47904 matches found
(Bitcoin / Dogecoin) PHP Cloud Mining Script - Authentication Bypass
Exploit Title: Bitcoin,Dogecoin Mining 1.0 - Authentication Bypass Dork: N/A Date: 21.08.2017 Vendor Homepage: https://codecanyon.net/user/bousague Software Link: https://codecanyon.net/item/bitcoindogecoin-mining-php-script/20315581 Demo: http://test.z-files.site/ Version: 1.0 Category: Webapps...
PDF-XChange Viewer 2.5 Build 314.0 - Code Execution
Exploit Title: PDF-XChange Viewer 2.5 Build 314.0 Javascript API Remote Code Execution Exploit Powershell PDF Exploit Creation Date: 21-08-2017 Software Link 32bit: http://pdf-xchange-viewer.it.uptodown.com/windows Exploit Author: Daniele Votta Contact: [email protected] Website:...
PHP-Lance 1.52 - 'subcat' SQL Injection
Exploit Title: PHP-Lance 1.52 - 'subcat' Parameter SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://www.scriptdemo.com/ Software Link: http://www.scriptdemo.com/details/phplance/ Demo: http://www.scriptdemo.com/php-lance/ Version: 1.52 Category: Webapps Tested on:...
PHP Jokesite 2.0 - 'joke_id' SQL Injection
Exploit Title: PHP Jokesite 2.0 - 'jokeid' Parameter SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://www.scriptdemo.com/ Software Link: http://www.scriptdemo.com/details/phpjokesite2/ Demo: http://www.scriptdemo.com/php-jokesite/ver2.0/ Version: 2.0 Category: Webapps Tested on:...
Joomla! Component Sponsor Wall 8.0 - SQL Injection
Exploit Title: Joomla! Component Sponsor Wall 8.0 - SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://pulseextensions.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/sponsors/sponsor-wall/ Demo:...
Joomla! Component Flip Wall 8.0 - 'wallid' SQL Injection
Exploit Title: Joomla! Component Flip Wall 8.0 - SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://pulseextensions.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/sponsors/flip-wall/ Demo:...
Joomla! Component FocalPoint 1.2.3 - SQL Injection
Exploit Title: Joomla! Component FocalPoint Pro / Free v1.2.3 - SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://focalpointx.com/ Software Link: http://focalpointx.com/demos/focalpoint-pro Demo: http://focalpointx.com/demos/focalpoint-free/ Demo:...
Joomla! Component Ajax Quiz 1.8 - SQL Injection
Exploit Title: Joomla! Component Ajax Quiz 1.8 - SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://webkul.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/education-a-culture/ajaxquiz/ Demo: http://joomla30.webkul.com/ajaxquiz/ Version: 1.8 Category:...
iTech Social Networking Script 3.08 - SQL Injection
Exploit Title: iTech Social Networking Script 3.08 - SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/social-networking-script/ Demo: http://social.itechscripts.com Version: 3.08 Category: Webapps Tested on:...
Affiliate Niche Script 3.4.0 - SQL Injection
Exploit Title: Affiliate Niche Script 3.4.0 SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: https://scriptoffice.com/ Software Link: https://soft.scriptoffice.com/projects/affiliatenichescript/wiki/MainMenu Demo: http://demodesigns.affiliatenichescript.com/ Version: 3.4.0 Category:...
PHP Classifieds Script 5.6.2 - SQL Injection
Exploit Title: PHP Classifieds Script 5.6.2 SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: https://scriptoffice.com/ Software Link: https://soft.scriptoffice.com/projects/classifiedscript/wiki/MainMenu Demo: http://www.classifieddemo.com/ Version: 5.6.2 Category: Webapps Tested on:...
PHP Coupon Script 6.0 - 'cid' SQL Injection
Exploit Title: PHP Coupon Script 6.0 - 'cid' Parameter SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://www.couponscript.com/ Software Link: http://www.couponscript.com/ Demo: http://www.couponscript.com/demo/ Version: 6.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
PHPMyWind 5.3 - Cross-Site Scripting
Exploit Title:PHPMyWind 5.3 has XSS Exploit Author:小雨 Vendor Homepage:http://phpmywind.com Software Link:http://phpmywind.com/downloads/PHPMyWind5.3.zip Version:5.3 CVE:CVE-2017-12984 $r= $dosql-GetOne"SELECT Maxorderid AS orderid FROM @message"; $orderid= empty$r'orderid' ? 1 : $r'orderid' + 1;...
Apache2Triad 1.5.4 - Multiple Vulnerabilities
Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt + ISR: ApparitionSec Vendor: =============== apache2triad.net https://sourceforge.net/projects/apache2triad/ Product:...
Easy DVD Creater 2.5.11 - Local Buffer Overflow (SEH)
!/usr/bin/python Exploit Title: Easy DVD Creater 2.5.11 - 'Enter User Name' Field Buffer Overflow SEH Date: 19-08-2017 Exploit Author: Anurag Srivastava Website: www.pyramidcyber.com Vulnerable Software: Easy DVD Creater Vendor Homepage: http://www.divxtodvd.net/ Version: 2.5.11 Software Link:...
