asgbookPHP 1.9 - index.php Cross-Site Scripting

asgbookPHP 1.9 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/50167/info asgbookphp is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary HTML and script...

SCP Client - Multiple Vulnerabilities (SSHtranger Things)

SCP Client - Multiple Vulnerabilities SSHtranger Things Exploit Title: SSHtranger Things Date: 2019-01-17 Exploit Author: Mark E. Haase Vendor Homepage: https://www.openssh.com/ Software Link: download link if available Version: OpenSSH 7.6p1 Tested on: Ubuntu 18.04.1 LTS CVE : CVE-2019-6111,...

WikkaWiki 1.3.2 - Multiple Vulnerabilities

WikkaWiki 1.3.2 - Multiple Vulnerabilities ---------------------------------------------------- WikkaWiki Query" 142. UPDATE ".$this-GetConfigValue'tableprefix'."users 143. SET email = '".mysqlrealescapestring$email."', 144. doubleclickedit = '".mysqlrealescapestring$doubleclickedit."', 145...

Alex Guestbook - Multiple Vulnerabilities

Alex Guestbook - Multiple Vulnerabilities ============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || ============================================================================== » Note :...

OpenSSH SCP Client - Write Arbitrary Files

OpenSSH SCP Client - Write Arbitrary Files ''' Title: SSHtranger Things Author: Mark E. Haase Homepage: https://www.hyperiongray.com Date: 2019-01-17 CVE: CVE-2019-6111, CVE-2019-6110 Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Tested on: Ubuntu 18.04.1 LTS,...

StatusNetLaconica 0.7.40.8.20.9.0beta3 - Arbitrary File Reading

StatusNetLaconica 0.7.40.8.20.9.0beta3 - Arbitrary File Reading +-------------------------------------------------------------------------------+ + StatusNet/Laconica title = $this-trimmed'title'; $this-filename = INSTALLDIR.'/doc-src/'.$this-title; //1 if !fileexists$this-filename...

Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation

Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation ?php CARPE DIEM: CVE-2019-0211 Apache Root Privilege Escalation Charles Fol @cfreal 2019-04-08 INFOS https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html USAGE 1. Upload exploit to Apache HTTP serv...

DZCP (deV!L_z Clanportal) 1.5.3 - Multiple Vulnerabilities

DZCP deV!Lz Clanportal 1.5.3 - Multiple Vulnerabilities ======================================================================================== | Title : deV!Lz Clanportal V1.5 Mullti Vulnerability | Author : indoushka | email : [email protected] | Home : www.iqs3cur1ty.com/vb | Script : CMS...

myUPB 2.2.6 - Multiple Vulnerabilities

myUPB 2.2.6 - Multiple Vulnerabilities =============== altbta ====================== Name: myUPB = v2.2.6 Multiple Vulnerabilities Download: http://sourceforge.net/projects/textmb/files/UPB/ Vulnerability: CSRF privilege escalation Tested on: 2.2.6 Author : altbta [email protected] Dork: "Powered by...

Esotalk CMS 1.0.0g4 - Cross-Site Scripting

Esotalk CMS 1.0.0g4 - Cross-Site Scripting / Exploit Title: esotalk cms topics xss vulnerability Google Dork: powered by esotalk Date: 2014-11-01 Vul Author: Evi1m0ff0000team Vul Advisory: http://www.hackersoul.com/post/ff0000-hsdb-0006.html Vendor Homepage: http://esotalk.org/ Software Link:...

PHP weby directory software 1.2 - Multiple Vulnerabilities

PHP weby directory software 1.2 - Multiple Vulnerabilities =========================================== Vulnerable Software: PHP Weby directory software version 1.2 Vendor: http://phpweby.com Download: htp://phpweby.com/down/phpwebydirectory.zip Vuln: Blind SQL injection && CSRF Dork: intext:Power...

Site Sift Listings - id SQL Injection

Site Sift Listings - id SQL Injection powered by Site Sift scripts SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 BLOG : http://my.opera.com/SQL-Injection/blog/ MAiL : [email protected] DORK 1 : powered by Site Sift DORK 2 : allinurl: "index php go addpage"...

