41207 matches found
Busewe 1.2 - SQL Injection
Busewe 1.2 - SQL Injection Exploit Title: Busewe - Website Marketplace Software v1.2 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/busewe Demo: http://demo.ncryptedprojects.com/busewe/ Version: 1.2 Tested on: Win7...
Drupal 7.x Module Services - Remote Code Execution
Drupal 7.x Module Services - Remote Code Execution Exploit Title: Drupal 7.x Services Module Remote Code Execution Vendor Homepage: https://www.drupal.org/project/services Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website:...
Media Search Engine Script - search SQL Injection
Media Search Engine Script - search SQL Injection Exploit Title: Media Search Engine Script - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: http://www.websitescripts.org/ Software: http://www.websitescripts.org/website-scripts/media-search-engine-script/prod51.html Demo:...
WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download
WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download Exploit Title: WordPress Plugin Apptha Slider Gallery v1.0 - Arbitrary File Download Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.apptha.com/ Software:...
WordPress Plugin PICA Photo Gallery 1.0 - SQL Injection
WordPress Plugin PICA Photo Gallery 1.0 - SQL Injection Exploit Title: WordPress Plugin PICA Photo Gallery v1.0 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.apptha.com/ Software: https://www.apptha.com/category/extension/Wordpress/PICA-Photo-Gallery Demo:...
Country on Sale Script - SQL Injection
Country on Sale Script - SQL Injection Exploit Title: Country on Sale Script - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: http://www.websitescripts.org/ Software: http://www.websitescripts.org/website-scripts/country-on-sale-script/prod53.html Demo:...
Soundify 1.1 - tid SQL Injection
Soundify 1.1 - tid SQL Injection Exploit Title: Soundify - Audio Sharing Software v1.1 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/soundify Demo: http://demo.ncryptedprojects.com/soundify/ Version: N/A Tested on:...
WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection
WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection Exploit Title: WordPress Plugin Apptha Slider Gallery v1.0 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.apptha.com/ Software: https://www.apptha.com/category/extension/Wordpress/apptha-slider-gallery Demo...
TradeMart 1.1 - SQL Injection
TradeMart 1.1 - SQL Injection Exploit Title: TradeMart - B2B Trading Software v1.1 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/trademart Demo: http://demo.ncryptedprojects.com/trademart/ Version: 1.1 Tested on: Wi...
Fashmark 1.2 - category SQL Injection
Fashmark 1.2 - category SQL Injection Exploit Title: Fashmark - eCommerce Script v1.2 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/fashmark Demo: http://demo.ncryptedprojects.com/fashmark-ent/ Version: 1.2 Tested o...
WordPress Plugin Mac Photo Gallery 3.0 - Arbitrary File Download
WordPress Plugin Mac Photo Gallery 3.0 - Arbitrary File Download Exploit Title: WordPress Plugin Mac Photo Gallery v3.0 - Arbitrary File Download Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.apptha.com/ Software:...
e107 2.1.4 - keyword Blind SQL Injection
e107 2.1.4 - keyword Blind SQL Injection !/usr/bin/perl e107 = 2.1.4 "keyword" Blind SQL Injection Exploit -------------------------------------------------------------------------- Discovered by staker - stakerathotmaildotit Discovered on 09/03/2017 Site Vendor: http://www.e107.org BUG: Blind SQ...
Nlance 2.2 - SQL Injection
Nlance 2.2 - SQL Injection Exploit Title: Nlance - Freelance Marketplace Software v2.2 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/nlance Demo: http://demo.ncryptedprojects.com/nlance-ent/ Version: 2.2 Tested on:...
Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 - Denial of Service
Livebox 3 Sagemcom SG30sip-fr-5.15.8.1 - Denial of Service !/usr/bin/python Exploit Title: CVE-2017-6552 - Local DoS Buffer Overflow Livebox 3 Date: 09/03/2017 Exploit Author: Quentin Olagne Vendor Homepage: http://www.orange.fr/ Version: SG30sip-fr-5.15.8.1 Tested on: Livebox 3 - Sagemcom CVE :...
Videohive Clone Script - SQL Injection
Videohive Clone Script - SQL Injection Exploit Title: Videohive Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://videohiveclone.bsetec.com/ Demo: http://www.bsetecdemo.com/videohiveclone/ Version: N/A Tested on: Win7 x64, Kali...
Audiojungle Clone Script - SQL Injection
Audiojungle Clone Script - SQL Injection Exploit Title: Audiojungle Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://audiojungleclone.bsetec.com/ Demo: http://www.bsetecdemo.com/audiojungleclone Version: N/A Tested on: Win7 x64,...
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Remote Code Execution
ASUSWRT RT-AC53 3.0.0.4.380.6038 - Remote Code Execution Remote Code Execution Component: networkmap CVE: CVE-2017-6548 networkmap is responsible for generating a map of computers connected to the router. It continuously monitors the LAN to detect ARP requests submitted by unknown computers. When...