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow
CVE-2014-1303 PoC for Linux CVE-2014-1303 WebKit Heap based BOF proof of concept for Linux. This repository demonstrates the WebKit heap based buffer overflow vulnerability CVE-2014-1303 on Linux. NOTE: Original exploit is written for Mac OS X and PS4 PlayStation4. I've ported and tested work on...
Apple macOS Sierra 10.12.1 - 'IOFireWireFamily' FireWire Port Denial of Service
/ IOFireWireFamily-overflow.c Brandon Azad Buffer overflow reachable from IOFireWireUserClient::localConfigDirectoryPublish. Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44235.zip / include include include int main int ret = 0; ioservicet service =...
Linux/x86_64 - Fork Bomb Shellcode (11 bytes)
Linux/x8664 - Fork Bomb Shellcode 11 bytes. Shellcode exploit for Linx86-64 platform / ;Title: Linux/x8664 - fork Bomb 11 bytes ;Author: Touhid M.Shaikh ;Contact: https://twitter.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: WARNING! this shellcode may crash your...
LiveCRM 1.0 - SQL Injection
Exploit Title: LiveCRM 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/livecrm-complete-business-management-solution/20249151 Demo: http://demo.livecrm.co/livecrm/web/ Version: 1.0 Category: Webapps Tested on:...
Matrimony Script 2.7 - SQL Injection
Exploit Title: Matrimony Script 2.7 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://www.matrimony-script.com/ Software Link: http://www.matrimony-script.com/php-matrimony-software.html Demo: http://www.matrimonysearch.com/ Version: 2.7 Category: Webapps Tested on:...
Joomla! Component Calendar Planner 1.0.1 - SQL Injection
Exploit Title: Joomla! Component Calendar Planner 1.0.1 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://joomlathat.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/calendar-planner/ Demo: http://demo.joomlathat.com/ Version: 1.0.1...
MessengerScan 1.05 - Local Buffer Overflow (PoC)
!/usr/bin/python Exploit Title : MessengerScan v1.05 Hostname/IP Field SEH/EIP Overwrite POC Discovery by : Anurag Srivastava Email : [email protected] Discovery Date : 18/08/2017 Software Link : https://www.mcafee.com/in/downloads/free-tools/messengerscan.aspx Tested Version :...
Joomla! Component KissGallery 1.0.0 - SQL Injection
Exploit Title: Joomla! Component KissGallery 1.0.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://terrywcarter.com/ Software Link: https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/kissgallery/ Demo: http://demo.terrywcarter.com/kissgallery Version:...
LiveSupport 1.0 - SQL Injection
Exploit Title: LiveSupport 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/livesupport-complete-ticketing-system-crm/20243447 Demo: http://livesupport.livecrm.co/livecrm/web/ Version: 1.0 Category: Webapps Tested on:...
LiveInvoices 1.0 - SQL Injection
Exploit Title: LiveInvoices 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/liveinvoices-complete-invoicing-system-crm/20243375 Demo: http://liveinvoices.livecrm.co/livecrm/web/ Version: 1.0 Category: Webapps Tested on...
DSScan 1.0 - Local Buffer Overflow (PoC)
!/usr/bin/python Exploit Title : DSScan v1.0 Hostname/IP Field SEH Overwrite POC Discovery by : Anurag Srivastava Email : [email protected] Website : http://pyramidcyber.com/ Discovery Date : 18/08/2017 Software Link : https://www.mcafee.com/in/downloads/free-tools/dsscan.aspx...
Joomla! Component SP Movie Database 1.3 - SQL Injection
Exploit Title: Joomla! Component SP Movie Database 1.3 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://joomshaper.com/ Software Link: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/sp-movie-database/ Demo:...
Joomla! Component Twitch Tv 1.1 - SQL Injection
Exploit Title: Joomla! Component Twitch Tv 1.1 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://www.raindropsinfotech.com/ Software Link: https://extensions.joomla.org/extensions/extension/sports-a-games/game-servers/twitch-tv-component/ Demo:...
LiveSales 1.0 - SQL Injection
Exploit Title: LiveSales 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/livesales-complete-sales-management-crm/20243171 Demo: http://livesales.livecrm.co/livecrm/web/ Version: 1.0 Category: Webapps Tested on:...
Joomla! Component Appointment 1.1 - SQL Injection
Exploit Title: Joomla! Component Appointment v1.1 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extensions/extension/appointment/ Demo: http://joomlaextension.biz/appointment/ Version: 1.1 Category:...
iTech Classifieds Script 7.41 - SQL Injection
Exploit Title: iTech Classifieds Script 7.41 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/classifieds-script/ Demo: http://classifieds.itechscripts.com/ Version: 7.41 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
iTech Caregiver Script 2.71 - SQL Injection
Exploit Title: iTech Caregiver Script 2.71 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/caregiver-script/ Demo: http://caregiver.itechscripts.com/ Version: 2.71 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N...
