CodePaul ClipMass - SQL Injection

CodePaul ClipMass - SQL Injection Exploit Title: CodePaul ClipMass - Video Portal Site - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://codepaul.com/ Software Buy: https://codecanyon.net/item/codepaul-clipmass-video-portal-site/14681505 Demo: http://codepaul.com/clipmass/...

Gram Post 1.0 - SQL Injection

Gram Post 1.0 - SQL Injection Exploit Title: Gram Post - Instagram Auto Post Multi Accounts with Paypal integration v1.0 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://vtcreators.com/ Software Buy:...

Tiger Post 3.0.1 - SQL Injection

Tiger Post 3.0.1 - SQL Injection Exploit Title: Tiger Post - Facebook Auto Post Multi Pages/Groups/Profiles v3.0.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://vtcreators.com/ Software Buy:...

HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection (Metasploit)

HP Smart Storage Administrator 2.30.6.0 - Remote Command Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "HP Smart Storage Administrator Remote Command...

Youtube Analytics Multi Channel 3.0 - SQL Injection

Youtube Analytics Multi Channel 3.0 - SQL Injection Exploit Title: Youtube Analytics Multi Channel v3.0 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://vtcreators.com/ Software Buy: https://codecanyon.net/item/youtube-analytics-multi-channel/14720919 Demo:...

F5 BIG-IP SSL Virtual Server - Ticketbleed Memory Disclosure

F5 BIG-IP SSL Virtual Server - Ticketbleed Memory Disclosure / Exploit Title: Ticketbleed CVE-2016-9244 F5 BIG-IP SSL virtual server Memory Leakage Date: 10.02.2017 Exploit Author: Ege Balcı Vendor Homepage: https://f5.com/ Version: 12.0.0 - 12.1.2 && 11.4.0 - 11.6.1 Tested on: Multiple CVE :...

Video Subscription - SQL Injection

Video Subscription - SQL Injection Exploit Title: TV - Video Subscription - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://codepaul.com/ Software Buy: https://codecanyon.net/item/tv-video-subscription/13966427 Demo: http://codepaul.com/tv/ Version: N/A Tested on: Win7 x64...

Uploadr - SQL Injection

Uploadr - SQL Injection Exploit Title: Uploadr - Project Files Management - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://lagunaproperty.com/ Software Buy: https://codecanyon.net/item/uploadr-project-files-management/13545125 Demo: http://download.lagunaproperty.com/...

Automated Job Portal Script - SQL Injection

Automated Job Portal Script - SQL Injection Exploit Title: Automated Job Portal Script - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://www.jagaad.com/ Software Buy: https://codecanyon.net/item/automated-job-portal-script/14318664 Demo:...

CLUB-8 EMS - SQL Injection

CLUB-8 EMS - SQL Injection Exploit Title: CLUB-8 EMS - Event Management System - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://rexbd.net/ Software Buy: https://codecanyon.net/item/club8-ems-event-management-system-a-to-z/14067759 Demo: http://ems.rexbd.net/ Version: N/A...

HotelCMS with Booking Engine - SQL Injection

HotelCMS with Booking Engine - SQL Injection Exploit Title: HotelCMS with Booking Engine - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://codepaul.com/ Software Buy: https://codecanyon.net/item/hotelcms-with-booking-engine/12789671 Demo: http://codepaul.com/hotelcms/...

D-Link DIR-600M - Cross-Site Request Forgery

D-Link DIR-600M - Cross-Site Request Forgery Exploit Title:D-link wireless router DIR-600M – Cross-Site Request Forgery CSRF vulnerability Google Dork:N/A Date: 07/02/2017 Exploit Author:Ajay S. Kulal www.twitter.com/ajaykulal Vendor Homepage:dlink.com Software Link:N/A Version:Hardware version: ...

Zigaform - SQL Injection

Zigaform - SQL Injection Exploit Title: Zigaform - PHP Form Builder - Contact & Survey v2.9.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://php-form-builder.zigaform.com/ Software Buy: https://codecanyon.net/item/zigaform-php-form-builder-contact-survey/14889427 Demo:...