Wireless IP Camera (P2P) WIFICAM - Remote Code Execution
Wireless IP Camera P2P WIFICAM - Remote Code Execution // Exploit-DB Note Source: https://pierrekim.github.io/advisories/expl-goahead-camera.c // Exploit-DB Note Credit: https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html include include include include include include include...
Codecanyon Clone Script - SQL Injection
Codecanyon Clone Script - SQL Injection Exploit Title: Codecanyon Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://codecanyonclone.bsetec.com/ Demo: http://www.bsetecdemo.com/codecanyonclone/ Version: N/A Tested on: Win7 x64, Kal...
Themeforest Clone Script - SQL Injection
Themeforest Clone Script - SQL Injection Exploit Title: Themeforest Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://themeforestclone.bsetec.com/ Demo: http://www.bsetecdemo.com/marketplus/ Version: N/A Tested on: Win7 x64, Kali...
Envato Clone Script - SQL Injection
Envato Clone Script - SQL Injection Exploit Title: Envato Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://envatoclone.bsetec.com/ Demo: http://bsetecdemo.com/envatoclone/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit...
Graphicriver Clone Script - SQL Injection
Graphicriver Clone Script - SQL Injection Exploit Title: Graphicriver Clone Script - SQL Injection Google Dork: N/A Date: 08.03.2017 Vendor Homepage: http://bsetec.com/ Software : http://graphicriverclone.bsetec.com/ Demo: http://www.bsetecdemo.com/graphicriverclone/ Version: N/A Tested on: Win7...
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Cross-Site Scripting
ASUSWRT RT-AC53 3.0.0.4.380.6038 - Cross-Site Scripting Cross-Site Scripting XSS Component: httpd CVE: CVE-2017-6547 Vulnerability: httpd checks in the function handlerequest if the requested file name is longer than 50 chars. It then responds with a redirection which allows an attacker to inject...
Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery
Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery ======================================================================= title: Multiple vulnerabilities product: Navetti PricePoint vulnerable version: 4.6.0.0 fixed version: 4.7.0.0 or higher CVE number: -...
ASUSWRT RT-AC53 (3.0.0.4.380.6038) - Session Stealing
ASUSWRT RT-AC53 3.0.0.4.380.6038 - Session Stealing Session Stealing Component: httpd CVE: CVE-2017-6549 Vulnerability: httpd uses the function searchtokeninlist to validate if a user is logged into the admin interface by checking his asustoken value. There seems to be a branch which could be a...
Evostream Media Server 1.7.1 (x64) - Denial of Service
Evostream Media Server 1.7.1 x64 - Denial of Service Exploit Title: Evostream Media Server 1.7.1 – Built-in Webserver DoS Date: 2017-03-07 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: https://evostream.com/software-downloads/ Version: 1.7.1 Tested on:...
Daily Deals Script 1.0 - id SQL Injection
Daily Deals Script 1.0 - id SQL Injection Exploit Daily Deals Script v1.0 - SQL Injection Google Dork: N/A Date: 07.03.2017 Vendor Homepage: http://www.icloudcenter.com/ Software : http://www.icloudcenter.com/dailydealssite.htm Demo: http://icloudcenter.net/demos/icgroupdeals/ Version: 1.0 Tested...
iBall Baton 150M Wireless Router - Authentication Bypass
iBall Baton 150M Wireless Router - Authentication Bypass Title: ==== iball Baton 150M Wireless router - Authentication Bypass Credit: ====== Name: Indrajith.A.N Website: https://www.indrajithan.com Date: ==== 07-03-2017 Vendor: ====== iball Envisioning the tremendous potential for innovative...
Mini CMS 1.1 - name SQL Injection
Mini CMS 1.1 - name SQL Injection Exploit Mini CMS v1.1 - SQL Injection Google Dork: N/A Date: 07.03.2017 Vendor Homepage: http://www.icloudcenter.com/ Software : http://www.icloudcenter.com/minicms.htm Demo: http://www.icloudcenter.net/demos/minicms/ Version: 1.1 Tested on: Win7 x64, Kali Linux...
Apache Struts 2.3.5 2.3.31 2.5 2.5.10 - Remote Code Execution
Apache Struts 2.3.5 2.3.31 2.5 2.5.10 - Remote Code Execution !/usr/bin/python -- coding: utf-8 -- import urllib2 import httplib def exploiturl, cmd: payload = "%='multipart/form-data'." payload += "[email protected]@DEFAULTMEMBERACCESS." payload += "memberAccess?" payload += "memberAccess=dm:...
