47885 matches found
Envato Clone Script - SQL Injection
Exploit Title: Envato Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://envatoclone.bsetec.com/ Demo: http://bsetecdemo.com/envatoclone/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Sencan Author Web:...
Navetti PricePoint 4.6.0.0 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
======================================================================= title: Multiple vulnerabilities product: Navetti PricePoint vulnerable version: 4.6.0.0 fixed version: 4.7.0.0 or higher CVE number: - impact: high/critical homepage: http://www.navetti.com/ found: 2016-07-18 by: W. Schober...
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting
Cross-Site Scripting XSS Component: httpd CVE: CVE-2017-6547 Vulnerability: httpd checks in the function handlerequest if the requested file name is longer than 50 chars. It then responds with a redirection which allows an attacker to inject arbitrary JavaScript code into the router’s web interfa...
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing
Session Stealing Component: httpd CVE: CVE-2017-6549 Vulnerability: httpd uses the function searchtokeninlist to validate if a user is logged into the admin interface by checking his asustoken value. There seems to be a branch which could be a failed attempt to build in a logout functionality...
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution
Remote Code Execution Component: networkmap CVE: CVE-2017-6548 networkmap is responsible for generating a map of computers connected to the router. It continuously monitors the LAN to detect ARP requests submitted by unknown computers. When a new MAC address appears it will probe the related IP...
Wireless IP Camera (P2P) WIFICAM - Remote Code Execution
// Exploit-DB Note Source: https://pierrekim.github.io/advisories/expl-goahead-camera.c // Exploit-DB Note Credit: https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html include include include include include include include include define CAMPORT 80 define REMOTEHOST "192.168.1.1"...
Mini CMS 1.1 - 'name' SQL Injection
Exploit Mini CMS v1.1 - SQL Injection Google Dork: N/A Date: 07.03.2017 Vendor Homepage: http://www.icloudcenter.com/ Software : http://www.icloudcenter.com/minicms.htm Demo: http://www.icloudcenter.net/demos/minicms/ Version: 1.1 Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Sencan...
Daily Deals Script 1.0 - 'id' SQL Injection
Exploit Daily Deals Script v1.0 - SQL Injection Google Dork: N/A Date: 07.03.2017 Vendor Homepage: http://www.icloudcenter.com/ Software : http://www.icloudcenter.com/dailydealssite.htm Demo: http://icloudcenter.net/demos/icgroupdeals/ Version: 1.0 Tested on: Win7 x64, Kali Linux x64 Exploit...
Azure Data Expert Ultimate 2.2.16 - Remote Buffer Overflow
Exploit Title: Azure Data Expert Ultimate 2.2.16 – buffer overflow Date: 2017-03-07 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://www.azuredex.com/downloads.html Version: 2.2.16 Tested on: Windows Server 2008 R2 Standard x64 CVE : CVE-2017-6506 T...
Bull/IBM AIX Clusterwatch/Watchware - Multiple Vulnerabilities
Bull Clusterwatch/Watchware is a VERY VERY OLD tool used by sysadmins to manage their AIX clusters. Marble effect in the web banner and questionable font: it smells the 90s ! Tool is mainly a web app with CGIs shell scripts and binaries and we have found three vulnerabilities in it: Trivial admin...
Evostream Media Server 1.7.1 (x64) - Denial of Service
Exploit Title: Evostream Media Server 1.7.1 – Built-in Webserver DoS Date: 2017-03-07 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: https://evostream.com/software-downloads/ Version: 1.7.1 Tested on: Windows Server 2008 R2 Standard x64 CVE : CVE-2017-64...
Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution
!/usr/bin/python -- coding: utf-8 -- import urllib2 import httplib def exploiturl, cmd: payload = "%='multipart/form-data'." payload += "[email protected]@DEFAULTMEMBERACCESS." payload += "memberAccess?" payload += "memberAccess=dm:" payload +=...
iBall Baton 150M Wireless Router - Authentication Bypass
Title: ==== iball Baton 150M Wireless router - Authentication Bypass Credit: ====== Name: Indrajith.A.N Website: https://www.indrajithan.com Date: ==== 07-03-2017 Vendor: ====== iball Envisioning the tremendous potential for innovative products required by the ever evolving users in computing and...
USBPcap 1.1.0.0 (WireShark 2.2.5) - Local Privilege Escalation
/ Exploit Title - USBPcap Null Pointer Dereference Privilege Escalation Date - 07th March 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://desowin.org/usbpcap/ Tested Version - 1.1.0.0 USB Packet capture for Windows bundled with WireShark 2.2.5 Driver Version - 1.1.0.0 -...
Advanced Bus Booking Script 2.04 - SQL Injection
Exploit Title: Advanced Bus Booking Script v2.04 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/advanced-bus-booking-script/ Demo: http://travelbookingscript.com/demo/newbusbooking/ Version: 2.04...