CMS Lite 1.3.1 - SQL Injection

CMS Lite 1.3.1 - SQL Injection Exploit Title: Creative Management System - CMS Lite v1.3.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://www.cmslite.co.uk/ Software Buy: https://codecanyon.net/item/creative-management-system-cms-lite/15297597 Demo:...

Collabo - Arbitrary File Download

Collabo - Arbitrary File Download Exploit Title: Collabo - TeamBusiness Collaboration Network - Arbitrary File Download Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://321-internet.com/ Software Buy: https://codecanyon.net/item/collabo-teambusiness-collaboration-network/15242543 Demo:...

Takas Classified 1.1 - SQL Injection

Takas Classified 1.1 - SQL Injection Exploit Title: Takas Classified – Codeigniter PHP Classified Ad Script v1.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://artifectx.com/ Software Buy:...

SOA School Management - view SQL Injection

SOA School Management - view SQL Injection Exploit Title: Complete School Management Software with Web Portal - SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://www.ynetinteractive.com/ Software Buy: http://www.ynetinteractive.com/soa/ Demo:...

Fome SMS Portal 2.0 - SQL Injection

Fome SMS Portal 2.0 - SQL Injection Exploit Title: Fome SMS Portal Advanced - Bulk SMS Reseller v2.0 Script - SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://ynetinteractive.com/ Software Buy:...

Sendroid 5.2 - SQL Injection

Sendroid 5.2 - SQL Injection Exploit Title: Sendroid - Bulk SMS Portal, Marketing v5.2 Script - SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://ynetinteractive.com/ Software Buy:...

Client Expert 1.0.1 - SQL Injection

Client Expert 1.0.1 - SQL Injection Exploit Title: Complete Client Management & Billing v1.0.1 Script- SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://www.ynetinteractive.com/ Software Buy: http://www.ynetinteractive.com/clientexpert/demo.php Demo:...

Mobiketa 3.5 - SQL Injection

Mobiketa 3.5 - SQL Injection Exploit Title: Mobiketa - Complete Mobile Marketing v3.5 Script - SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://ynetinteractive.com/ Software Buy:...

WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection

WordPress Plugin Insert PHP 3.3.1 - PHP Code Injection Exploit Title: WordPress 4.7.0/4.7.1 Plugin Insert PHP - PHP Code Injection Exploit Author: sucuri.net @sucurisecurity Date: 2017-02-09 Google Dork : inurl:/wp-content/plugins/insert-php/ Vendor Homepage:...

EXAMPLO - SQL Injection

EXAMPLO - SQL Injection Exploit Title: Examplo - Online Exam System - SQL Injection Google Dork: N/A Date: 09.02.2017 Vendor Homepage: http://softpae.sk/ Software Buy: https://codecanyon.net/item/examplo-online-exam-system/16174658 Demo: http://munka.softpae.sk/examplo/ Version: N/A Tested on: Wi...

Muviko Video CMS - SQL Injection

Muviko Video CMS - SQL Injection Exploit Title: Muviko Video CMS Script - SQL Injection Google Dork: N/A Date: 08.02.2017 Vendor Homepage: https://muvikoscript.com/ Software Buy: https://codecanyon.net/item/muviko-movie-video-cms/19402086 Demo: https://demo.muvikoscript.com/ Version: N/A Tested o...

Node.JS - node-serialize Remote Code Execution

Node.JS - node-serialize Remote Code Execution var serialize = require'node-serialize'; var payload = '"rce":"$$NDFUNC$$function require'childprocess'.exec'ls /', functionerror, stdout, stderr console.logstdout ;"'; serialize.unserializepayload;...

Multi Outlets POS 3.1 - id SQL Injection

Multi Outlets POS 3.1 - id SQL Injection Exploit Title: Point of Sales - Multi Outlets POS v3.1 Script - SQL Injection Google Dork: N/A Date: 08.02.2017 Vendor Homepage: http://prosoft-apps.com/ Software Buy: https://codecanyon.net/item/point-of-sales-multi-outlets-pos/17674742 Demo:...