Azure Data Expert Ultimate 2.2.16 - Remote Buffer Overflow
Azure Data Expert Ultimate 2.2.16 - Remote Buffer Overflow Exploit Title: Azure Data Expert Ultimate 2.2.16 – buffer overflow Date: 2017-03-07 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://www.azuredex.com/downloads.html Version: 2.2.16 Tested on...
BullIBM AIX ClusterwatchWatchware - Multiple Vulnerabilities
BullIBM AIX ClusterwatchWatchware - Multiple Vulnerabilities Bull Clusterwatch/Watchware is a VERY VERY OLD tool used by sysadmins to manage their AIX clusters. Marble effect in the web banner and questionable font: it smells the 90s ! Tool is mainly a web app with CGIs shell scripts and binaries...
USBPcap 1.1.0.0 (WireShark 2.2.5) - Local Privilege Escalation
USBPcap 1.1.0.0 WireShark 2.2.5 - Local Privilege Escalation / Exploit Title - USBPcap Null Pointer Dereference Privilege Escalation Date - 07th March 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://desowin.org/usbpcap/ Tested Version - 1.1.0.0 USB Packet capture for Windows...
DESKTOP-C8CL88S
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
pACMil0DzharxyK
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
Advanced Real Estate Script 4.0.6 - SQL Injection
Advanced Real Estate Script 4.0.6 - SQL Injection Exploit Title: Advanced Real Estate Script v4.0.6 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/advanced-real-estate-script/ Demo:...
Entrepreneur B2B Script 2.0.4 - id SQL Injection
Entrepreneur B2B Script 2.0.4 - id SQL Injection Exploit Title: Entrepreneur B2B Script v2.0.4 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/entrepreneur-b2b-script/ Demo:...
Yellow Pages Clone Script 1.3.4 - SQL Injection
Yellow Pages Clone Script 1.3.4 - SQL Injection Exploit Title: Yellow Pages Clone Script v1.3.4 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/yellow-pages-clone-script/ Demo:...
Responsive Events Movie Ticket Booking Script - SQL Injection
Responsive Events Movie Ticket Booking Script - SQL Injection Exploit Title: Responsive Events & Movie Ticket Booking Script - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software :...
Responsive Matrimonial Script 4.0.1 - SQL Injection
Responsive Matrimonial Script 4.0.1 - SQL Injection Exploit Title: Responsive Matrimonial Script v4.0.1 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/responsive-matrimonial/ Demo:...
Advanced Bus Booking Script 2.04 - SQL Injection
Advanced Bus Booking Script 2.04 - SQL Injection Exploit Title: Advanced Bus Booking Script v2.04 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/advanced-bus-booking-script/ Demo:...
PHP Matrimonial Script 3.0 - SQL Injection
PHP Matrimonial Script 3.0 - SQL Injection Exploit Title: Matrimonial Script v3.0 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/matrimonial-script/ Demo: http://74.124.215.220/matriialscrip/...
Redbus Clone Script 3.05 - hid_Busid SQL Injection
Redbus Clone Script 3.05 - hidBusid SQL Injection Exploit Title: Redbus Clone Script v3.05 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/redbus-clone/ Demo:...
MLM Forex Market Plan Script 2.0.1 - SQL Injection
MLM Forex Market Plan Script 2.0.1 - SQL Injection Exploit Title: MLM Forex Market Plan Script v2.0.1 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-forex-market-plan-script/ Demo:...
MLM Binary Plan Script 2.0.5 - SQL Injection
MLM Binary Plan Script 2.0.5 - SQL Injection Exploit Title: MLM Binary Plan Script v2.0.5 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-binary-plan-script/ Demo: http://74.124.215.220/binamlm/...
Network Community Script 3.0.2 - SQL Injection
Network Community Script 3.0.2 - SQL Injection Exploit Title: Network Community Script v3.0.2 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/network-community/ Demo:...
Entrepreneur Bus Booking Script 3.03 - hid_Busid SQL Injection
Entrepreneur Bus Booking Script 3.03 - hidBusid SQL Injection Exploit Title: Entrepreneur Bus Booking Script v3.03 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/entrepreneur-bus-booking-script/...
CyberGhost 6.0.4.2205 - Local Privilege Escalation
CyberGhost 6.0.4.2205 - Local Privilege Escalation Exploit CyberGhost 6.0.4.2205 Privilege Escalation Date: 06.03.2017 Software Link: http://www.cyberghostvpn.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1...
Advanced Matrimonial Script 2.0.3 - SQL Injection
Advanced Matrimonial Script 2.0.3 - SQL Injection Exploit Title: Advanced Matrimonial Script v2.0.3 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/advanced-matrimonial/ Demo:...
MLM Forced Matrix 2.0.7 - SQL Injection
MLM Forced Matrix 2.0.7 - SQL Injection Exploit Title: MLM Forced Matrix v2.0.7 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-forced-matrix/ Demo: http://74.124.215.220/forctrix/ Version: 2.0....