dirLIST 0.3.0 - Arbitrary File Upload

dirLIST 0.3.0 - Arbitrary File Upload + + Credits / Discovery: John Page + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DIRLIST-FILE-UPLOAD-BYPASS-CMD-EXEC.txt + ISR: Apparition + Vendor: =============== sourceforge.net Product: =============== dirList...

Check Box 2016 Q2 Survey - Multiple Vulnerabilities

Check Box 2016 Q2 Survey - Multiple Vulnerabilities Exploit Title: Check Box 2016 Q2 Survey Multiple Vulnerabilities Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Youtube : https://www.youtube.com/user/cutehack3r Date: Jan 17, 2017 Vendor...

BoZoN 2.4 - Remote Code Execution

BoZoN 2.4 - Remote Code Execution + + Credits / Discovery: John Page + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/BOZON-PRE-AUTH-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: ============ bozon.pw/en/ Product: =========== BoZoN 2.4 Bozon is a...

Openexpert 0.5.17 - area_id SQL Injection

Openexpert 0.5.17 - areaid SQL Injection Title : Openexpert 0.5.17 - Sql Injection Author: Nassim Asrir Author Company: Henceforth Tested on: Winxp sp3 - win7 Vendor: https://sourceforge.net/projects/law-expert/ Download Software: https://sourceforge.net/projects/law-expert/files/ About The Produ...

Courier Management System - SQL Injection

Courier Management System - SQL Injection Title : Courier Management System - Sql Injection and non-persistent XSS login portal Date: 17 January 2017 Exploit Author: Sibusiso Sishi [email protected] Tested on: Windows7 x32 Vendor: http://couriermanageme.sourceforge.net/ Version: not supplied...

Business Networking Script 8.11 - SQL Injection Cross-Site Scripting

Business Networking Script 8.11 - SQL Injection Cross-Site Scripting Exploit Title : ----------- : Business Networking Script v8.11- SQLi & Persistent Cross Site Scripting Author : ----------------- : Ahmet Gurel Google Dork : --------- : - Date : -------------------- : 16/01/2017 Type :...

Million Pixels 3 - Authentication Bypass

Million Pixels 3 - Authentication Bypass Vulnerability: Authentication Bypass Date: 16.01.2017 Vendor Homepage: http://e-topbiz.com/ Script Name: Million Pixels 3 Script Buy Now: http://www.e-topbiz.com/oprema/pages/millionpixels3.php Author: İhsan Şencan Author Web: http://ihsan.net Mail :...

Image Sharing Script 4.13 - Multiple Vulnerabilities

Image Sharing Script 4.13 - Multiple Vulnerabilities Exploit Title : Image Sharing Script v4.13 - Multiple Vulnerability Author : Hasan Emre Ozer Google Dork : - Date : 16/01/2017 Type : webapps Platform: PHP Vendor Homepage : http://itechscripts.com/image-sharing-script/ Sofware Price and Demo :...

Apple macOS Sierra 10.12.1 - physmem Local Privilege Escalation

Apple macOS Sierra 10.12.1 - physmem Local Privilege Escalation physmem physmem is a physical memory inspection tool and local privilege escalation targeting macOS up through 10.12.1. It exploits either CVE-2016-1825 or CVE-2016-7617 depending on the deployment target. These two vulnerabilities a...

iSelect v1.4 - Local Buffer Overflow

iSelect v1.4 - Local Buffer Overflow Exploit developed using Exploit Pack v7.01 Exploit Author: Juan Sacco - http://www.exploitpack.com - [email protected] Program affected: iSelect Affected value: -k, --key=KEY Version: 1.4.0-2+b1 Tested and developed under: Kali Linux 2.0 x86 -...

WinaXe Plus 8.7 - Remote Buffer Overflow

WinaXe Plus 8.7 - Remote Buffer Overflow Exploit Title: WinaXe Plus 8.7 - lpr remote buffer overflow Date: 2017-01-16 Exploit Author: Peter Baris Exploit link: http://www.saptech-erp.com.au/resources/winaxelpr.zip Software Link: http://www.labf.com/download/winaxep-ok.html Version: 8.7 Tested on:...

Pirelli DRG A115 ADSL Router - DNS Change

Pirelli DRG A115 ADSL Router - DNS Change !/bin/bash Pirelli DRG A115 ADSL Router Unauthenticated Remote DNS Change Exploit Copyright 2017 c Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: The vulnerability exist in the web interface, which is...

Tenda ADSL22+ Modem D840R - DNS Change

Tenda ADSL22+ Modem D840R - DNS Change !/bin/bash Tenda ADSL2/2+ Modem D840R Unauthenticated Remote DNS Change Exploit Copyright 2017 c Todor Donev https://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg Description: The vulnerability exist in the web interface, which is...

