47904 matches found
US Zip Codes Database - 'state' SQL Injection
Exploit Title: US Zip Codes Database Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://rowindex.com/ Software Link: https://www.codester.com/items/4898/us-zip-codes-database-php-script Demo: http://rowindex.com/demo/ Version: N/A Category: Webapps Tested on:...
Newspaper 1.0 - SQL Injection
Exploit Title: Newspaper Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/mymagazine-fully-responsive-magazine-cms/19493325 Demo: http://demo.geniusocean.com/newspaper/ Version: 1.0 Category:...
tPanel 2009 - Authentication Bypass
Exploit Title: tPanel 2009 - Authentication Bypass Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.datacomponents.net/ Software Link: http://www.datacomponents.net/products/hosting/tpanel/ Demo: http://demo.datacomponents.net/tpanel/ Version: 2009 Category: Webapps Tested on:...
CPA Lead Reward Script - SQL Injection
...
Fake Magazine Cover Script - SQL Injection
Exploit Title: Fake Magazine Cover Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.websitescripts.org/ Software Link: http://www.websitescripts.org/website-scripts/fake-magazine-cover-script/prod81.html Demo: http://websitescripts.org/demo/magazinecoverscript/ Versio...
Php Inventory - Arbitrary File Upload
Exploit Title: Php Inventory & Invoice Management System - Arbitrary File Upload Dork: N/A Date: 30.10.2017 Vendor Homepage: http://savsofteproducts.com/ Software Link: http://www.phpinventory.com/ Demo: http://phpinventory.com/phpinventorydemo/ Version: N/A Category: Webapps Tested on:...
PG All Share Video 1.0 - SQL Injection
Exploit Title: PG All Share Video 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.pilotgroup.net/ Software Link: http://www.allsharevideo.com/features.php Demo: http://demo.allsharevideo.com/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
News 1.0 - SQL Injection
Exploit Title: News Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/news-dynamic-newspaper-magazine-and-blog-cms-script/19656143 Demo: http://demo.geniusocean.com/news/ Version: 1.0 Category:...
Nice PHP FAQ Script - 'nice_theme' SQL Injection
Exploit Title: Nice PHP FAQ Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.nicephpscripts.com/ Software http://www.nicephpscripts.com/demophpscript-PHP-FAQ-Script-Knowledgebase-Script.htm Demo: http://www.nicephpscripts.com/scripts/faqscript/ Version: N/A Category:...
Vastal I-Tech Agent Zone - 'searchCommercial.php' / 'searchResidential.php' SQL Injection
Exploit Title: Vastal I-Tech Agent Zone - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://vastal.com/ Software http://vastal.com/agent-zone-real-estate-script.html Demo: http://agentzone.vastal.com/demo/ Version: N/A Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Website Broker Script - 'status_id' SQL Injection
Exploit Title: Website Broker Script - 'statusid' Parameter SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/UwCG4464436/php-scripts/website-broker-script Demo:...
PHP CityPortal 2.0 - SQL Injection
Exploit Title: PHP CityPortal 2.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpcityportal.com/ Software Link: http://www.phpcityportal.com/index.php Demo: http://phpcityportal.com/demo Version: 2.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2017-15970...
CmsLite 1.4 - 'S' SQL Injection
Exploit Title: Creative Management System - CMS Lite 1.4 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://bekirk.co.uk/ Software Link: https://codecanyon.net/item/creative-management-system-cms-lite/15297597 Demo: http://demo.bekirk.co.uk/ Version: 1.4 Category: Webapps Tested o...
MyMagazine 1.0 - 'id' SQL Injection
Exploit Title: MyMagazine Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/mymagazine-bootstrap-newspaper-magazine-and-blog-cms-script/19620468 Demo: http://demo.geniusocean.com/mymagazine/...
Online Exam Test Application - 'sort' SQL Injection
Exploit Title: Online Exam Test Application - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/1z2e4672468/php-scripts/online-exam-test-application Demo: http://198.38.86.159/onlineexamboard/ Version: N/...
D-Park Pro 1.0 - SQL Injection
Username: Password:...
iProject Management System 1.0 - 'ID' SQL Injection
Exploit Title: iProject Management System 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://ikodes.com/ Software Link: https://codecanyon.net/item/iproject-management-system/20483358 Demo: http://project.ikodes.com/ikpms/ Version: 1.0 Category: Webapps Tested on:...
