47904 matches found
Country on Sale Script - SQL Injection
Exploit Title: Country on Sale Script - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: http://www.websitescripts.org/ Software: http://www.websitescripts.org/website-scripts/country-on-sale-script/prod53.html Demo: http://www.websitescripts.org/demo/countryonsalescript/ Version:...
Media Search Engine Script - 'search' SQL Injection
Exploit Title: Media Search Engine Script - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: http://www.websitescripts.org/ Software: http://www.websitescripts.org/website-scripts/media-search-engine-script/prod51.html Demo: http://www.websitescripts.org/demo/mediasearchengine/...
WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download
Exploit Title: WordPress Plugin Apptha Slider Gallery v1.0 - Arbitrary File Download Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.apptha.com/ Software: https://www.apptha.com/category/extension/Wordpress/apptha-slider-gallery Demo: http://www.apptha.com/demo/apptha-slider-galler...
WordPress Plugin Mac Photo Gallery 3.0 - Arbitrary File Download
Exploit Title: WordPress Plugin Mac Photo Gallery v3.0 - Arbitrary File Download Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.apptha.com/ Software: https://www.apptha.com/category/extension/Wordpress/Mac-Photo-Gallery Demo: http://www.apptha.com/demo/mac-photo-gallery Version: 3...
WordPress Plugin PICA Photo Gallery 1.0 - SQL Injection
Exploit Title: WordPress Plugin PICA Photo Gallery v1.0 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.apptha.com/ Software: https://www.apptha.com/category/extension/Wordpress/PICA-Photo-Gallery Demo: http://www.apptha.com/demo/pica-photo-gallery Version: 1.0 Test...
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 - Denial of Service
!/usr/bin/python Exploit Title: CVE-2017-6552 - Local DoS Buffer Overflow Livebox 3 Date: 09/03/2017 Exploit Author: Quentin Olagne Vendor Homepage: http://www.orange.fr/ Version: SG30sip-fr-5.15.8.1 Tested on: Livebox 3 - Sagemcom CVE : CVE-2017-6552 ''' Livebox router has its default IPv6 routi...
Drupal 7.x Module Services - Remote Code Execution
Exploit Title: Drupal 7.x Services Module Remote Code Execution Vendor Homepage: https://www.drupal.org/project/services Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website: https://www.ambionics.io/blog/drupal-services-module-rce !/usr/bin/php 'dixuSOspsOUU.php', 'data' = ...
Nlance 2.2 - SQL Injection
Exploit Title: Nlance - Freelance Marketplace Software v2.2 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/nlance Demo: http://demo.ncryptedprojects.com/nlance-ent/ Version: 2.2 Tested on: Win7 x64, Kali Linux x64...
TradeMart 1.1 - SQL Injection
Exploit Title: TradeMart - B2B Trading Software v1.1 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/trademart Demo: http://demo.ncryptedprojects.com/trademart/ Version: 1.1 Tested on: Win7 x64, Kali Linux x64 Exploit...
Fashmark 1.2 - 'category' SQL Injection
Exploit Title: Fashmark - eCommerce Script v1.2 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/fashmark Demo: http://demo.ncryptedprojects.com/fashmark-ent/ Version: 1.2 Tested on: Win7 x64, Kali Linux x64 Exploit...
BistroStays 3.0 - 'guests' SQL Injection
Exploit Title: BistroStays - Vacation Rental Software v3.0 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/bistrostays Demo: http://demo.ncryptedprojects.com/bistrostaysv3/ Version: 3.0 Tested on: Win7 x64, Kali Linux...
Busewe 1.2 - SQL Injection
Exploit Title: Busewe - Website Marketplace Software v1.2 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/busewe Demo: http://demo.ncryptedprojects.com/busewe/ Version: 1.2 Tested on: Win7 x64, Kali Linux x64 Exploit...
e107 < 2.1.4 - 'keyword' Blind SQL Injection
!/usr/bin/perl e107 = 2.1.4 "keyword" Blind SQL Injection Exploit -------------------------------------------------------------------------- Discovered by staker - stakerathotmaildotit Discovered on 09/03/2017 Site Vendor: http://www.e107.org BUG: Blind SQL Injection...
WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection
Exploit Title: WordPress Plugin Apptha Slider Gallery v1.0 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.apptha.com/ Software: https://www.apptha.com/category/extension/Wordpress/apptha-slider-gallery Demo: http://www.apptha.com/demo/apptha-slider-gallery Version:...
Wireless IP Camera (P2P) WIFICAM - Remote Code Execution
// Exploit-DB Note Source: https://pierrekim.github.io/advisories/expl-goahead-camera.c // Exploit-DB Note Credit: https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html include include include include include include include include define CAMPORT 80 define REMOTEHOST "192.168.1.1"...