Article Directory Script Seo 3.2 - Improper Access Restrictions

Article Directory Script Seo 3.2 - Improper Access Restrictions Vulnerability: Improper Access Restrictions Date: 15.01.2017 Vendor Homepage: http://www.e-soft24.com/ Script Name: Article Directory Script Seo Script Version: V3.2 Script Buy Now:...

MC Inventory Manager Script - Multiple Vulnerabilities

MC Inventory Manager Script - Multiple Vulnerabilities Vulnerability: Admin Login Bypass & SQLi Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Inventory Manager Script Buy Now: http://microcode.ws/product/mc-inventory-manager-php-script/3885 Author: İhsan Şencan Author Web...

MC Smart Shop Script - SQL Injection

MC Smart Shop Script - SQL Injection Vulnerability: SQL Injection Web Vulnerability Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Smart Shop Script Script Buy Now: http://microcode.ws/product/mc-smart-shop-php-script/3855 Author: İhsan Şencan Author Web: http://ihsan.net...

9 Network Linkedin Clone Script - Improper Access Restrictions

9 Network Linkedin Clone Script - Improper Access Restrictions Vulnerability: Improper Access Restrictions Date: 15.01.2017 Vendor Homepage: http://theninehertz.com Script Name: 9 network Linkedin Clone – Classified Ads Script Script Version: v1.0 Script Buy Now:...

MC Real Estate Pro Script - Improper Access Restrictions

MC Real Estate Pro Script - Improper Access Restrictions Vulnerability: Improper Access Restrictions Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Real Estate Pro Script Buy Now: http://microcode.ws/product/mc-real-estate-pro-php-script/3858 Author: İhsan Şencan Author We...

MC Coming Soon Script - Arbitrary File Upload Improper Access Restrictions

MC Coming Soon Script - Arbitrary File Upload Improper Access Restrictions Vulnerability: Improper Access Restrictions Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Coming Soon Script Script Buy Now: http://microcode.ws/product/mc-coming-soon-php-script/3880 Author: İhsan...

Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1.-1600 - Remote Code Execution (Metasploit)

Trend Micro InterScan Messaging Security Virtual Appliance 9.1.-1600 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Trend Micro InterScan Messaging Security...

MC Documentation Creator Script - SQL Injection

MC Documentation Creator Script - SQL Injection Vulnerability: SQL Injection Web Vulnerability Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Documentation Creator Script Buy Now: http://microcode.ws/product/mc-documentation-creator-php-script/3890 Author: İhsan Şencan...

MC Hosting Coupons Script - Cross-Site Request Forgery

MC Hosting Coupons Script - Cross-Site Request Forgery Vulnerability: Cross-Site Request Forgery Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Hosting Coupons Script Script Buy Now: http://microcode.ws/product/mc-hosting-coupons-php-script/3881 Author: İhsan Şencan Author...

MC Yellow Pages Script - SQL Injection

MC Yellow Pages Script - SQL Injection Vulnerability: SQL Injection Web Vulnerability Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Yellow Pages Script Script Buy Now: http://microcode.ws/product/mc-yellow-pages-php-script/3800 Author: İhsan Şencan Author Web:...

MC Buy and Sell Cars Script 1.1 - SQL Injection

MC Buy and Sell Cars Script 1.1 - SQL Injection Vulnerability: SQL Injection Web Vulnerability Date: 15.01.2017 Vendor Homepage: http://microcode.ws/ Script Name: MC Buy and Sell Cars Script Script Version: V1.1 Script Buy Now: http://microcode.ws/product/mc-buy-and-sell-cars-php-script/3878...

e-Soft24 Jokes Portal Script Seo 1.3 - Authentication Bypass

e-Soft24 Jokes Portal Script Seo 1.3 - Authentication Bypass Vulnerability: Admin Login Bypass & SQLi Date: 15.01.2017 Vendor Homepage: http://www.e-soft24.com/ Script Name: Jokes Portal Script Seo Script Version: v1.3 Script Buy Now: http://www.e-soft24.com/jokes-portal-script-seo-p-370.html...

Inout StickBoard 1.0 Script - Improper Access Restrictions

Inout StickBoard 1.0 Script - Improper Access Restrictions Vulnerability: Security Bypass Date: 13.01.2017 Vendor Homepage: http://www.inoutscripts.com/ Script Name: Inout StickBoard Script Script Version: v1.0 Script Buy Now: http://www.inoutscripts.com/demo/inout-stickboard/demo/ Author: İhsan...

