Ajax Full Featured Calendar 2.0 - search SQL Injection

Ajax Full Featured Calendar 2.0 - search SQL Injection Exploit Title: Ajax Full Featured Calendar 2.0 - 'search' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/ajax-full-featured-calendar-2/10158465 Version: 2.0...

Symfony 2.7.0 4.0.10 - Denial of Service

Symfony 2.7.0 4.0.10 - Denial of Service The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations see below and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. An application is...

EasyService Billing 1.0 - Cross-Site Request Forgery

EasyService Billing 1.0 - Cross-Site Request Forgery history.pushState'', '', '/' input typ...

EasyService Billing 1.0 - q SQL Injection

EasyService Billing 1.0 - q SQL Injection !-- Exploit Title: EasyService Billing 1.0 SQL Injection on page jobcard-ongoing.php?q= Date: 25-05-2018 Software Link: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 Exploit Author: Divya Jain...

Employee Work Schedule 5.9 - cal_id SQL Injection

Employee Work Schedule 5.9 - calid SQL Injection Exploit Title: EWS 5.9 - 'search' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/employee-work-schedule-multicalendar/10545683 Version: 5.9 Category: Webapps Tested on...

SAP Internet Transaction Server 6200.x - Session Fixation Cross-Site Scripting

SAP Internet Transaction Server 6200.x - Session Fixation Cross-Site Scripting Exploit Title: SAP Internet Transaction Server ITS 6200.X.X - Session Fixation/ Cross-Site Scripting Dork: /scripts/wgate/ Date: 25.05.2018 Exploit Author: J. Carrillo Lencina 0xd0m7 Vendor Homepage: https://www.sap.co...

Oracle WebCenter FatWire Content Server 7 - Improper Access Control

Oracle WebCenter FatWire Content Server 7 - Improper Access Control Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 =...

Oracle WebCenter Sites 11.1.1.8.012.2.1.x - Cross-Site Scripting

Oracle WebCenter Sites 11.1.1.8.012.2.1.x - Cross-Site Scripting Exploit Title: Multiple XSS Oracle WebCenter Sites FatWire Content Server 7.x 11gR1 Dork: inurl:Satellite?c Date: 18.12.201 Exploit Author: Richard Alviarez Vendor Homepage: http://oracle.com Version: 7.x 11gR1 CVE: CVE-2018-2791...

Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write

Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write !-- Skia bug report: https://bugs.chromium.org/p/skia/issues/detail?id=7674 Mozilla bug report: https://bugzilla.mozilla.org/showbug.cgi?id=1441941 In Skia, SkTDArray stores length fCount and capacity fReserve as 32-b...

MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting

MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Date: 2018-05-17 Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 CVE: N/A 1. Description:...

Microsoft Edge Chakra - Cross Context Use-After-Free

Microsoft Edge Chakra - Cross Context Use-After-Free f.onload = null; // Garbage collection for let i = 0; i 10; i++ new ArrayBuffer1024 1024 40; let obj = opt; // "opt" returns the freed string constant. ; // Closing the diffrent context f.src = 'about:blank'; But in fact, if you run the code, y...

KomSeo Cart 1.3 - my_item_search SQL Injection

KomSeo Cart 1.3 - myitemsearch SQL Injection Exploit Title: KomSeo Cart 1.3 - 'edit.php' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: SITEMAKIN Vendor Homepage: https://sitemakin.com Version: 1.3 Category: Webapps Tested on: Kali linux Description : T...

EU MRV Regulatory Complete Solution 1 - Authentication Bypass

EU MRV Regulatory Complete Solution 1 - Authentication Bypass Exploit Title: EU MRV Regulatory Complete Solution 1 - Authentication Bypass Date: 2018-05-24 Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/eu-mrv-regulatory-complete-solution/21680923?srank=11 Version: v1...

ASP.NET jVideo Kit - query SQL Injection

ASP.NET jVideo Kit - query SQL Injection Exploit Title: ASP.NET jVideo Kit - 'query' SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: MediaSoft Pro Vendor Homepage: https://www.mediasoftpro.com/video-sharing-script/mvc/ Version: v1.0 Category: Webapps...

PaulNews 1.0 - keyword SQL Injection Cross-Site Scripting

PaulNews 1.0 - keyword SQL Injection Cross-Site Scripting Exploit Title: PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: MediaSoft Pro Vendor Homepage:...

Timber 1.1 - Cross-Site Request Forgery

Timber 1.1 - Cross-Site Request Forgery Exploit Title: Timber - Ultimate Freelancer Platform 1.1 - Cross site request forgery Date: 2018-05-24 Exploit Author: L0RD or [email protected] Vendor Homepage: https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?srank=1717...