DeWorkshop 1.0 - Arbitrary File Upload
Exploit Title: DeWorkshop 1.0 - Arbitrary File Upload Dork: N/A Date: 18.08.2017 Vendor Homepage : https://sarutech.com/ Software Link: https://codecanyon.net/item/deworkshop-auto-workshop-portal/20336737 Demo: https://demo.sarutech.com/deworkshop/ Version: 1.0 Category: Webapps Tested on:...
Joomla! Component Zap Calendar Lite 4.3.4 - SQL Injection
Exploit Title: Joomla! Component Zap Calendar Lite 4.3.4 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: https://zcontent.net/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/zap-calendar-lite/ Demo: http://demo.zapcalendar.com/ Version: 4.3...
iTech Multi Vendor Script 6.63 - SQL Injection
Exploit Title: iTech Multi Vendor Script 6.63 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/multi-vendor-shopping-script/ Demo: http://multi-vendor.itechscripts.com/ Version: 6.63 Category: Webapps Tested on:...
iTech Job Script 9.27 - SQL Injection
Exploit Title: iTech Job Script 9.27 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/job-portal-script/ Demo: http://job-portal.itechscripts.com/ Version: 9.27 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
iTech Dating Script 3.40 - SQL Injection
Exploit Title: iTech Dating Script 3.40 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/dating-script/ Demo: http://dating.itechscripts.com/ Version: 3.40 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploi...
iTech Travel Script 9.49 - SQL Injection
Exploit Title: iTech Travel Script 9.49 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/travel-portal-script/ Demo: http://travelportal.itechscripts.com/ Version: 9.49 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CV...
iTech Image Sharing Script 4.13 - SQL Injection
Exploit Title: iTech Image Sharing Script 4.13 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/image-sharing-script/ Demo: http://photo-sharing.itechscripts.com/ Version: 4.13 Category: Webapps Tested on:...
iTech Business Networking Script 8.26 - SQL Injection
Exploit Title: iTech Business Networking Script 8.26 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/business-networking-script/ Demo: http://professional-network.itechscripts.com/ Version: 8.26 Category: Webapps Tested o...
eCardMAX 10.5 - SQL Injection
Exploit Title: eCardMAX 10.5 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : https://www.ecardmax.com/ Software Link: https://www.ecardmax.com/home/ecardmax/ Demo: https://ecardmax.com/ecardmaxdemo/ Version: 10.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
SOA School Management 3.0 - SQL Injection
Exploit Title: SOA School Management 3.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : https://ynetinteractive.com/ Software Link: http://codecanyon.net/item/soa-school-management-software-with-integrated-parents-students-portal/20435367?srank=3 Demo:...
iTech Movie Script 7.51 - SQL Injection
Exploit Title: iTech Movie Script 7.51 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/movie-portal-script/ Demo: http://movie-portal.itechscripts.com/ Version: 7.51 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
iTech B2B Script 4.42 - SQL Injection
Exploit Title: Itech B2B Script 4.42 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/c/B2B/ Demo: http://b2b.itechscripts.com/ Version: 4.42 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: Exploit Author: Ihsan...
Mozilla Firefox < 45.0 - 'nsHtml5TreeBuilder' Use-After-Free (EMET 5.52 Bypass)
CVE-2016-1960 / Exploit Title: Mozilla Firefox . 1 https://bugzilla.mozilla.org/showbug.cgi?id=1246014 2 https://ftp.mozilla.org/pub/firefox/releases/44.0.2/win32/en-US/ / "use strict"; / This is executed after having pivoted the stack. esp' points to a region on the heap, and the original stack...
LiveProjects 1.0 - SQL Injection
Exploit Title: LiveProjects 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/liveprojects-complete-project-management-crm/10436800 Demo: http://liveprojects.livecrm.co/livecrm/web/ Version: 1.0 Category: Webapps Tested...
Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution
This is an advisory for CVE-2017-6327 which is an unauthenticated remote code execution flaw in the web interface of Symantec Messaging Gateway prior to and including version 10.6.3-2, which can be used to execute commands as root. Symantec Messaging Gateway, formerly known as Brightmail, is a...
QuantaStor Software Defined Storage < 4.3.1 - Multiple Vulnerabilities
--- Advisory details --- Title: QuantaStor Software Define Storage mmultiple vulnerabilities Advisory ID: VVVSEC-2017-6943 Advisory URL: http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt Date published: 12/08/2017 CVEs: CVE-2017-9978 "Brute force login request using http...
NoviFlow NoviWare < NW400.2.6 - Multiple Vulnerabilities
NoviFlow NoviWare = NW400.2.6 multiple vulnerabilities Introduction ========== NoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant switch software developed by NoviFlow and available for license to network equipment manufacturers. Multiple vulnerabilities were identified in the...
ZKTime Web Software 2.0 - Improper Access Restrictions
Exploit Title: ZKTime Web Software 2.0 - Broken Authentication CVE-ID: CVE-2017-14680 Vendor Homepage: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 2.0.1.12280 Category: WebApps Author: Arvind V. Author Social: @FindArvind...