Inout Celebrities 1.0 Script - Improper Access Restrictions

Inout Celebrities 1.0 Script - Improper Access Restrictions Vulnerability: Security Bypass Date: 13.01.2017 Vendor Homepage: http://www.inoutscripts.com/ Script Name: Inout Celebrities Script Script Version: v1.0 Script Buy Now: http://www.inoutscripts.com/demo/inout-celebrities/demo/ Author: İhs...

Hindu Matrimonial Script - Authentication Bypass

Hindu Matrimonial Script - Authentication Bypass Vulnerability:: Admin Login Bypass & SQLi + Add/Edit Date: 13.01.2017 Vendor Homepage: http://www.phpmatrimonialscript.in/ Script Name: Hindu Matrimonial Script Script Buy Now: http://www.phpmatrimonialscript.in/product/hindu-matrimonial-script/...

Inout SmartDeal 1.0 Script - Improper Access Restrictions

Inout SmartDeal 1.0 Script - Improper Access Restrictions Vulnerability: Security Bypass Date: 13.01.2017 Vendor Homepage: http://www.inoutscripts.com/ Script Name: Inout SmartDeal Script Script Version: v1.0 Script Buy Now: http://www.inoutscripts.com/demo/inout-smartdeal/demo/ Author: İhsan...

Mozilla Firefox 50.1.0 - Use-After-Free

Mozilla Firefox 50.1.0 - Use-After-Free -- body background-color:lime; font-color:red; ; / Mozilla Firefox 50.1.0 Use-After-Free POC Author: Marcin Ressel Date: 13.01.2017 Vendor Homepage: www.mozilla.org Software Link: https://ftp.mozilla.org/pub/firefox/releases/50.0.2/ Version: 50.1.0 Tested o...

Inout SocialTiles 2.0 Script - Improper Access Restrictions

Inout SocialTiles 2.0 Script - Improper Access Restrictions Vulnerability: Security Bypass Date: 13.01.2017 Vendor Homepage: http://www.inoutscripts.com/ Script Name: Inout SocialTiles Script Script Version: v2.0 Script Buy Now: http://www.inoutscripts.com/demo/inout-socialtiles/demo/ Author: İhs...

Education Website Script - Authentication Bypass

Education Website Script - Authentication Bypass Vulnerability:: Admin Login Bypass & SQLi Date: 13.01.2017 Vendor Homepage: http://scriptfirm.com/ Script Name: Education Website Script Script Buy Now: http://scriptfirm.com/education-website Author: İhsan Şencan Author Web: http://ihsan.net Mail ...

Open Source Real-Estate Script - SQL Injection

Open Source Real-Estate Script - SQL Injection Vulnerability: SQL Injection + Admin Login Bypass Date: 13.01.2017 Vendor Homepage: http://phprealestatescript.org/ Script Name: Open Source Real-Estate Script Script Buy Now: http://phprealestatescript.org/open-source-real-estate-script.html Author:...

Inout Search Engine Ultimate Edition 7.08.0 Script - Improper Access Restrictions

Inout Search Engine Ultimate Edition 7.08.0 Script - Improper Access Restrictions Vulnerability: Security Bypass Date: 13.01.2017 Vendor Homepage: http://www.inoutscripts.com/ Script Name: Inout Search Engine Ultimate Edition Script Script Version: v7.0, v8.0 Script Buy Now:...

Inout Webmail Ultimate Edition 4.0 Script - Improper Access Restrictions

Inout Webmail Ultimate Edition 4.0 Script - Improper Access Restrictions Vulnerability: Security Bypass Date: 13.01.2017 Vendor Homepage: http://www.inoutscripts.com/ Script Name: Inout Webmail Ultimate Edition v4.0 Script Version: Ultimate Edition v4.0, Ultimate Hypertable Version Script Buy Now...

Zeroshell 3.6.03.7.0 Net Services - Remote Code Execution

Zeroshell 3.6.03.7.0 Net Services - Remote Code Execution Exploit Title: Zeroshell - Net Services Unauthenticated Remote Code Execution | RCE Date: 13.01.2017 Exploit Author: Ozer Goker Vendor Homepage: http://www.zeroshell.org Software Link: www.zeroshell.org/download/ Version: 3.6.0 & 3.7.0...

Just Dial Marketplace - Authentication Bypass

Just Dial Marketplace - Authentication Bypass Vulnerability: Admin Login Bypass & SQLi Date: 13.01.2017 Vendor Homepage: http://scriptfirm.com/ Script Name: Just Dial Marketplace Script Script Buy Now: http://scriptfirm.com/just-dial-marketplace Author: İhsan Şencan Author Web: http://ihsan.net...

Inout QuerySpace 1.0 Script - Improper Access Restrictions

Inout QuerySpace 1.0 Script - Improper Access Restrictions Vulnerability: Security Bypass Date: 13.01.2017 Vendor Homepage: http://www.inoutscripts.com/ Script Name: Inout QuerySpace Script Script Version: v1.0 Script Buy Now: http://www.inoutscripts.com/demo/inout-queryspace/demo/ Author: İhsan...