Mailing List Manager Pro 3.0 - SQL Injection
Exploit Title: Mailing List Manager Pro 3.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.vote-pro.com/ Software Link: http://www.mailing-manager.com/demo.html Demo: http://www.mailing-manager.com/demo-gold/ Version: 3.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
Joomla! Component NS Download Shop 2.2.6 - 'id' SQL Injection
Exploit Title: Joomla! Component NS Download Shop 2.2.6 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: https://nswd.co/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/paid-downloads/ns-downloadshop/ Demo: https://ds.nswd.co/ Version: 2.2.6 Category:...
Joomla! Component Zh YandexMap 6.1.1.0 - 'placemarklistid' SQL Injection
Exploit Title: Joomla! Component Zh YandexMap 6.1.1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://zhuk.cc/ Software Link: https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/zh-yandexmap/ Demo: http://joomla.zhuk.cc/index.php Version: 6.1.1.0...
Basic B2B Script - SQL Injection
Exploit Title: Basic B2B Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/nC3F4570353/php-scripts/basic-b2b-script Demo: http://readymadeb2bscript.com/product/entrepreneur/ Version: N/A Category...
WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection
Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage: http://www.etoilewebdesign.com/plugins/ultimate-product-catalog/ Software Link:...
Shareet - 'photo' SQL Injection
Exploit Title: Shareet - Photo Sharing Social Network - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: https://odallated.com/ Software Link: https://www.codester.com/items/4910/shareet-photo-sharing-social-network Demo: https://odallated.com/shareet/demo/ Version: N/A Category: Webapps...
Zomato Clone Script - 'resid' SQL Injection
Exploit Title: Zomato Clone Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/099S4111872/php-scripts/zomato-clone-script Demo: http://jhinstitute.com/demo/foodpanda/ Version: N/A Category: Webap...
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure
!/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$ ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' Oracle Java Web Start JNLP XML...
Ingenious 2.3.0 - Arbitrary File Upload
Exploit Title: Ingenious School Management System 2.3.0 - Arbitrary File Upload Dork: N/A Date: 30.10.2017 Vendor Homepage: http://iloveprograming.com/ Software Link: https://www.codester.com/items/4945/ingenious-school-management-system Demo: http://iloveprograming.com/view/login.php Version: N/...
iTech Gigs Script 1.21 - SQL Injection
Exploit Title: iTech Gigs Script 1.21 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/the-gigs-script/ Demo: http://gigs.itechscripts.com/ Version: 1.21 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2017-1596...
Article Directory Script 3.0 - 'id' SQL Injection
Exploit Title: Article Directory Script 3.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.yourarticlesdirectory.com/ Software Link: http://www.yourarticlesdirectory.com/ Demo: http://www.yourarticlesdirectory.com/livedemo.php Version: 3.0 Category: Webapps Tested on:...
Job Board Script - 'nice_theme' SQL Injection
Exploit Title: Job Board Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.nicephpscripts.com/ Software http://www.nicephpscripts.com/jobboardscript.htm Demo: http://www.nicephpscripts.com/scripts/faqscript/ Version: N/A Category: Webapps Tested on: WiN7x64/KaLiLinuXx6...
Uniview - Remote Command Execution / Export Config (PoC)
STX Subject: Uniview RCE and export config PoC Researcher: bashis October 2017 Attack Vector: Remote Authentication: Anonymous no credentials needed Export config http://IP:PORT/cgi-bin/main-cgi?json="cmd":255,"szUserName":"","u32UserLoginHandle":-1 -tcpdump- check active capture...
PHPMyFAQ 2.9.8 - Cross-Site Scripting (3)
Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vulnerability Date: 28-9-2017 Exploit Author: Nikhil Mittal Payatu Labs Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Version: 2.9.8 Tested on: MAC OS CVE : 2017-15727 1. Description In phpMyFAQ befo...
PHP Melody 2.6.1 - SQL Injection
Author : Venkat Rajgor + Email : [email protected] + Vulnerability : SQL injection E-mail ID : [email protected] Download : http://www.phpsugar.com Web : http://www.phpsugar.com Price : $39 USD Vulnerable parameter: http://x.x.x.x/playlists.php?playlist= Application : PHPSUGAR PHP Melody...
