41207 matches found
Single Theater Booking Script - newsid SQL Injection
Single Theater Booking Script - newsid SQL Injection Exploit Title: Single Theater Booking Script - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/single-theater-booking-script/ Demo:...
PHP B2B Script 3.05 - SQL Injection
PHP B2B Script 3.05 - SQL Injection Exploit Title: PHP B2B Script v3.05 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/php-b2b-script/ Demo: http://readymadeb2bscript.com/product/basic/ Version: 3....
Multireligion Responsive Matrimonial Script 4.7.1 - SQL Injection
Multireligion Responsive Matrimonial Script 4.7.1 - SQL Injection Exploit Title: Multireligion Responsive Matrimonial Script v4.7.1 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software :...
MLM Membership Plan Script 2.0.5 - SQL Injection
MLM Membership Plan Script 2.0.5 - SQL Injection Exploit Title: MLM Membership Plan Script v2.0.5 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-membership-plan-script/ Demo:...
Deluge Web UI 1.3.13 - Cross-Site Request Forgery
Deluge Web UI 1.3.13 - Cross-Site Request Forgery !-- Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13 Kyle Neideck, February 2017 Product ------- Deluge is a BitTorrent client available from http://deluge-torrent.org. Fix --- Fixed in the public source code, but not in...
Website Broker Script 3.02 - view SQL Injection
Website Broker Script 3.02 - view SQL Injection Exploit Title: Website Broker Script v3.02 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/website-broker-script/ Demo:...
Social Network Script 3.01 - id SQL Injection
Social Network Script 3.01 - id SQL Injection Exploit Title: Social Network Script v3.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/social-network-script/ Demo: http://myeliteprofile.com/...
Online Cinema and Event Booking Script 2.01 - newsid SQL Injection
Online Cinema and Event Booking Script 2.01 - newsid SQL Injection Exploit Title: Online Cinema and Event Booking Script v2.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software :...
Select Your College Script 2.01 - SQL Injection
Select Your College Script 2.01 - SQL Injection Exploit Title: Select Your College Script v2.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/select-your-college-script/ Demo:...
Groupon Clone Script 3.01 - catid SQL Injection
Groupon Clone Script 3.01 - catid SQL Injection Exploit Title: Groupon Clone Script v3.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/groupon-clone-script/ Demo:...
PHP Classifieds Rental Script 3.6.0 - scatid SQL Injection
PHP Classifieds Rental Script 3.6.0 - scatid SQL Injection Exploit Title: PHP Classifieds Rental Script v3.6.0 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/php-classifieds-rental-script/ Demo:...
Naukri Clone Script 3.02 - type SQL Injection
Naukri Clone Script 3.02 - type SQL Injection Exploit Title: Naukri Clone Script v3.02 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://phpscriptsmall.com/product/naukri-clone-script/ Demo: http://phpscriptsmall.biz/demo/jobsite/...
Schools Alert Management Script 2.01 - list_id SQL Injection
Schools Alert Management Script 2.01 - listid SQL Injection Exploit Title: Schools Alert Management Script v2.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/schools-alert-management-system/ Demo...
MikroTik Router - ARP Table OverFlow Denial Of Service
MikroTik Router - ARP Table OverFlow Denial Of Service / Exploit Title: MikroTik Router Denial Of Service | ARP Table OverFlow Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: https://mikrotik.com/ Affected Series: Hap Lite Version: 6.25 Tested on: Parrot Security OS Date: 04-3-2017...
Joomla! Component Content ConstructionKit 1.1 - SQL Injection
Joomla! Component Content ConstructionKit 1.1 - SQL Injection Exploit Title: Joomla! Component Content ConstructionKit v1.1 - SQL Injection Google Dork: inurl:index.php?option=comoscck Date: 04.03.2017 Vendor Homepage: http://ordasoft.com/ Software Buy:...
Joomla! Component Monthly Archive 3.6.4 - author_form SQL Injection
Joomla! Component Monthly Archive 3.6.4 - authorform SQL Injection Exploit Title: Joomla! Component Monthly Archive v3.6.4 - SQL Injection Google Dork: inurl:index.php?option=commonthlyarchive Date: 04.03.2017 Vendor Homepage: http://web357.eu/ Software Buy:...
Joomla! Component JUX EventOn 1.0.1 - id SQL Injection
Joomla! Component JUX EventOn 1.0.1 - id SQL Injection Exploit Title: Joomla! Component JUX EventOn v1.0.1 - SQL Injection Google Dork: inurl:index.php?option=comjuxeventon Date: 04.03.2017 Vendor Homepage: http://joomlaux.com/ Software Buy:...
Joomla! Component AYS Quiz 1.0 - id SQL Injection
Joomla! Component AYS Quiz 1.0 - id SQL Injection Exploit Title: Joomla! Component AYS Quiz v1.0 - SQL Injection Google Dork: inurl:index.php?option=comaysquiz Date: 04.03.2017 Vendor Homepage: http://ays-pro.com/ Software Buy:...