Professional Service Booking Script - SQL Injection

Professional Service Booking Script - SQL Injection Vulnerability: Admin Login Bypass & SQLi Date: 13.01.2017 Vendor Homepage: http://scriptfirm.com/ Script Name: Professional Service Booking Script Script Buy Now: http://scriptfirm.com/professional-service-booking-engine Author: İhsan Şencan...

Courier Business Website Script - Authentication Bypass

Courier Business Website Script - Authentication Bypass Vulnerability: Admin Login Bypass & SQLi Date: 13.01.2017 Vendor Homepage: http://scriptfirm.com/ Script Name: Courier Business Website Script Script Buy Now: http://scriptfirm.com/courier-business-website Author: İhsan Şencan Author Web:...

Inout CareerLamp 1.0 Script - Improper Access Restrictions

Inout CareerLamp 1.0 Script - Improper Access Restrictions Vulnerability: Security Bypass Date: 13.01.2017 Vendor Homepage: http://www.inoutscripts.com/ Script Name: Inout CareerLamp Script Script Version: v1.0 Script Buy Now: http://www.inoutscripts.com/demo/inout-careerlamp/demo/ Author: İhsan...

Entrepreneur Matrimonial Script - Authentication Bypass

Entrepreneur Matrimonial Script - Authentication Bypass Vulnerability:: Admin Login Bypass & SQLi Date: 13.01.2017 Vendor Homepage: http://www.phpmatrimonialscript.in/ Script Name: Entrepreneur Matrimonial Script Script Buy Now: http://www.phpmatrimonialscript.in/product/entrepreneur-matrimonial/...

My Private Tutor Website Script - Authentication Bypass

My Private Tutor Website Script - Authentication Bypass Vulnerability: Admin Login Bypass & SQLi Date: 13.01.2017 Vendor Homepage: http://scriptfirm.com/ Script Name: Professional Service Booking Script Script Buy Now: My Private Tutor Website Author: İhsan Şencan Author Web: http://ihsan.net Mai...

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2 - Multiple Vulnerabilities

Trend Micro InterScan Web Security Virtual Appliance IWSVA 6.5 SP2 - Multiple Vulnerabilities Exploit Title: Trend Micro Interscan Web Security Virtual Appliance IWSVA 6.5.x Multiple Vulnerabilities Date: 12/01/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage:...

Itech Job Portal Script 9.11 - Authentication Bypass

Itech Job Portal Script 9.11 - Authentication Bypass Vulnerability: Job Portal Script v9.11 Authentication bypass Date: 12.01.2017 Software link: http://itechscripts.com/job-portal-script/ Demo: http://job-portal.itechscripts.com Price: 199$ Category: webapps Exploit Author: Dawid Morawski Websit...

Online Food Delivery 2.04 - Authentication Bypass

Online Food Delivery 2.04 - Authentication Bypass Vulnerability: Online Food Delivery v2.04 Authentication bypass Date: 12.01.2017 Software link: http://itechscripts.com/food-delivery/ Demo: http://restaurant.itechscripts.com Price: 49$ Category: webapps Exploit Author: Dawid Morawski Website:...

Huawei Flybox B660 - Cross-Site Request Forgery (2)

Huawei Flybox B660 - Cross-Site Request Forgery 2 Document Title: =============== Huawei Flybox B660 - POST SMS CSRF Web Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2026 Release Date: ============= 2017-01-12 Vulnerability Laboratory I...

aSc Timetables 2017 - Local Buffer Overflow

aSc Timetables 2017 - Local Buffer Overflow Exploit Title: aSc Timetables 2017 input field buffer overflow and code execution Date: 2017-01-12 Exploit Author: Peter Baris Exploit code: http://saptech-erp.com.au/resources/Timetables.zip Exploit documentation:...

School Management Software 2.75 - SQL Injection

School Management Software 2.75 - SQL Injection Vulnerability: School Management Software v2.75 - SQL Injection Web Vulnerability Google Dork: School Management Software Date:11.01.2017 Vendor Homepage: http://itechscripts.com/school-management-software/ Script Name: School Management Software...

ECommerce-Multi-Vendor Software - Arbitrary File Upload

ECommerce-Multi-Vendor Software - Arbitrary File Upload Vulnerability:Profile Arbitrary Shell Upload Google Dork: ECommerce-Multi-Vendor Software Date:11.01.2017 Vendor Homepage: http://www.tibsolutions.com/multi-vendor/ Script Name: ECommerce-Multi-Vendor Software Script Buy Now:...