END OF VULNERABLE CODE========== REPLACE WITH: ==============FIXED...
TinyCMS 1.4 Local File Inclusion
Exploit title: TinyCMS - Local File Inclusion + Date: 2/10/2012 + Author: Phizo + Vendor: http://www.tinycms.net/ + Version: 1.2 - 1.4 + Category: webapps + Google dork: intext:"Powered by TinyCMS" + Tested on: Windows 7 | Firefox 15.0.1 All current versions of TinyCMS seem to be affected by the...
Inferno vBShout 2.5.2 - SQL Injection
Inferno vBShout 2.5.2 - SQL Injection ==================================================================== Inferno vBShout SQLI 0day settings'scommands'; if $this-vbulletin-db-affectedrows vbulletin-db-queryfirst"select from " . TABLEPREFIX . "infernoshoutusers where...
Inferno vBShout 2.5.2 - SQL Injection
==================================================================== Inferno vBShout SQLI 0day settings'scommands'; if $this-vbulletin-db-affectedrows vbulletin-db-queryfirst"select from " . TABLEPREFIX . "infernoshoutusers where suser='$this-vbulletin-userinfo'userid''" $this-vbulletin-db-query"...
WordPress Plugin Mz-jajak 2.1 - SQL Injection
WordPress Plugin Mz-jajak 2.1 - SQL Injection Exploit Title: WordPress Mz-jajak plugin query"UPDATE " . $tablename . " SET ".$answert."=".$answert."+1 WHERE id=".$id; $rows = $wpdb-getresults"SELECT FROM " . $tablename . " WHERE id=".$id; Greetz: T0r3x, m1l05, JuMp-Er, EsC, UNICORN, Xermes, s4r4d...
Islamnt <= Remote Blind SQL Injection Exploit
Exploit for php platform in category web applications Query"select $val from styles where idstyle='$styledefault'"; FetchO$seltemp; $this-temp = $rowtemp-$val; $this-temp = stripslashes$this-temp; / print "\n+------------------------------------------------------------+"; print "\n| Islamnt =...
europ INNET Web Studio Administration Program 2.0 XSS / CSRF / LFI
====================================================== Vulnerable software: Administration Programm v 2.0 Vendor: europ INNET Web Studio, www.europ-innet.com ====================================================== Vulnerabilities: //insertguestbook.php ==============VULNERABLE CODE...
WordPress Plugin Website FAQ 1.0 - SQL Injection
WordPress Plugin Website FAQ 1.0 - SQL Injection Exploit Title: WordPress Website FAQ Plugin v1.0 SQL Injection Date: 6/25/12 Exploit Author: Chris Kellum Vendor Homepage: http://wordpress.org/extend/plugins/website-faq/ Software Link: http://downloads.wordpress.org/plugin/website-faq.zip Version...
SN News 1.2 - '/admin/loger.php' Authentication Bypass
SN News Date: 06/06/2012 Version: 1.2 Software Link: http://phpbrasil.com/script/JHnpFRmSBqlf/sn-news ISRAEL Author will be not responsible for any damage. Vulnerable Code - /admin/logar.php 4-15: 4.$login = $POST"login"; 5.$senha = $POST"senha"; 6.$sql = "select from newsadm where login='$login'...
SN News 1.2 - adminloger.php Authentication Bypass
SN News 1.2 - adminloger.php Authentication Bypass SN News Date: 06/06/2012 Version: 1.2 Software Link: http://phpbrasil.com/script/JHnpFRmSBqlf/sn-news ISRAEL Author will be not responsible for any damage. Vulnerable Code - /admin/logar.php 4-15: 4.$login = $POST"login"; 5.$senha = $POST"senha";...
NewsAdd 1.0 - 'lerNoticia.php?id' SQL Injection
NewsAdd Date: 31/05/2012 Version: 1.0 Software Link: http://phpbrasil.com/script/3tCyUs1JeL1M/newsadd--mysql ISRAEL Author will be not responsible for any damage. YOU SHOULD BE LOGGED IN | YOU SHOULD BE LOGGED IN Vulnerable Code - lerNoticia 15-22: 21.if $GET 22. 23. $id = $GET'id'; 24. 25. $quer...
Supernews <= 2.6.1 (noticias.php cat) SQL Injection
Exploit for php platform in category web applications Supernews Date: 31/05/2012 Version: 2.6.1 Software Link: http://phpbrasil.com/script/vT0FaOCySSH/supernews ISRAEL Author will be not responsible for any damage. Vulnerable Code - noticias.php 30-31: 30. $idcategoria = formatDados$GET'cat'; 31...
Supernews 2.6.1 - noticias.php?cat SQL Injection
Supernews 2.6.1 - noticias.php?cat SQL Injection Supernews Date: 31/05/2012 Version: 2.6.1 Software Link: http://phpbrasil.com/script/vT0FaOCySSH/supernews ISRAEL Author will be not responsible for any damage. Vulnerable Code - noticias.php 30-31: 30. $idcategoria = formatDados$GET'cat'; 31. $que...
Chevereto Upload Script Cross Site Scripting / User Enumeration
Exploit for php platform in category web applications ======================================================================================== Vulnerable Software: Chevereto upload script Downloaded from: http://code.google.com/p/chevereto/downloads/list...
WordPress annonces plugin LFI Vulnerability
Exploit for php platform in category web applications +----------------------------------------------------------------------+ Exploit Title: wordpress annonces plugin local file inclusion LFI Google Dork: inurl:wp-content/plugins/annonces Date: 08/04/2012 Author: Tunisian spl01t3r Greetz: Milw0r...
WordPress catablog 1.6 plugin RFI Vulnerability
Exploit for php platform in category web applications +----------------------------------------------------------------------+ Exploit Title: wordpress thecartpress plugin local file inclusion LFI Google Dork: inurl:wp-content/plugins/thecartpress/widgets/ Date: 08/04/2012 Author: Tunisian spl01t...
LANDesk Lenovo ThinkManagement Suite 9.0.3 File Deletion
LANDesk Lenovo ThinkManagement Suite 9.0.3 Core Server WSVulnerabilityCore.dll SetTaskLogByFile Remote Arbitrary File Deletion Vulnerability Tested against: Microsoft Windows Server 2003 r2 sp2 Software home page: http://www.landesk.com/lenovo/thinkmanagement-console.aspx Download url:...
Toenda CMS 1.6.2 Osaka Stable Local File Inclusion
============TOENDA CMS 1.6.2 OSAKA "STABLE" MULTIPLE VULNERABILITIES============ Vulnerable Software: toendaCMS1.6.2OsakaStable Developed by: http://www.toendacms.org/index.php/en/open/download.html toenda.com http://www.toendacms.org/index.php/en/open/download.html Downloaded from:...
Gazelle CMS 1.0 - Update Statement SQL Injection
Exploit Title: Ananta Gazelle CMS - Update Statement Sql injection Google Dork: - Date: 07-02-2012 Author: hackme Software Link: http://sourceforge.net/projects/ananta/files/stable/Gazelle 1.0 stable/AnantaGazelle1.0.zip/ Version: 1.0 stable Tested on: backbox 2.1 CVE : - SORRY FOR MY BAD ENGLISH...