Joomla! Component AltaUserPoints 1.1 - userid SQL Injection
Joomla! Component AltaUserPoints 1.1 - userid SQL Injection Exploit Title: Joomla! Component AltaUserPoints v1.1 - SQL Injection Google Dork: inurl:index.php?option=comaltauserpoints Date: 04.03.2017 Vendor Homepage: https://www.nordmograph.com/ Software:...
FTPShell Client 6.53 - Remote Buffer Overflow
FTPShell Client 6.53 - Remote Buffer Overflow Exploit Title: FTPShell Client 6.53 buffer overflow on making initial connection Date: 2017-03-04 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://www.ftpshell.com/downloadclient.htm Version: Windows...
WordPress 4.7.1 - Username Enumeration
WordPress 4.7.1 - Username Enumeration !usr/bin/php...
pfSense 2.3.2 - Cross-Site Scripting Cross-Site Request Forgery
pfSense 2.3.2 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: pfSense 2.3.2 XSS - CSRF-bypass & Reverse-root-shell Date: 01/03/2017 Author: Yann CAM @ASafety / Synetis Vendor or Software Link: www.pfsense.org Version: 2.3.2 Category: XSS, CSRF-bypass and Remote root reverse-shell...
WordPress Multiple Plugins - Arbitrary File Upload
WordPress Multiple Plugins - Arbitrary File Upload import requests import random import string print "---------------------------------------------------------------------" print "Multiple Wordpress Plugin - Remote File Upload Exploit\nDiscovery: Larry W. Cashdollar\nExploit Author: Munir...
EPSON TMNet WebConfig 1.00 - Cross-Site Scripting
EPSON TMNet WebConfig 1.00 - Cross-Site Scripting Exploit Title: Persistent XSS in EPSON TMNet WebConfig Ver. 1.00 Google Dork: intitle:"EPSON TMNet WebConfig Ver.1.00" Date: 3/3/2017 Exploit Author: Michael Benich Vendor Homepage: https://www.epson-biz.com/ Software Link:...
Joomla! Component Coupon 3.5 - SQL Injection
Joomla! Component Coupon 3.5 - SQL Injection Exploit Title: Joomla! Component Coupon v3.5 - SQL Injection Google Dork: inurl:index.php?option=comcoupon Date: 03.03.2017 Vendor Homepage: http://joomla6teen.com/ Software:...
Php Classified OLX Clone Script - category SQL Injection
Php Classified OLX Clone Script - category SQL Injection Exploit Title: Php Classified OLX Clone Script - SQL Injection Google Dork: N/A Date: 02.03.2017 Vendor Homepage: https://wptit.com/ Software: https://wptit.com/portfolio/php-classified-website-sale/ Demo: http://www.adsthem.com/ Version: N...
Joomla! Component Guesser 1.0.4 - type SQL Injection
Joomla! Component Guesser 1.0.4 - type SQL Injection Exploit Title: Joomla! Component Guesser v1.0.4 - SQL Injection Google Dork: inurl:index.php?option=comguesser Date: 02.03.2017 Vendor Homepage: http://www.bitsgeo.com/ Software:...
MDwiki 0.6.2 - Cross-Site Scripting
MDwiki 0.6.2 - Cross-Site Scripting Originally thought that only a problem with Tencent's site implementation, the black brother reminded me to look at the Github address in the source code, only to find the open source MDwiki universal system. MDwiki is a wiki/CMS system built entirely on...
Joomla! Component StreetGuessr Game 1.0 - SQL Injection
Joomla! Component StreetGuessr Game 1.0 - SQL Injection Exploit Title: Joomla! Component StreetGuessr Game v1.0 - SQL Injection Google Dork: inurl:index.php?option=comstreetguess Date: 02.03.2017 Vendor Homepage: https://www.nordmograph.com/ Software:...
Conext ComBox 865-1058 - Denial of Service
Conext ComBox 865-1058 - Denial of Service Exploit Title: Conext ComBox - Denial of Service HTTP-POST Description: The exploit cause the device to self-reboot, constituting a denial of service. Google Dork: "Conext ComBox" + "JavaScript was not detected" /OR/ "Conext ComBox" + "Recover Lost...
Joomla! Component Recipe Manager 2.2 - id SQL Injection
Joomla! Component Recipe Manager 2.2 - id SQL Injection Exploit Title: Joomla! Component Recipe Manager v2.2 - SQL Injection Google Dork: inurl:index.php?option=comrecipe Date: 02.03.2017 Vendor Homepage: http://joomla6teen.com/ Software:...
Joomla! Component Abstract 2.1 - SQL Injection
Joomla! Component Abstract 2.1 - SQL Injection Exploit Title: Joomla! Component Abstract v2.1 - SQL Injection Google Dork: inurl:index.php?option=comabstract Date: 02.03.2017 Vendor Homepage: http://joomla6teen.com/ Software:...