FTP Made Easy PRO 1.2 - Arbitrary File Download

FTP Made Easy PRO 1.2 - Arbitrary File Download Exploit Title: FTP Made Easy PRO Script v1.2 - Arbitrary File Download Google Dork: N/A Date: 07.02.2017 Vendor Homepage: http://nelliwinne.net/ Software Buy:...

Easy Support Tools 1.0 - stt SQL Injection

Easy Support Tools 1.0 - stt SQL Injection Exploit Title: Easy Support Tools - FAQs, Help Articles, Blog and Feedback Script v1.0 - SQL Injection Google Dork: N/A Date: 07.02.2017 Vendor Homepage: http://nelliwinne.net/ Software Buy:...

Responsive Filemanger 9.11.0 - Arbitrary File Disclosure

Responsive Filemanger 9.11.0 - Arbitrary File Disclosure + Exploit Title: Responsive Filemanger = 9.11.0 - Arbitrary File Disclosure/Deletion + Date: 7 Feb 2017 + Vulnerability and Exploit Author: Wiswat Aswamenakul + Vendor Homepage: http://www.responsivefilemanager.com/ + Affected version: only...

Fully Featured News CMS 1.0 - id SQL Injection

Fully Featured News CMS 1.0 - id SQL Injection Exploit Title: NewsBee - Fully Featured News CMS Script v1.0 - SQL Injection Google Dork: N/A Date: 07.02.2017 Vendor Homepage: http://nelliwinne.net/ Software Buy:...

Easy File Uploader 1.2 - Arbitrary File Download

Easy File Uploader 1.2 - Arbitrary File Download Exploit Title: Easy File Uploader Script v1.2 - Arbitrary File Download Google Dork: N/A Date: 07.02.2017 Vendor Homepage: http://nelliwinne.net/ Software Buy:...

MySQL File Uploader 1.0 - id SQL Injection

MySQL File Uploader 1.0 - id SQL Injection Exploit Title: MySQL Blob Uploader - File Upload to Database PHP Script v1.0 - SQL Injection Google Dork: N/A Date: 07.02.2017 Vendor Homepage: http://nelliwinne.net/ Software Buy:...

Easy Web Search 3 - id SQL Injection

Easy Web Search 3 - id SQL Injection Exploit Title: Easy Web Search - PHP Search Engine with Image Search and Crawling System Script v3.0 - SQL Injection Google Dork: N/A Date: 07.02.2017 Vendor Homepage: http://nelliwinne.net/ Software Buy:...

OpenBSD HTTPd 6.0 - Memory Exhaustion Denial of Service

OpenBSD HTTPd 6.0 - Memory Exhaustion Denial of Service Advisory Information Title: Remote DoS against OpenBSD http server up to 6.0 Advisory URL: https://pierrekim.github.io/advisories/CVE-2017-5850-openbsd.txt Blog URL: https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.htm...

Visual Link Sharing Websites Builder Script 2.1.0 - SQL Injection

Visual Link Sharing Websites Builder Script 2.1.0 - SQL Injection Exploit Title: Flippy LinkShare – Visual Link Sharing Websites Builder Script v2.1.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy:...

IVPN Client 2.6.1 - Local Privilege Escalation

IVPN Client 2.6.1 - Local Privilege Escalation Exploit IVPN Client for Windows 2.6.6120.33863 Privilege Escalation Date: 06.02.2017 Software Link: https://www.ivpn.net/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1...

Upworthy Clone Script 1.1.0 - id SQL Injection

Upworthy Clone Script 1.1.0 - id SQL Injection Exploit Title: Flippy BuzzWorthy – Upworthy Clone Script v1.1.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy: https://www.flippyscripts.com/flippy-buzzworthy-upworthy-clone-script/ Dem...

NewsBee CMS - SQL Injection

NewsBee CMS - SQL Injection Exploit Title: NewsBee CMS – SQL Injection Date: 06.02.2017 Software Link: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937?srank=2 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category:...

