41207 matches found
PHP Matrimonial Script 3.0 - SQL Injection
PHP Matrimonial Script 3.0 - SQL Injection Exploit Title: Matrimonial Script v3.0 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/matrimonial-script/ Demo: http://74.124.215.220/matriialscrip/...
Single Theater Booking Script - newsid SQL Injection
Single Theater Booking Script - newsid SQL Injection Exploit Title: Single Theater Booking Script - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/single-theater-booking-script/ Demo:...
CyberGhost 6.0.4.2205 - Local Privilege Escalation
CyberGhost 6.0.4.2205 - Local Privilege Escalation Exploit CyberGhost 6.0.4.2205 Privilege Escalation Date: 06.03.2017 Software Link: http://www.cyberghostvpn.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1...
Responsive Matrimonial Script 4.0.1 - SQL Injection
Responsive Matrimonial Script 4.0.1 - SQL Injection Exploit Title: Responsive Matrimonial Script v4.0.1 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/responsive-matrimonial/ Demo:...
Groupon Clone Script 3.01 - catid SQL Injection
Groupon Clone Script 3.01 - catid SQL Injection Exploit Title: Groupon Clone Script v3.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/groupon-clone-script/ Demo:...
MLM Forced Matrix 2.0.7 - SQL Injection
MLM Forced Matrix 2.0.7 - SQL Injection Exploit Title: MLM Forced Matrix v2.0.7 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-forced-matrix/ Demo: http://74.124.215.220/forctrix/ Version: 2.0....
Advanced Matrimonial Script 2.0.3 - SQL Injection
Advanced Matrimonial Script 2.0.3 - SQL Injection Exploit Title: Advanced Matrimonial Script v2.0.3 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/advanced-matrimonial/ Demo:...
Website Broker Script 3.02 - view SQL Injection
Website Broker Script 3.02 - view SQL Injection Exploit Title: Website Broker Script v3.02 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/website-broker-script/ Demo:...
Yellow Pages Clone Script 1.3.4 - SQL Injection
Yellow Pages Clone Script 1.3.4 - SQL Injection Exploit Title: Yellow Pages Clone Script v1.3.4 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/yellow-pages-clone-script/ Demo:...
MLM Membership Plan Script 2.0.5 - SQL Injection
MLM Membership Plan Script 2.0.5 - SQL Injection Exploit Title: MLM Membership Plan Script v2.0.5 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/mlm-membership-plan-script/ Demo:...
Deluge Web UI 1.3.13 - Cross-Site Request Forgery
Deluge Web UI 1.3.13 - Cross-Site Request Forgery !-- Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13 Kyle Neideck, February 2017 Product ------- Deluge is a BitTorrent client available from http://deluge-torrent.org. Fix --- Fixed in the public source code, but not in...
Responsive Events Movie Ticket Booking Script - SQL Injection
Responsive Events Movie Ticket Booking Script - SQL Injection Exploit Title: Responsive Events & Movie Ticket Booking Script - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software :...
Social Network Script 3.01 - id SQL Injection
Social Network Script 3.01 - id SQL Injection Exploit Title: Social Network Script v3.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/social-network-script/ Demo: http://myeliteprofile.com/...
MikroTik Router - ARP Table OverFlow Denial Of Service
MikroTik Router - ARP Table OverFlow Denial Of Service / Exploit Title: MikroTik Router Denial Of Service | ARP Table OverFlow Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: https://mikrotik.com/ Affected Series: Hap Lite Version: 6.25 Tested on: Parrot Security OS Date: 04-3-2017...
Joomla! Component AYS Quiz 1.0 - id SQL Injection
Joomla! Component AYS Quiz 1.0 - id SQL Injection Exploit Title: Joomla! Component AYS Quiz v1.0 - SQL Injection Google Dork: inurl:index.php?option=comaysquiz Date: 04.03.2017 Vendor Homepage: http://ays-pro.com/ Software Buy:...
Joomla! Component Monthly Archive 3.6.4 - author_form SQL Injection
Joomla! Component Monthly Archive 3.6.4 - authorform SQL Injection Exploit Title: Joomla! Component Monthly Archive v3.6.4 - SQL Injection Google Dork: inurl:index.php?option=commonthlyarchive Date: 04.03.2017 Vendor Homepage: http://web357.eu/ Software Buy:...
Joomla! Component AltaUserPoints 1.1 - userid SQL Injection
Joomla! Component AltaUserPoints 1.1 - userid SQL Injection Exploit Title: Joomla! Component AltaUserPoints v1.1 - SQL Injection Google Dork: inurl:index.php?option=comaltauserpoints Date: 04.03.2017 Vendor Homepage: https://www.nordmograph.com/ Software:...
FTPShell Client 6.53 - Remote Buffer Overflow
FTPShell Client 6.53 - Remote Buffer Overflow Exploit Title: FTPShell Client 6.53 buffer overflow on making initial connection Date: 2017-03-04 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://www.ftpshell.com/downloadclient.htm Version: Windows...