VidiScript - SQL Injection

VidiScript - SQL Injection ====================================== VidiScript Sql Injection Vulnerability ====================================== + Title: VidiScript Sql Injection Vulnerability + Date: 23.02.2011 + Author: ThEtA.Nu + Software Link: VidiScript.com + Where : From Remote Founded by :...

Maian Guestbook 3.2 - Insecure Cookie Handling

Maian Guestbook 3.2 - Insecure Cookie Handling -+================================================================================+- -+ Maian Guestbook = 3.2 Insecure Cookie Handling Vulnerability +- -+================================================================================+- Discovered By...

BoastMachine 3.1 - mail.php id SQL Injection

BoastMachine 3.1 - mail.php id SQL Injection ...:::::boastMachine =3.1 SQL Injection Vulnerbility ::::.... Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members &...

OpenSSH 7.2 - Denial of Service

OpenSSH 7.2 - Denial of Service Title : OpenSSH before 7.3 Crypt CPU Consumption DoS Vulnerability Author : Kashinath T [email protected] www.secpod.com Vendor : http://www.openssh.com/ Software : http://www.openssh.com/ Version : OpenSSH before 7.3 Tested on : Ubuntu 16.04 LTS, Centos 7 CVE ...

IndexScript 2.8 - cat_id SQL Injection

IndexScript 2.8 - catid SQL Injection Site: http://indexscript.com Found By: xssvgamer Google Dork: allintext: "This site is powered by IndexScript" exploit: http://www.example.com/showcat.php?catid=-1 UNION ALL SELECT login,password FROM dirlogin / Blind SQL injection in indexscript.. Vul Code:...

OpenSSH 2.3 7.7 - Username Enumeration

OpenSSH 2.3 7.7 - Username Enumeration Exploit: OpenSSH 7.7 - Username Enumeration Author: Justin Gardner Date: 2018-08-20 Software: https://ftp4.usa.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.7.tar.gz Affected Versions: OpenSSH version 7.7 CVE: CVE-2018-15473 / \ / / | | | | | | | | | | | || | | ...

MGB OpenSource Guestbook 0.7.0.2 - id SQL Injection

MGB OpenSource Guestbook 0.7.0.2 - id SQL Injection Exploit Title: MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection Dork: N/A Date: 2018-10-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.m-gb.org/ Software Link: https://sourceforge.net/projects/mopzz-gb/files/latest/download...

easyLink 1.1.0 - detail.php SQL Injection

easyLink 1.1.0 - detail.php SQL Injection ================================================================================ easyLink V1.1.0 detail.php Remote SQL Injection Vulnerability ================================================================================ Discovered By: Egypt Coder home...

Indexu 5.05.3 - suggest_category.php?Error_msg Cross-Site Scripting

Indexu 5.05.3 - suggestcategory.php?Errormsg Cross-Site Scripting source: https://www.securityfocus.com/bid/22084/info Indexu is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrar...

OpenSSH 7.7 - User Enumeration (2)

OpenSSH 7.7 - User Enumeration 2 !/usr/bin/env python2 CVE-2018-15473 SSH User Enumeration by Leap Security @LeapSecurity https://leapsecurity.io Credits: Matthew Daley, Justin Gardner, Lee David Painter import argparse, logging, paramiko, socket, sys, os class InvalidUsernameException: pass...

cpDynaLinks 1.02 - category.php SQL Injection

cpDynaLinks 1.02 - category.php SQL Injection !/usr/bin/perl cpDynaLinks 1.02 Remote Sql Inyection exploit download: http://www.cplinks.com/download/cpdynalinks/cpdynalinksversion102full.zip bug found by s0cratex exploit written by ka0x D.O.M TEAM 2007 d0rk: Powered by cpDynaLinks need...

phpDolphin 2.0.5 - Multiple Vulnerabilities

phpDolphin 2.0.5 - Multiple Vulnerabilities Exploit Title: phpDolphin http://target.com/index.php?a=search&q=teste&filter=m"XSS CSRF ==== We've found no protection against CSRF Cross-site Request Forgery, which made possible to do any kind of act on a user or admin account. NO FORMS are secured a...