Honeywell XL Web Controller - Cross-Site Scripting

Honeywell XL Web Controller - Cross-Site Scripting Exploit Title: Honeywell XL Web Controller - Cross-Site Scripting Date: 2018-05-24 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : XL1000C50 EXCEL WEB 52 I/O, XL1000C100 EXCEL WEB 104 I/O, XL1000C500...

Wecodex Store Paypal 1.0 - SQL Injection

Wecodex Store Paypal 1.0 - SQL Injection Exploit Title: Wecodex Store Paypal 1.0 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.wecodex.com/item/view/online-store-system-with-paypal-sdk-in-php/9 Version: 1.0 Category: Webapps Test...

Library CMS 1.0 - SQL Injection

Library CMS 1.0 - SQL Injection Exploit Title: Library CMS 1.0 - SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/library-management-system-in-php-and-mysql/1 Version: 1.0 Category:...

Siemens SCALANCE S613 - Remote Denial of Service

Siemens SCALANCE S613 - Remote Denial of Service Exploit Title: Siemens SCALANCE S613 - Remote Denial of Service Date: 2018-05-23 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.siemens.com/ Version: SCALANCE S613 MLFB: 6GK5613-0BA00-2AA3: All versions. Tested on: Kali Linux CVE:...

MySQL Smart Reports 1.0 - id SQL Injection Cross-Site Scripting

MySQL Smart Reports 1.0 - id SQL Injection Cross-Site Scripting Exploit Title: MySQL Smart Reports 1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...

Online Store System CMS 1.0 - SQL Injection

Online Store System CMS 1.0 - SQL Injection Exploit Title: Online Store System CMS 1.0 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/online-store-system-in-php-and-mysql/3 Version:...

PHP Dashboards 4.5 - SQL Injection

PHP Dashboards 4.5 - SQL Injection Exploit Title: PHP Dashboards 4.5 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104 Version: v4.5 Category: Webapps Tested on...

PHP Dashboards 4.5 - email SQL Injection

PHP Dashboards 4.5 - email SQL Injection Exploit Title: PHP Dashboards v4.5 - Registration Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/php-dashboards-v40-collaborative-social-dashboards/19314871 Version: v4.5...

Shipping System CMS 1.0 - SQL Injection

Shipping System CMS 1.0 - SQL Injection Exploit Title: Shipping System CMS 1.0 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/shipping-system-by-parcel-in-php-and-mysql/4 Version: 1...

MySQL Blob Uploader 1.7 - home-filet-edit.php SQL Injection Cross-Site Scripting

MySQL Blob Uploader 1.7 - home-filet-edit.php SQL Injection Cross-Site Scripting Exploit Title: MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...

Gigs 2.0 - username SQL Injection

Gigs 2.0 - username SQL Injection Exploit Title: Gigs v2.0 - Login Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/gigs-services-marketplace/20716059 Version: v2.0 Category: Webapps Tested on: Kali linux...

EasyService Billing 1.0 - SQL Injection Cross-Site Scripting

EasyService Billing 1.0 - SQL Injection Cross-Site Scripting Exploit Title: EasyService Billing 1.0 - 'template.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...

EasyService Billing 1.0 - p1 SQL Injection

EasyService Billing 1.0 - p1 SQL Injection Exploit Title: EasyService Billing 1.0 - 'customer-new-s.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...

Honeywell Scada System - Information Disclosure

Honeywell Scada System - Information Disclosure Exploit Title: Honeywell Scada System - Information Disclosure Date: 2018-05-23 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS Tested on: Linux To be written...

GPSTracker 1.0 - id SQL Injection

GPSTracker 1.0 - id SQL Injection Exploit Title: GPSTracker v1.0 - Login Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.wecodex.com https://codecanyon.net/item/gpstracker-gps-trackgin-system/21873663 Version: 1.0 Category:...

MySQL Blob Uploader 1.7 - home-file-edit.php SQL Injection Cross-Site Scripting

MySQL Blob Uploader 1.7 - home-file-edit.php SQL Injection Cross-Site Scripting Exploit Title: MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...

MySQL Blob Uploader 1.7 - home-filet-edit.php SQL Injection

MySQL Blob Uploader 1.7 - home-filet-edit.php SQL Injection Exploit Title: MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...

FTPShell Server 6.80 - Denial of Service

FTPShell Server 6.80 - Denial of Service Exploit Title: FTPShell Server 6.80 - Local Denial of Service Exploit Author: Hashim Jawad Date: 2018-05-23 Vendor Homepage: http://www.ftpshell.com/ Vulnerable Software: http://www.ftpshell.com/downloadserver.htm Tested on: Windows 7 Enterprise - SP1 x86...