Joomla! Component Content ConstructionKit 1.1 - SQL Injection
Joomla! Component Content ConstructionKit 1.1 - SQL Injection Exploit Title: Joomla! Component Content ConstructionKit v1.1 - SQL Injection Google Dork: inurl:index.php?option=comoscck Date: 04.03.2017 Vendor Homepage: http://ordasoft.com/ Software Buy:...
Joomla! Component JUX EventOn 1.0.1 - id SQL Injection
Joomla! Component JUX EventOn 1.0.1 - id SQL Injection Exploit Title: Joomla! Component JUX EventOn v1.0.1 - SQL Injection Google Dork: inurl:index.php?option=comjuxeventon Date: 04.03.2017 Vendor Homepage: http://joomlaux.com/ Software Buy:...
EPSON TMNet WebConfig 1.00 - Cross-Site Scripting
EPSON TMNet WebConfig 1.00 - Cross-Site Scripting Exploit Title: Persistent XSS in EPSON TMNet WebConfig Ver. 1.00 Google Dork: intitle:"EPSON TMNet WebConfig Ver.1.00" Date: 3/3/2017 Exploit Author: Michael Benich Vendor Homepage: https://www.epson-biz.com/ Software Link:...
pfSense 2.3.2 - Cross-Site Scripting Cross-Site Request Forgery
pfSense 2.3.2 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: pfSense 2.3.2 XSS - CSRF-bypass & Reverse-root-shell Date: 01/03/2017 Author: Yann CAM @ASafety / Synetis Vendor or Software Link: www.pfsense.org Version: 2.3.2 Category: XSS, CSRF-bypass and Remote root reverse-shell...
Joomla! Component Coupon 3.5 - SQL Injection
Joomla! Component Coupon 3.5 - SQL Injection Exploit Title: Joomla! Component Coupon v3.5 - SQL Injection Google Dork: inurl:index.php?option=comcoupon Date: 03.03.2017 Vendor Homepage: http://joomla6teen.com/ Software:...
WordPress 4.7.1 - Username Enumeration
WordPress 4.7.1 - Username Enumeration !usr/bin/php...
WordPress Multiple Plugins - Arbitrary File Upload
WordPress Multiple Plugins - Arbitrary File Upload import requests import random import string print "---------------------------------------------------------------------" print "Multiple Wordpress Plugin - Remote File Upload Exploit\nDiscovery: Larry W. Cashdollar\nExploit Author: Munir...
Joomla! Component Guesser 1.0.4 - type SQL Injection
Joomla! Component Guesser 1.0.4 - type SQL Injection Exploit Title: Joomla! Component Guesser v1.0.4 - SQL Injection Google Dork: inurl:index.php?option=comguesser Date: 02.03.2017 Vendor Homepage: http://www.bitsgeo.com/ Software:...
Joomla! Component StreetGuessr Game 1.0 - SQL Injection
Joomla! Component StreetGuessr Game 1.0 - SQL Injection Exploit Title: Joomla! Component StreetGuessr Game v1.0 - SQL Injection Google Dork: inurl:index.php?option=comstreetguess Date: 02.03.2017 Vendor Homepage: https://www.nordmograph.com/ Software:...
Joomla! Component Abstract 2.1 - SQL Injection
Joomla! Component Abstract 2.1 - SQL Injection Exploit Title: Joomla! Component Abstract v2.1 - SQL Injection Google Dork: inurl:index.php?option=comabstract Date: 02.03.2017 Vendor Homepage: http://joomla6teen.com/ Software:...
Php Classified OLX Clone Script - category SQL Injection
Php Classified OLX Clone Script - category SQL Injection Exploit Title: Php Classified OLX Clone Script - SQL Injection Google Dork: N/A Date: 02.03.2017 Vendor Homepage: https://wptit.com/ Software: https://wptit.com/portfolio/php-classified-website-sale/ Demo: http://www.adsthem.com/ Version: N...
MDwiki 0.6.2 - Cross-Site Scripting
MDwiki 0.6.2 - Cross-Site Scripting Originally thought that only a problem with Tencent's site implementation, the black brother reminded me to look at the Github address in the source code, only to find the open source MDwiki universal system. MDwiki is a wiki/CMS system built entirely on...
Conext ComBox 865-1058 - Denial of Service
Conext ComBox 865-1058 - Denial of Service Exploit Title: Conext ComBox - Denial of Service HTTP-POST Description: The exploit cause the device to self-reboot, constituting a denial of service. Google Dork: "Conext ComBox" + "JavaScript was not detected" /OR/ "Conext ComBox" + "Recover Lost...
Joomla! Component Recipe Manager 2.2 - id SQL Injection
Joomla! Component Recipe Manager 2.2 - id SQL Injection Exploit Title: Joomla! Component Recipe Manager v2.2 - SQL Injection Google Dork: inurl:index.php?option=comrecipe Date: 02.03.2017 Vendor Homepage: http://joomla6teen.com/ Software:...