Funny Image and Video Script 2.0.0 - id SQL Injection

Funny Image and Video Script 2.0.0 - id SQL Injection Exploit Title: Flippy ChillOut – Funny Image and Video Script v2.0.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy:...

Questions and Answers Script 2.0.0 - cid SQL Injection

Questions and Answers Script 2.0.0 - cid SQL Injection Exploit Title: Flippy Answers – Questions and Answers Script v2.0.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy:...

Viral Fun Facts Sharing Script 1.1.0 - id SQL Injection

Viral Fun Facts Sharing Script 1.1.0 - id SQL Injection Exploit Title: Flippy DamnFacts – Viral Fun Facts Sharing Script v1.1.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy:...

Ultimate Viral Media Script 1.0 - id SQL Injection

Ultimate Viral Media Script 1.0 - id SQL Injection Exploit Title: Flippy eXtremeViral – Ultimate Viral Media Script v1.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy:...

Clone Script Directory Script 1.1.0 - cid SQL Injection

Clone Script Directory Script 1.1.0 - cid SQL Injection Exploit Title: Flippy ScriptZone – Clone Script Directory Script v1.1.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy:...

ThisIsWhyImBroke Clone Script 4.0 - id SQL Injection

ThisIsWhyImBroke Clone Script 4.0 - id SQL Injection Exploit Title: Flippy AffilatePlatform – ThisIsWhyImBroke Clone Script v4.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy:...

Web Inspiration Gallery Script 1.0.0 - id SQL Injection

Web Inspiration Gallery Script 1.0.0 - id SQL Injection Exploit Title: Flippy Inspired – Web Inspiration Gallery Script v1.0.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy:...

Viral Pictures and Video Script 2.0.0 - id SQL Injection

Viral Pictures and Video Script 2.0.0 - id SQL Injection Exploit Title: Flippy HotViral – Viral Pictures and Video Script v2.0.0 - SQL Injection Google Dork: N/A Date: 06.02.2017 Vendor Homepage: https://www.flippyscripts.com/ Software Buy:...

iScripts EasyCreate 3.2 - siteid SQL Injection

iScripts EasyCreate 3.2 - siteid SQL Injection Exploit Title: iScripts EasyCreate v3.2 Script - SQL Injection Google Dork: N/A Date: 04.02.2017 Vendor Homepage: http://www.iscripts.com/ Software Buy: http://www.iscripts.com/easycreate/ Demo: http://www.demo.iscripts.com/easycreate/demo// Version:...

Alstrasoft ProTaxi Enterprise 3.5 - Arbitrary File Upload

Alstrasoft ProTaxi Enterprise 3.5 - Arbitrary File Upload Exploit Title: Alstrasoft ProTaxi Enterprise v3.5 Script - Arbitrary File Upload Google Dork: N/A Date: 04.02.2017 Vendor Homepage: http://www.alstrasoft.com/ Software Buy: http://www.alstrasoft.com/protaxi-uber-clone.htm Demo:...

Alstrasoft e-Friends 5.12 - SQL Injection

Alstrasoft e-Friends 5.12 - SQL Injection Exploit Title: AlstraSoft E-Friends v5.12 Script - SQL Injection Google Dork: N/A Date: 04.02.2017 Vendor Homepage: http://www.alstrasoft.com/ Software Buy: http://www.alstrasoft.com/efriends.htm Demo: http://alstrahost.com/friends/ Version: 5.12 Tested o...

Alstrasoft Flippa Clone MarketPlace Script 4.10 - Cross-Site Request Forgery (Add Admin)

Alstrasoft Flippa Clone MarketPlace Script 4.10 - Cross-Site Request Forgery Add Admin Exploit Title: AlstraSoft Flippa Clone MarketPlace v4.10 Script - Cross-Site Request Forgery Add Admin Google Dork: N/A Date: 04.02.2017 Vendor Homepage: http://www.alstrasoft.com/ Software Buy:...