Apache 2.2.34 2.4.27 - OPTIONS Memory Leak

Apache 2.2.34 2.4.27 - OPTIONS Memory Leak !/usr/bin/env python3 Optionsbleed proof of concept test by Hanno Böck import argparse import urllib3 import re def testbleedurl, args: r = pool.request'OPTIONS', url try: allow = strr.headers"Allow" except KeyError: return False if allow in dup: return...

Vlbook 1.21 - Cross-Site Scripting Local File Inclusion

Vlbook 1.21 - Cross-Site Scripting Local File Inclusion vlBook 1.21 ALL VERSION Multiple Remote Vulnerabilities LFI/XSS AUTHOR : IRCRASH Dr.Crash Or Khashayar Fereidani Discovered by : IRCRASH Dr.Crash Or Khashayar Fereidani Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash Or Khashay...

PHPizabi 0.848b C1 HFP1 - Arbitrary File Upload

PHPizabi 0.848b C1 HFP1 - Arbitrary File Upload Powered by PHPizabi v0.848b C1 HFP1 remote file upload author: ZoRLu home: www.yildirimordulari.org contact: [email protected] dork: "Powered by PHPizabi v0.848b C1 HFP1" exploit: http://localhost/izabi/system/cache/pictures/idshell.php -first...

DokuWiki 2006-03-09b - dwpage.php System Disclosure

DokuWiki 2006-03-09b - dwpage.php System Disclosure !/usr/bin/php -q -d shortopentag=on out.html php '.$argv0.' localhost /wiki/ ../conf/mysql.conf.php -p81 out.html then see out.html -------------------------------------------------------------------------------- '; die; / it uses the same...

Pligg CMS 9.9.0 - Remote Code Execution

Pligg CMS 9.9.0 - Remote Code Execution !/usr/bin/perl -w use LWP::UserAgent; use MIME::Base64; use Digest::MD5 qwmd5hex; use Getopt::Std; getopts'h:', %args; print "\n"; print " Pligg new; $http-agent'Mozilla/5.0 Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1 Gecko/2008070208 Firefox/3.0.1';...

PHPizabi 0.848b C1 HFP3 - Database Information Disclosure

PHPizabi 0.848b C1 HFP3 - Database Information Disclosure -------------------------------------------------------- PHPizabi v0.848b C1 HFP3 database information exposure -------------------------------------------------------- I would like to state that I am in no way responsible for how this...

eSyndiCat Directory Software - Multiple SQL Injections

eSyndiCat Directory Software - Multiple SQL Injections eSyndiCat: Multiple SQL Injection's http://www.esyndicat.net/ ---------------------------------------------------------- Exploit coded and founded by d3v1l Date: 14.07.2007 [email protected]...

DokuWiki 2006-03-09b - dwpage.php Remote Code Execution

DokuWiki 2006-03-09b - dwpage.php Remote Code Execution !/usr/bin/php -q -d shortopentag=on ? printr' -------------------------------------------------------------------------------- DokuWiki = 2006-03-09b release /bin/dwpage.php remote commands execution xploit by rgod [email protected] site:...

ClipShare 2.6 - Remote User Password Change

ClipShare 2.6 - Remote User Password Change !/usr/bin/perl -w priv8 Pr0metheuS Exploit Name: Clipshare Remote User Password Change Exploit Version Script: Clipshare 2.6 Dork: "Powered by Clipshare" EnjoY print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"; print "\nClipshare 2.6 Remote User...

Scripts Genie Top Sites - out.php?id SQL Injection

Scripts Genie Top Sites - out.php?id SQL Injection / / / \ / / / / / / / / / / / // / / / / / / // / // / / / / | // / / / / / // / / / // / /,// /////,// ///// , / // Top Sites Script, SQL Injection Vulnerabilities Software Page:...

glFusion 1.1.2 - COM_applyFilter()order SQL Injection

glFusion 1.1.2 - COMapplyFilterorder SQL Injection = 4.1 php.ini independent our site: http://retrogod.altervista.org/ software site: http://www.glfusion.org/ google dork: "Page created in" "seconds by glFusion" +RSS Vulnerability, sql injection in 'order' and 'direction' arguments: look...