Entrepreneur Bus Booking Script 3.03 - 'hid_Busid' SQL Injection
Exploit Title: Entrepreneur Bus Booking Script v3.03 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/entrepreneur-bus-booking-script/ Demo: http://travelbookingscript.com/demo/busbooking/ Version:...
Single Theater Booking Script - 'newsid' SQL Injection
Exploit Title: Single Theater Booking Script - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/single-theater-booking-script/ Demo:...
Responsive Events & Movie Ticket Booking Script - SQL Injection
Exploit Title: Responsive Events & Movie Ticket Booking Script - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/responsive-events-movie-ticket-booking-script/ Demo:...
Online Cinema and Event Booking Script 2.01 - 'newsid' SQL Injection
Exploit Title: Online Cinema and Event Booking Script v2.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/online-cinema-and-event-booking-script/ Demo:...
Redbus Clone Script 3.05 - 'hid_Busid' SQL Injection
Exploit Title: Redbus Clone Script v3.05 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/redbus-clone/ Demo: http://198.38.86.159/materialmag/demo/redbus-clone-responsive/ Version: 3.05 Tested on:...
Groupon Clone Script 3.01 - 'catid' SQL Injection
Exploit Title: Groupon Clone Script v3.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/groupon-clone-script/ Demo: http://phpscriptsmall.info/demo/groupon-deal/ Version: 3.01 Tested on: Win7 x64,...
Naukri Clone Script 3.02 - 'type' SQL Injection
Exploit Title: Naukri Clone Script v3.02 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://phpscriptsmall.com/product/naukri-clone-script/ Demo: http://phpscriptsmall.biz/demo/jobsite/ Version: 3.02 Tested on: Win7 x64, Kali Linux...
Yellow Pages Clone Script 1.3.4 - SQL Injection
Exploit Title: Yellow Pages Clone Script v1.3.4 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/yellow-pages-clone-script/ Demo: http://dexteritysolution.com/demo/directory/ Version: 1.3.4 Tested on...
Advanced Matrimonial Script 2.0.3 - SQL Injection
Exploit Title: Advanced Matrimonial Script v2.0.3 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/advanced-matrimonial/ Demo: http://74.124.215.220/admatrimon/ Version: 2.0.3 Tested on: Win7 x64, Ka...
Advanced Real Estate Script 4.0.6 - SQL Injection
Exploit Title: Advanced Real Estate Script v4.0.6 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/advanced-real-estate-script/ Demo: http://www.phprealestatescript.org/advancedrealestate/ Version:...
PHP Classifieds Rental Script 3.6.0 - 'scatid' SQL Injection
Exploit Title: PHP Classifieds Rental Script v3.6.0 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/php-classifieds-rental-script/ Demo: http://198.38.86.159/classifiedscript/ Version: 3.6.0 Tested...
Entrepreneur B2B Script 2.0.4 - 'id' SQL Injection
Exploit Title: Entrepreneur B2B Script v2.0.4 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/entrepreneur-b2b-script/ Demo: http://www.readymadeb2bscript.com/demo/entre-monicab2b/ Version: 2.0.4...
PHP Matrimonial Script 3.0 - SQL Injection
Exploit Title: Matrimonial Script v3.0 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/matrimonial-script/ Demo: http://74.124.215.220/matriialscrip/ Version: 3.0 Tested on: Win7 x64, Kali Linux x64...
MLM Binary Plan Script 2.0.5 - SQL Injection
Exploit Title: MLM Binary Plan Script v2.0.5 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-binary-plan-script/ Demo: http://74.124.215.220/binamlm/ Version: 2.0.5 Tested on: Win7 x64, Kali Lin...
MLM Forced Matrix 2.0.7 - SQL Injection
Exploit Title: MLM Forced Matrix v2.0.7 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-forced-matrix/ Demo: http://74.124.215.220/forctrix/ Version: 2.0.7 Tested on: Win7 x64, Kali Linux x64...
MLM Membership Plan Script 2.0.5 - SQL Injection
Exploit Title: MLM Membership Plan Script v2.0.5 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-membership-plan-script/ Demo: http://74.124.215.220/membipmlm/ Version: 2.0.5 Tested on: Win7 x64...
Multireligion Responsive Matrimonial Script 4.7.1 - SQL Injection
Exploit Title: Multireligion Responsive Matrimonial Script v4.7.1 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/multireligion-responsive-matrimonial/ Demo:...
Network Community Script 3.0.2 - SQL Injection
Exploit Title: Network Community Script v3.0.2 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/network-community/ Demo: http://socialcommunityscript.com/products/businessnetwork/ Version: 3.0.2 Test...
PHP B2B Script 3.05 - SQL Injection
Exploit Title: PHP B2B Script v3.05 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/php-b2b-script/ Demo: http://readymadeb2bscript.com/product/basic/ Version: 3.05 Tested on: Win7 x64, Kali Linux x...