MitraStar DSL-100HN-T1/GPT-2541GNAC - Privilege Escalation
Exploit Title: Privilege escalation MitraStar routers Date: 28-10-2017 Exploit Author: j0lama Vendor Homepage: http://www.mitrastar.com/ Provider Homepage: https://www.movistar.com/ Models affected: MitraStar DSL-100HN-T1 and MitraStar GPT-2541GNAC HGU Software versions: ES113WJY0b16 DSL-100HN-T1...
phpMyFAQ 2.9.8 - Cross-Site Request Forgery
Exploit Title: phpMyFAQ 2.9.8 CSRF Vulnerability Date: 27-9-2017 Exploit Author: Nikhil Mittal Payatu Labs Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Version: 2.9.8 Tested on: MAC OS CVE : 2017-15730 1. Description In phpMyFAQ before...
Tizen Studio 1.3 Smart Development Bridge < 2.3.2 - Buffer Overflow (PoC)
Exploit Title: Smart Development Bridge =2.3.2 part of Tizen Studio 1.3 Windows x86/x64 - Buffer Overflow PoC Date: 22.10.17 Exploit Author: Marcin Kopec Vendor Homepage: https://developer.tizen.org/ Software Link: https://developer.tizen.org/development/tizen-studio/download Version: 2.3.0, 2.3....
Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow (PoC)
/ Sync Breeze Enterprise BOF - Ivan Ivanovic Ivanov Иван-дурак недействительный 31337 Team / define WINSOCKDEPRECATEDNOWARNINGS define DEFAULTBUFLEN 512 include include include include DWORD SendRequestchar request, int requestsize WSADATA wsa; SOCKET s; struct sockaddrin server; char...
HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow
Exploit-CVE-2017-6008 The CVE-2017-6008 is a vulnerability in the HitmanPro scan that allows privilege escalation by exploiting a kernel pool buffer overflow. The exploits here use the Quota Process Pointer Overwrite attack as described in the Tarjei Mandt's paper Also, the exploits use my Pool...
Watchdog Development Anti-Malware / Online Security Pro - NULL Pointer Dereference
/ Exploit Title - Watchdog Development Anti-Malware/Online Security Pro Null Pointer Dereference Date - 26th October 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - https://www.watchdogdevelopment.com/ Tested Version - 2.74.186.150 Driver Version - 2.21.63 - zam32.sys Tested on OS ...
Netgear DGN1000 1.1.00.48 - 'Setup.cgi' Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear DGN1000 Setup.cgi Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated OS command execution vulneralbility in...
KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15879 Vendor...
KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting
Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15878 Vendor Description...
PHPMailer < 5.2.21 - Local File Disclosure
Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "admin@localhost"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer MsgHTML$POST"your-message"; if!$mail-Send echo "Error: ".$mail-ErrorInf...
FS Realtor Clone - 'id' SQL Injection
Exploit Title: FS Realtor Clone - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/realtor-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...
FS Monster Clone - 'id' SQL Injection
Exploit Title: FS Monster Clone - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/monster-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...
FS Crowdfunding Script - 'id' SQL Injection
Exploit Title: FS Crowdfunding Script - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/crowdfunding-script/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...
FS Trademe Clone - 'id' SQL Injection
Exploit Title: FS Trademe Clone - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/trademe-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...
Mura CMS < 6.2 - Server-Side Request Forgery / XML External Entity Injection
Exploit Title: Mura CMS before 6.2 SSRF + XXE Date: 30-10-2017 Exploit Author: Anthony Cole Vendor Homepage: http://www.getmura.com/ Version: before 6.2 Contact: http://twitter.com/acole76 Website: http://twitter.com/acole76 Tested on: Windows 2008 w/ Coldfusion 8 CVE: CVE-2017-15639 Category:...
FS Thumbtack Clone - 'ser' SQL Injection
Exploit Title: FS Thumbtack Clone - 'ser' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/thumbtack-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...
FS Care Clone - 'sitterService' SQL Injection
Exploit Title: FS Care Clone - 'sitterService' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/care-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...
FS Shutter Stock Clone - 'keywords' SQL Injection
Exploit Title: FS Shutter Stock Clone - 'keywords' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/shutterstock-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...