MidiCart PHP - Item_List.php?MainGroup SQL Injection

MidiCart PHP - ItemList.php?MainGroup SQL Injection source: https://www.securityfocus.com/bid/13513/info MidiCart PHP is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker ...

Apache - Denial of Service

Apache - Denial of Service / This is a reverse engineered version of the exploit for CVE-2011-3192 made by ev1lut10n http://jayakonstruksi.com/backupintsec/rapache.tgz. Copyright 2011 Ramon de C Valle Compile with the following command: gcc -Wall -pthread -o rcvalle-rapache rcvalle-rapache.c /...

PHPizabi 0.848b C1 HFP1 - Remote Code Execution

PHPizabi 0.848b C1 HFP1 - Remote Code Execution !/usr/bin/perl inphex PHPizabi v0.848b C1 HFP1 Remote Code Execution http://www.dz-secure.com/tools/1/WebESploit.pl.txt if you are seeking for a partner to work on some projects just send an email inphex0 at gmail dot com system/vcronproc.php if...

DZCP (deV!L_z Clanportal) 1.3.6 - Arbitrary File Upload

DZCP deV!Lz Clanportal 1.3.6 - Arbitrary File Upload S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP code a...

Apache mod_session_crypto - Padding Oracle

Apache modsessioncrypto - Padding Oracle ''' Advisory: Padding Oracle in Apache modsessioncrypto During a penetration test, RedTeam Pentesting discovered a Padding Oracle vulnerability in modsessioncrypto of the Apache web server. This vulnerability can be exploited to decrypt the session data an...

Samba 3.5.0 - Remote Code Execution

Samba 3.5.0 - Remote Code Execution ! /usr/bin/env python Title : ETERNALRED Date: 05/24/2017 Exploit Author: steelo Vendor Homepage: https://www.samba.org Samba 3.5.0 - 4.5.4/4.5.10/4.4.14 CVE-2017-7494 import argparse import os.path import sys import tempfile import time from smb.SMBConnection...

Argus Surveillance DVR 4.0.0.0 - Privilege Escalation

Argus Surveillance DVR 4.0.0.0 - Privilege Escalation...

MediaXxx Adult Video Media Script - SQL Injection

MediaXxx Adult Video Media Script - SQL Injection Exploit Title: MediaXxx Adult Video / Media Script SQL Injection Date: 19/05/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Software: MediaXxx http://www.mediaxxxscript.com/ Test...

Pligg CMS 9.9.0 - story.php SQL Injection

Pligg CMS 9.9.0 - story.php SQL Injection || | | Pligg Beta 9.9.0 id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script : http://www.pligg.com/ | |...

Article Management System 2.1.2 - Reinstall

Article Management System 2.1.2 - Reinstall ======================================================================================== | Title : ArticleMS Article Management System 2.1.2 Reinstall Vulnerability | Author : indoushka | email : [email protected] | Dork : Powered by ArticleMS from...

Dnsmasq 2.78 - Integer Underflow

Dnsmasq 2.78 - Integer Underflow ''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option i...

elgg 1.5 - _cssjs.php Local File Inclusion

elgg 1.5 - cssjs.php Local File Inclusion Product: elgg.org Version: dbname,$mysqldblink 48: if $simplecacheenabled || $override 49: $filename = $dataroot . 'viewssimplecache/' . md5$viewtype . $view; 51: $contents = filegetcontents$filename; 56: else 59: $contents = elggview$view;...

PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution

PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution !/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL...

WeBid 1.0.6 - Multiple Vulnerabilities

WeBid 1.0.6 - Multiple Vulnerabilities Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability Google Dork: intext:"Powered by WeBid" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Vendor: http://www.webidsupport.com/ Software Link:...

DZCP (deV!L_z Clanportal) 1.4.5 - Remote File Disclosure

DZCP deV!Lz Clanportal 1.4.5 - Remote File Disclosure DZCP Devilz Clanportal = 1.4.5 Mysql Data viewable Found by: Kiba Solution: Install security Fix! Exploit: http://SITE/PATH/inc/filebrowser/browser.php?file=inc/mysql.php Example:...