Responsive Matrimonial Script 4.0.1 - SQL Injection
Exploit Title: Responsive Matrimonial Script v4.0.1 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/responsive-matrimonial/ Demo: http://74.124.215.220/responsivematri/ Version: 4.0.1 Tested on: Win...
Schools Alert Management Script 2.01 - 'list_id' SQL Injection
Exploit Title: Schools Alert Management Script v2.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/schools-alert-management-system/ Demo: http://www.schoolcollageerp.com/schoolalert/ Version: 2.01...
Select Your College Script 2.01 - SQL Injection
Exploit Title: Select Your College Script v2.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/select-your-college-script/ Demo: http://schoolcollageerp.com/selectyourcollege/ Version: 2.01 Tested...
Social Network Script 3.01 - 'id' SQL Injection
Exploit Title: Social Network Script v3.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/social-network-script/ Demo: http://myeliteprofile.com/ Version: 3.01 Tested on: Win7 x64, Kali Linux x64...
CyberGhost 6.0.4.2205 - Local Privilege Escalation
Exploit CyberGhost 6.0.4.2205 Privilege Escalation Date: 06.03.2017 Software Link: http://www.cyberghostvpn.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1. Description CG6Service service has method...
Website Broker Script 3.02 - 'view' SQL Injection
Exploit Title: Website Broker Script v3.02 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/website-broker-script/ Demo: http://www.officialwebsiteforsale.com/official/ Version: 3.02 Tested on: Win7...
Deluge Web UI 1.3.13 - Cross-Site Request Forgery
!-- Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13 Kyle Neideck, February 2017 Product ------- Deluge is a BitTorrent client available from http://deluge-torrent.org. Fix --- Fixed in the public source code, but not in binary releases yet. See...
MLM Forex Market Plan Script 2.0.1 - SQL Injection
Exploit Title: MLM Forex Market Plan Script v2.0.1 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-forex-market-plan-script/ Demo: http://74.124.215.220/forexmlm/ Version: 2.0.1 Tested on: Win7...
MikroTik Router - ARP Table OverFlow Denial Of Service
/ Exploit Title: MikroTik Router Denial Of Service | ARP Table OverFlow Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: https://mikrotik.com/ Affected Series: Hap Lite Version: 6.25 Tested on: Parrot Security OS Date: 04-3-2017 Category: Network Appliance Vulnerable Part: TCP Stack...
Joomla! Component JUX EventOn 1.0.1 - 'id' SQL Injection
Exploit Title: Joomla! Component JUX EventOn v1.0.1 - SQL Injection Google Dork: inurl:index.php?option=comjuxeventon Date: 04.03.2017 Vendor Homepage: http://joomlaux.com/ Software Buy: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/jux-eventon/ Demo:...
Joomla! Component Monthly Archive 3.6.4 - 'author_form' SQL Injection
Exploit Title: Joomla! Component Monthly Archive v3.6.4 - SQL Injection Google Dork: inurl:index.php?option=commonthlyarchive Date: 04.03.2017 Vendor Homepage: http://web357.eu/ Software Buy: https://extensions.joomla.org/extensions/extension/news-display/articles-display/monthly-archive/ Demo:...
Joomla! Component AYS Quiz 1.0 - 'id' SQL Injection
Exploit Title: Joomla! Component AYS Quiz v1.0 - SQL Injection Google Dork: inurl:index.php?option=comaysquiz Date: 04.03.2017 Vendor Homepage: http://ays-pro.com/ Software Buy: https://extensions.joomla.org/extensions/extension/living/education-a-culture/ays-quiz/ Demo:...
Joomla! Component Content ConstructionKit 1.1 - SQL Injection
Exploit Title: Joomla! Component Content ConstructionKit v1.1 - SQL Injection Google Dork: inurl:index.php?option=comoscck Date: 04.03.2017 Vendor Homepage: http://ordasoft.com/ Software Buy: http://ordasoft.com/cck-content-construction-kit-for-joomla.html Demo:...
Joomla! Component AltaUserPoints 1.1 - 'userid' SQL Injection
Exploit Title: Joomla! Component AltaUserPoints v1.1 - SQL Injection Google Dork: inurl:index.php?option=comaltauserpoints Date: 04.03.2017 Vendor Homepage: https://www.nordmograph.com/ Software: https://extensions.joomla.org/extensions/extension/e-commerce/credits-a-point-systems/altauserpoints/...
Linux/x86-64 - NetCat Reverse Shell Shellcode (72 bytes)
Linux/x86-64 - NetCat Reverse Shell Shellcode 72 bytes. Shellcode exploit for Linx86-64 platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files the “Software...
Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode (106 bytes)
Linux/x86-64 - Polymorphic NetCat Reverse Shell Shellcode 106 bytes. Shellcode exploit for Linx86-64 platform ;The MIT License MIT ;Copyright c 2017 Robert L. Taylor ;Permission is hereby granted, free of charge, to any person obtaining a ;copy of this software and associated documentation files...