Wecodex Hotel CMS 1.0 - Admin Login SQL Injection

Wecodex Hotel CMS 1.0 - Admin Login SQL Injection Exploit Title: Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage:...

eWallet Online Payment Gateway 2 - Cross-Site Request Forgery

eWallet Online Payment Gateway 2 - Cross-Site Request Forgery Exploit Title: eWallet - Online Payment Gateway 2 - Cross-Site Request Forgery Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/ewallet-online-payment-gateway/19316332?srank=1110 Version: 2 Tested on:...

MySQL Blob Uploader 1.7 - download.php SQL Injection Cross-Site Scripting

MySQL Blob Uploader 1.7 - download.php SQL Injection Cross-Site Scripting Exploit Title: MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...

WordPress Plugin Peugeot Music - Arbitrary File Upload

WordPress Plugin Peugeot Music - Arbitrary File Upload Exploit Title: Wordpress Plugin Peugeot Music - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/peugeot-music-plugin/ Date: 2018-05-23 Exploit Author: Mr.7z Vendor Homepage: - Software Link: - Version: 1.0 Tested on: Windows 10...

School Management System CMS 1.0 - username SQL Injection

School Management System CMS 1.0 - username SQL Injection Exploit Title: School Management System CMS 1.0 - Admin Login SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage:...

Wecodex Restaurant CMS 1.0 - Login SQL Injection

Wecodex Restaurant CMS 1.0 - Login SQL Injection Exploit Title: Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/...

SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change

SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change Exploit Title: SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change Shodan Dork: SDT-CW3B1 Date: 2018-05-23 Exploit Author: Safak Aslan Vendor Homepage: http://telesquare.co.kr/ Version: SKT CW3B1 sw version 1.2.0 Tested on:...

FTPShell Server 6.80 - Buffer Overflow (SEH)

FTPShell Server 6.80 - Buffer Overflow SEH !/usr/bin/python ---------------------------------------------------------------------------------------------------------- Exploit Title : FTPShell Server v6.80 - Local Buffer Overflow SafeSEH Bypass Exploit Author : Hashim Jawad - @ihack4falafel Vendor...

Mobile Card Selling Platform 1 - Cross-Site Request Forgery

Mobile Card Selling Platform 1 - Cross-Site Request Forgery Exploit Title: Mcard - Mobile Card Selling Platform 1 - Cross-Site Request Forgery Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?srank=15 Version: 1 Tested...

Mcard Mobile Card Selling Platform 1 - SQL Injection

Mcard Mobile Card Selling Platform 1 - SQL Injection Exploit Title: Exploit Title: Mcard Mobile Card Selling Platform 1 - SQL Injection Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?srank=15 Version: 1 Tested on: Kal...

SAT CFDI 3.3 - SQL Injection

SAT CFDI 3.3 - SQL Injection Exploit Title: SAT CFDI 3.3 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.wecodex.com/item/view/verification-and-validation-system-sat-cfdi-33/8 Version: 3.3 Category: Webapps Tested on: Kali linux...

Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing

Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing OMACP is a protocol supported by many mobile devices which allows them to receive provisioning information over the mobile network. One way to provision a device is via a WAP push SMS message containing provisioning...

ERPnext 11 - Cross-Site Scripting

ERPnext 11 - Cross-Site Scripting Exploit Title: ERPnext 11.x.x - Cross-Site Scripting Date: 2018-05-10 Exploit Author: Veerababu Penugonda Vendor Homepage: https://erpnext.com/ Software Link: https://demo.erpnext.com/ Version: Frappe ERPNext v11.x.x-develop Tested on: Mozilla Firefox quantum 60....

WebSocket Live Chat - Cross-Site Scripting

WebSocket Live Chat - Cross-Site Scripting Exploit Title: WebSocket Live Chat - Cross-Site Scripting Date: 2018-05-22 Exploit Author: Alireza Norkazemi Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?srank=1 POC : 1 Create your account and click...

Auto Car 1.2 - car_title SQL Injection Cross-Site Scripting

Auto Car 1.2 - cartitle SQL Injection Cross-Site Scripting Exploit Title: Auto car 1.2 - 'cartitle' SQL Injection / Cross-Site Scripting Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/auto-car-car-listing-script/19221368?srank=1159 Version: 1.2...

iSocial 1.2.0 - Cross-Site Scripting Cross-Site Request Forgery

iSocial 1.2.0 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/isocial-social-network-platform/21164041?srank=2...