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
======================================================================= title: Multiple vulnerabilities product: Navetti PricePoint vulnerable version: 4.6.0.0 fixed version: 4.7.0.0 or higher CVE number: - impact: high/critical homepage: http://www.navetti.com/ found: 2016-07-18 by: W. Schober...
Videohive Clone Script - SQL Injection
Exploit Title: Videohive Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://videohiveclone.bsetec.com/ Demo: http://www.bsetecdemo.com/videohiveclone/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Sencan...
Envato Clone Script - SQL Injection
Exploit Title: Envato Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://envatoclone.bsetec.com/ Demo: http://bsetecdemo.com/envatoclone/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Sencan Author Web:...
Audiojungle Clone Script - SQL Injection
Exploit Title: Audiojungle Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://audiojungleclone.bsetec.com/ Demo: http://www.bsetecdemo.com/audiojungleclone Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Senc...
Codecanyon Clone Script - SQL Injection
Exploit Title: Codecanyon Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://codecanyonclone.bsetec.com/ Demo: http://www.bsetecdemo.com/codecanyonclone/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Sencan...
Graphicriver Clone Script - SQL Injection
Exploit Title: Graphicriver Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://graphicriverclone.bsetec.com/ Demo: http://www.bsetecdemo.com/graphicriverclone/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...
Themeforest Clone Script - SQL Injection
Exploit Title: Themeforest Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://themeforestclone.bsetec.com/ Demo: http://www.bsetecdemo.com/marketplus/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Sencan...
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting
Cross-Site Scripting XSS Component: httpd CVE: CVE-2017-6547 Vulnerability: httpd checks in the function handlerequest if the requested file name is longer than 50 chars. It then responds with a redirection which allows an attacker to inject arbitrary JavaScript code into the router’s web interfa...
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution
Remote Code Execution Component: networkmap CVE: CVE-2017-6548 networkmap is responsible for generating a map of computers connected to the router. It continuously monitors the LAN to detect ARP requests submitted by unknown computers. When a new MAC address appears it will probe the related IP...
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing
Session Stealing Component: httpd CVE: CVE-2017-6549 Vulnerability: httpd uses the function searchtokeninlist to validate if a user is logged into the admin interface by checking his asustoken value. There seems to be a branch which could be a failed attempt to build in a logout functionality...
iBall Baton 150M Wireless Router - Authentication Bypass
Title: ==== iball Baton 150M Wireless router - Authentication Bypass Credit: ====== Name: Indrajith.A.N Website: https://www.indrajithan.com Date: ==== 07-03-2017 Vendor: ====== iball Envisioning the tremendous potential for innovative products required by the ever evolving users in computing and...
Bull/IBM AIX Clusterwatch/Watchware - Multiple Vulnerabilities
Bull Clusterwatch/Watchware is a VERY VERY OLD tool used by sysadmins to manage their AIX clusters. Marble effect in the web banner and questionable font: it smells the 90s ! Tool is mainly a web app with CGIs shell scripts and binaries and we have found three vulnerabilities in it: Trivial admin...
Evostream Media Server 1.7.1 (x64) - Denial of Service
Exploit Title: Evostream Media Server 1.7.1 – Built-in Webserver DoS Date: 2017-03-07 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: https://evostream.com/software-downloads/ Version: 1.7.1 Tested on: Windows Server 2008 R2 Standard x64 CVE : CVE-2017-64...
Azure Data Expert Ultimate 2.2.16 - Remote Buffer Overflow
Exploit Title: Azure Data Expert Ultimate 2.2.16 – buffer overflow Date: 2017-03-07 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://www.azuredex.com/downloads.html Version: 2.2.16 Tested on: Windows Server 2008 R2 Standard x64 CVE : CVE-2017-6506 T...
Mini CMS 1.1 - 'name' SQL Injection
Exploit Mini CMS v1.1 - SQL Injection Google Dork: N/A Date: 07.03.2017 Vendor Homepage: http://www.icloudcenter.com/ Software : http://www.icloudcenter.com/minicms.htm Demo: http://www.icloudcenter.net/demos/minicms/ Version: 1.1 Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Sencan...
Daily Deals Script 1.0 - 'id' SQL Injection
Exploit Daily Deals Script v1.0 - SQL Injection Google Dork: N/A Date: 07.03.2017 Vendor Homepage: http://www.icloudcenter.com/ Software : http://www.icloudcenter.com/dailydealssite.htm Demo: http://icloudcenter.net/demos/icgroupdeals/ Version: 1.0 Tested on: Win7 x64, Kali Linux x64 Exploit...
USBPcap 1.1.0.0 (WireShark 2.2.5) - Local Privilege Escalation
/ Exploit Title - USBPcap Null Pointer Dereference Privilege Escalation Date - 07th March 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://desowin.org/usbpcap/ Tested Version - 1.1.0.0 USB Packet capture for Windows bundled with WireShark 2.2.5 Driver Version - 1.1.0.0 -...
Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution
!/usr/bin/python -- coding: utf-8 -- import urllib2 import httplib def exploiturl, cmd: payload = "%='multipart/form-data'." payload += "[email protected]@DEFAULTMEMBERACCESS." payload += "memberAccess?" payload += "memberAccess=dm:" payload +=...
Yellow Pages Clone Script 1.3.4 - SQL Injection
Exploit Title: Yellow Pages Clone Script v1.3.4 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/yellow-pages-clone-script/ Demo: http://dexteritysolution.com/demo/directory/ Version: 1.3.4 Tested on...
PHP B2B Script 3.05 - SQL Injection
Exploit Title: PHP B2B Script v3.05 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/php-b2b-script/ Demo: http://readymadeb2bscript.com/product/basic/ Version: 3.05 Tested on: Win7 x64, Kali Linux x...
Network Community Script 3.0.2 - SQL Injection
Exploit Title: Network Community Script v3.0.2 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/network-community/ Demo: http://socialcommunityscript.com/products/businessnetwork/ Version: 3.0.2 Test...
MLM Membership Plan Script 2.0.5 - SQL Injection
Exploit Title: MLM Membership Plan Script v2.0.5 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-membership-plan-script/ Demo: http://74.124.215.220/membipmlm/ Version: 2.0.5 Tested on: Win7 x64...
Entrepreneur B2B Script 2.0.4 - 'id' SQL Injection
Exploit Title: Entrepreneur B2B Script v2.0.4 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/entrepreneur-b2b-script/ Demo: http://www.readymadeb2bscript.com/demo/entre-monicab2b/ Version: 2.0.4...
PHP Matrimonial Script 3.0 - SQL Injection
Exploit Title: Matrimonial Script v3.0 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/matrimonial-script/ Demo: http://74.124.215.220/matriialscrip/ Version: 3.0 Tested on: Win7 x64, Kali Linux x64...
Responsive Events & Movie Ticket Booking Script - SQL Injection
Exploit Title: Responsive Events & Movie Ticket Booking Script - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/responsive-events-movie-ticket-booking-script/ Demo:...
Groupon Clone Script 3.01 - 'catid' SQL Injection
Exploit Title: Groupon Clone Script v3.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/groupon-clone-script/ Demo: http://phpscriptsmall.info/demo/groupon-deal/ Version: 3.01 Tested on: Win7 x64,...
Redbus Clone Script 3.05 - 'hid_Busid' SQL Injection
Exploit Title: Redbus Clone Script v3.05 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/redbus-clone/ Demo: http://198.38.86.159/materialmag/demo/redbus-clone-responsive/ Version: 3.05 Tested on:...
Single Theater Booking Script - 'newsid' SQL Injection
Exploit Title: Single Theater Booking Script - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/single-theater-booking-script/ Demo:...
Entrepreneur Bus Booking Script 3.03 - 'hid_Busid' SQL Injection
Exploit Title: Entrepreneur Bus Booking Script v3.03 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/entrepreneur-bus-booking-script/ Demo: http://travelbookingscript.com/demo/busbooking/ Version:...
Advanced Bus Booking Script 2.04 - SQL Injection
Exploit Title: Advanced Bus Booking Script v2.04 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/advanced-bus-booking-script/ Demo: http://travelbookingscript.com/demo/newbusbooking/ Version: 2.04...
Schools Alert Management Script 2.01 - 'list_id' SQL Injection
Exploit Title: Schools Alert Management Script v2.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/schools-alert-management-system/ Demo: http://www.schoolcollageerp.com/schoolalert/ Version: 2.01...
MLM Forced Matrix 2.0.7 - SQL Injection
Exploit Title: MLM Forced Matrix v2.0.7 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-forced-matrix/ Demo: http://74.124.215.220/forctrix/ Version: 2.0.7 Tested on: Win7 x64, Kali Linux x64...
MLM Binary Plan Script 2.0.5 - SQL Injection
Exploit Title: MLM Binary Plan Script v2.0.5 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-binary-plan-script/ Demo: http://74.124.215.220/binamlm/ Version: 2.0.5 Tested on: Win7 x64, Kali Lin...
MLM Forex Market Plan Script 2.0.1 - SQL Injection
Exploit Title: MLM Forex Market Plan Script v2.0.1 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-forex-market-plan-script/ Demo: http://74.124.215.220/forexmlm/ Version: 2.0.1 Tested on: Win7...
Deluge Web UI 1.3.13 - Cross-Site Request Forgery
!-- Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13 Kyle Neideck, February 2017 Product ------- Deluge is a BitTorrent client available from http://deluge-torrent.org. Fix --- Fixed in the public source code, but not in binary releases yet. See...