MapProxy 1.11.0 Cross Site Scripting

waraxe-2019-SA110 - Reflected XSS in MapProxy 1.11.0 ================================================================================ Author: Janek Vind "waraxe" Date: 07. August 2019 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-110.html Target description: MapProxy is an open sour...

WordPress FV Flowplayer 7.2.0.727 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Reflected XSS in FV Flowplayer Wordpress plugin ================================================================ Author: Janek Vind "waraxe" Date: 20. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-107.html Target...

Invision Power Board <= 2.3.5 - Remote SQL Injection Exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // IPB = 2.3.5 sql injection exploit // Version 1.0 // written by Janek Vind waraxe // Estoni...

phpMyAdmin Authenticated Remote Code Execution via preg_replace()

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

CuteNews <= 1.4.5 Admin Password md5 Hash Fetching Exploit

No description provided by source. ?php errorreportingEALL; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // Cutenews = 1.4.5 admin password md5 hash fetching exploit // Version 1.0 // written by Jan...

Spider Event Calendar 1.3.0 Cross Site Scripting / Path Disclosure / SQL Injection

waraxe-2013-SA104 - Multiple Vulnerabilities in Spider Event Calendar Wordpress Plugin =================================================================================== Author: Janek Vind "waraxe" Date: 22. May 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-104.html Descriptio...

phpMyAdmin - &#039;preg_replace&#039; (Authenticated) Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'phpMyAdmin Authenticated Remote Code...

phpMyAdmin Authenticated Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'phpMyAdmin Authenticated Remote Code...

phpMyAdmin 3.5.7 Cross Site Scripting Vulnerability

phpMyAdmin version 3.5.7 suffers from a reflective cross site scripting vulnerability. Reflected XSS in phpMyAdmin 3.5.7 ==================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html...

phpMyAdmin 3.5.7 Cross Site Scripting

waraxe-2013-SA102 - Reflected XSS in phpMyAdmin 3.5.7 =============================================================================== Author: Janek Vind "waraxe" Date: 09. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-102.html Description of vulnerable software: phpMyAdmi...

LibreOffice 4.0.1.2 Update Spoofing

waraxe-2013-SA099 - Update Spoofing Vulnerability in LibreOffice 4.0.1.2 =============================================================================== Author: Janek Vind "waraxe" Date: 21. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-99.html Description of vulnerable...

WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite

waraxe-2012-SA094 - Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin ============================================================================================= Author: Janek Vind "waraxe" Date: 24. October 2012 Location: Estonia, Tartu Web:...

WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite

WordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities. Multiple Vulnerabilities in Wordpress GRAND Flash Album Gallery Plugin...

WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities

WordPress Plugin social discussions 6.1.1 - Multiple Vulnerabilities waraxe-2012-SA093 - Multiple Vulnerabilities in Wordpress Social Discussions Plugin ====================================================================================== Author: Janek Vind "waraxe" Date: 17. October 2012...

[waraxe-2012-SA#089] - Multiple Vulnerabilities in TorrentTrader 2.08

waraxe-2012-SA089 - Multiple Vulnerabilities in TorrentTrader 2.08 =============================================================================== Author: Janek Vind "waraxe" Date: 17. September 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-89.html Description of vulnerable...

Joomla 2.5.4 Cross Site Scripting

waraxe-2012-SA088 - Reflected XSS in Joomla 2.5.4 admin sysinfo page =============================================================================== Author: Janek Vind "waraxe" Date: 03. May 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-88.html CVE:...

Joomla 1.5.26 ja_purity Cross Site Scripting

waraxe-2012-SA087 - Reflected XSS in Joomla 1.5.26 "japurity" template =============================================================================== Author: Janek Vind "waraxe" Date: 03. May 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-87.html CVE:...

OpenCart <= 1.5.2.1 Multiple Vulnerabilities

OpenCart is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:opencart:opencart"; ifdescription...

Invision Power Board 3.3.0 Local File Inclusion

waraxe-2012-SA086 - Local File Inclusion in Invision Power Board 3.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-86.html CVE:...

Uploadify 2.1.4 Cross Site Scripting / Shell Upload

waraxe-2012-SA083 - Multiple Vulnerabilities in Uploadify 2.1.4 =============================================================================== Author: Janek Vind "waraxe" Date: 05. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-83.html Description of vulnerable software:...