TKuAouLQ18wWbEE
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
W3Nq7SouaoBZLpS
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery
WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/popupbysupsysticwordpresspluginvulnerabletocrosssiterequestforgery.html Abstract A Cross-site Request Forgery vulnerablity exists in the Popup by Supsystic WordPress Plugin. This...
WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting
WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/storedcrosssitescriptingvulnerabilityinuserloginlogwordpressplugin.html Abstract A stored Cross-Site Scripting vulnerability was found in the User Login Log WordPress Plugin. This issue can be...
Aruba AirWave 8.2.3 - XML External Entity Injection Cross-Site Scripting
Aruba AirWave 8.2.3 - XML External Entity Injection Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML External Entity Injection XXE, Reflected Cross Site Scripting product: Aruba AirWave vulnerab...
WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting
WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginthewordpressnewstatpressplugin.html Abstract A persistent Cross-Site Scripting XSS vulnerability has been found in the WordPress NewStatPress plugin. By using this...
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery Cross-Site Scripting
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery Cross-Site Scripting !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgerycrosssitescriptingincontactformmanagerwordpressplugin.html Abstract It was discovered that Contact Form Manager does not protect against...
Meme Maker Script 2.1 - user SQL Injection
Meme Maker Script 2.1 - user SQL Injection Exploit Title: Meme Maker Script 2.1 - SQL Injection Google Dork: N/A Date: 01.03.2017 Vendor Homepage: http://www.memesoftware.com/ Software: http://www.memesoftware.com/mememaker.php Demo: http://www.memefaces.me/ Version: 2.1 Tested on: Win7 x64, Kali...
WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery
WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinfilemanagerwordpressplugin.html Abstract A Cross-Site Request Forgery CSRF vulnerability was found in the File Manager WordPress Plugin. Among others, this issue...
Rage Faces Script 1.3 - SQL Injection
Rage Faces Script 1.3 - SQL Injection Exploit Title: Rage Faces Script v1.3 - SQL Injection Google Dork: N/A Date: 01.03.2017 Vendor Homepage: http://www.memesoftware.com/ Software: http://www.memesoftware.com/ragefaces.php Demo: http://ragefaces.memesoftware.com/ Version: 1.3 Tested on: Win7 x64...
SchoolDir - SQL Injection
SchoolDir - SQL Injection Exploit Title: SchoolDir - SQL Injection Google Dork: N/A Date: 01.03.2017 Vendor Homepage: http://www.brynamics.xyz/ Software: https://codecanyon.net/item/schooldir/19326269 Demo: http://www.brynamics.xyz/schooldir/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Explo...
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinglobalcontentblockswordpressplugin.html Abstract It was discovered that the Global Content Blocks WordPress Plugin is vulnerable to Cross-Site Request...
D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery
D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery Author : B GOVIND Exploit Title : DLink DSL-2730U Wireless N 150, Change DNS Configuration bypassing ‘admin’ privilege Date : 01-03-2017 Vendor Homepage : http://www.dlink.co.in Firmware Link : ftp://support.dlink.co.in/firmware/DSL-273...
NETGEAR DGN2200v1v2v3v4 - Cross-Site Request Forgery
NETGEAR DGN2200v1v2v3v4 - Cross-Site Request Forgery Exploit Title: NETGEAR Firmware DGN2200v1/v2/v3/v4 CSRF which leads to RCE through CVE-2017-6334 Date: 2017-02-28 Exploit Author: SivertPL Vendor Homepage: http://netgear.com/ Software Link:...
SysGauge 1.5.18 - Remote Buffer Overflow
SysGauge 1.5.18 - Remote Buffer Overflow Exploit Title: SysGauge 1.5.18 – buffer overflow in SMTP connection verification function leads to code execution Date: 2017-02-28 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link:...
Synchronet BBS 3.16c - Denial of Service
Synchronet BBS 3.16c - Denial of Service Exploit Title: Synchronet BBS 3.16c for Windows – Multiple vulnerabilities Date: 2017-02-28 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: ftp://synchro.net/Synchronet/sbbs316c.zip Version: 3.16c for Windows Teste...
Cisco AnyConnect Secure Mobility Client 4.3.04027 - Local Privilege Escalation
Cisco AnyConnect Secure Mobility Client 4.3.04027 - Local Privilege Escalation Exploit Title: Cisco AnyConnect Start Before Logon SBL local privilege escalation. CVE-2017-3813 Date: 02/27/2017 Exploit Author: @Pcchillin Software Link:...
BlueIris 4.5.1.4 - Denial of Service
BlueIris 4.5.1.4 - Denial of Service import socket Title: BlueIris - Denial of Service Date: 2017-02-28 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://blueirissoftware.com/blueiris.exe Version: 4.5.1.4 Tested on: Windows Server 2008 R2 Standard x6...