TKuAouLQ18wWbEE
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
W3Nq7SouaoBZLpS
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting
WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/storedcrosssitescriptingvulnerabilityinuserloginlogwordpressplugin.html Abstract A stored Cross-Site Scripting vulnerability was found in the User Login Log WordPress Plugin. This issue can be...
WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery
WordPress Plugin File Manager 3.0.1 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinfilemanagerwordpressplugin.html Abstract A Cross-Site Request Forgery CSRF vulnerability was found in the File Manager WordPress Plugin. Among others, this issue...
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery Cross-Site Scripting
WordPress Plugin Contact Form Manager - Cross-Site Request Forgery Cross-Site Scripting !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgerycrosssitescriptingincontactformmanagerwordpressplugin.html Abstract It was discovered that Contact Form Manager does not protect against...
Aruba AirWave 8.2.3 - XML External Entity Injection Cross-Site Scripting
Aruba AirWave 8.2.3 - XML External Entity Injection Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XML External Entity Injection XXE, Reflected Cross Site Scripting product: Aruba AirWave vulnerab...
WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting
WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting Source: https://sumofpwn.nl/advisory/2016/persistentcrosssitescriptinginthewordpressnewstatpressplugin.html Abstract A persistent Cross-Site Scripting XSS vulnerability has been found in the WordPress NewStatPress plugin. By using this...
SchoolDir - SQL Injection
SchoolDir - SQL Injection Exploit Title: SchoolDir - SQL Injection Google Dork: N/A Date: 01.03.2017 Vendor Homepage: http://www.brynamics.xyz/ Software: https://codecanyon.net/item/schooldir/19326269 Demo: http://www.brynamics.xyz/schooldir/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Explo...
Rage Faces Script 1.3 - SQL Injection
Rage Faces Script 1.3 - SQL Injection Exploit Title: Rage Faces Script v1.3 - SQL Injection Google Dork: N/A Date: 01.03.2017 Vendor Homepage: http://www.memesoftware.com/ Software: http://www.memesoftware.com/ragefaces.php Demo: http://ragefaces.memesoftware.com/ Version: 1.3 Tested on: Win7 x64...
D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery
D-Link DSL-2730U Wireless N 150 - Cross-Site Request Forgery Author : B GOVIND Exploit Title : DLink DSL-2730U Wireless N 150, Change DNS Configuration bypassing ‘admin’ privilege Date : 01-03-2017 Vendor Homepage : http://www.dlink.co.in Firmware Link : ftp://support.dlink.co.in/firmware/DSL-273...
Meme Maker Script 2.1 - user SQL Injection
Meme Maker Script 2.1 - user SQL Injection Exploit Title: Meme Maker Script 2.1 - SQL Injection Google Dork: N/A Date: 01.03.2017 Vendor Homepage: http://www.memesoftware.com/ Software: http://www.memesoftware.com/mememaker.php Demo: http://www.memefaces.me/ Version: 2.1 Tested on: Win7 x64, Kali...
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery
WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinglobalcontentblockswordpressplugin.html Abstract It was discovered that the Global Content Blocks WordPress Plugin is vulnerable to Cross-Site Request...
WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery
WordPress Plugin Popup by Supsystic 1.7.6 - Cross-Site Request Forgery !-- Source: https://sumofpwn.nl/advisory/2016/popupbysupsysticwordpresspluginvulnerabletocrosssiterequestforgery.html Abstract A Cross-site Request Forgery vulnerablity exists in the Popup by Supsystic WordPress Plugin. This...
BlueIris 4.5.1.4 - Denial of Service
BlueIris 4.5.1.4 - Denial of Service import socket Title: BlueIris - Denial of Service Date: 2017-02-28 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://blueirissoftware.com/blueiris.exe Version: 4.5.1.4 Tested on: Windows Server 2008 R2 Standard x6...
SysGauge 1.5.18 - Remote Buffer Overflow
SysGauge 1.5.18 - Remote Buffer Overflow Exploit Title: SysGauge 1.5.18 – buffer overflow in SMTP connection verification function leads to code execution Date: 2017-02-28 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link:...
Synchronet BBS 3.16c - Denial of Service
Synchronet BBS 3.16c - Denial of Service Exploit Title: Synchronet BBS 3.16c for Windows – Multiple vulnerabilities Date: 2017-02-28 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: ftp://synchro.net/Synchronet/sbbs316c.zip Version: 3.16c for Windows Teste...
Cisco AnyConnect Secure Mobility Client 4.3.04027 - Local Privilege Escalation
Cisco AnyConnect Secure Mobility Client 4.3.04027 - Local Privilege Escalation Exploit Title: Cisco AnyConnect Start Before Logon SBL local privilege escalation. CVE-2017-3813 Date: 02/27/2017 Exploit Author: @Pcchillin Software Link:...
Sophos Web Appliance 4.3.1.1 - Session Fixation
Sophos Web Appliance 4.3.1.1 - Session Fixation Exploit Title: Sophos Secure Web Appliance Session Fixation Vulnerability Date: 28/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: https://www.sophos.com/en-us/products/secure-web-gateway.aspx Version: Tested on Sophos W...