41207 matches found
Employee Work Schedule 5.9 - cal_id SQL Injection
Employee Work Schedule 5.9 - calid SQL Injection Exploit Title: EWS 5.9 - 'search' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/employee-work-schedule-multicalendar/10545683 Version: 5.9 Category: Webapps Tested on...
mySurvey 1.0 - id SQL Injection
mySurvey 1.0 - id SQL Injection Exploit Title: mySurvey 1.0 - 'statistic.php' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysurvey/6794645 Version: 1.0 Category: Webapps Tested on: Kali linux Description : You can...
Ajax Full Featured Calendar 2.0 - search SQL Injection
Ajax Full Featured Calendar 2.0 - search SQL Injection Exploit Title: Ajax Full Featured Calendar 2.0 - 'search' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/ajax-full-featured-calendar-2/10158465 Version: 2.0...
easyLetters 1.0 - id SQL Injection
easyLetters 1.0 - id SQL Injection Exploit Title: easyLetters 1.0 - 'id' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/easyletters/5281396 Version: 1.0 Category: Webapps Tested on: Kali linux...
EasyService Billing 1.0 - Cross-Site Request Forgery
EasyService Billing 1.0 - Cross-Site Request Forgery history.pushState'', '', '/' input typ...
Oracle WebCenter FatWire Content Server 7 - Improper Access Control
Oracle WebCenter FatWire Content Server 7 - Improper Access Control Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 =...
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Date: 2018-05-17 Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 CVE: N/A 1. Description:...
Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write
Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write !-- Skia bug report: https://bugs.chromium.org/p/skia/issues/detail?id=7674 Mozilla bug report: https://bugzilla.mozilla.org/showbug.cgi?id=1441941 In Skia, SkTDArray stores length fCount and capacity fReserve as 32-b...
KomSeo Cart 1.3 - my_item_search SQL Injection
KomSeo Cart 1.3 - myitemsearch SQL Injection Exploit Title: KomSeo Cart 1.3 - 'edit.php' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: SITEMAKIN Vendor Homepage: https://sitemakin.com Version: 1.3 Category: Webapps Tested on: Kali linux Description : T...
Microsoft Edge Chakra - Cross Context Use-After-Free
Microsoft Edge Chakra - Cross Context Use-After-Free f.onload = null; // Garbage collection for let i = 0; i 10; i++ new ArrayBuffer1024 1024 40; let obj = opt; // "opt" returns the freed string constant. ; // Closing the diffrent context f.src = 'about:blank'; But in fact, if you run the code, y...
Oracle WebCenter Sites 11.1.1.8.012.2.1.x - Cross-Site Scripting
Oracle WebCenter Sites 11.1.1.8.012.2.1.x - Cross-Site Scripting Exploit Title: Multiple XSS Oracle WebCenter Sites FatWire Content Server 7.x 11gR1 Dork: inurl:Satellite?c Date: 18.12.201 Exploit Author: Richard Alviarez Vendor Homepage: http://oracle.com Version: 7.x 11gR1 CVE: CVE-2018-2791...
SAP Internet Transaction Server 6200.x - Session Fixation Cross-Site Scripting
SAP Internet Transaction Server 6200.x - Session Fixation Cross-Site Scripting Exploit Title: SAP Internet Transaction Server ITS 6200.X.X - Session Fixation/ Cross-Site Scripting Dork: /scripts/wgate/ Date: 25.05.2018 Exploit Author: J. Carrillo Lencina 0xd0m7 Vendor Homepage: https://www.sap.co...
Timber 1.1 - Cross-Site Request Forgery
Timber 1.1 - Cross-Site Request Forgery Exploit Title: Timber - Ultimate Freelancer Platform 1.1 - Cross site request forgery Date: 2018-05-24 Exploit Author: L0RD or [email protected] Vendor Homepage: https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?srank=1717...
EU MRV Regulatory Complete Solution 1 - Authentication Bypass
EU MRV Regulatory Complete Solution 1 - Authentication Bypass Exploit Title: EU MRV Regulatory Complete Solution 1 - Authentication Bypass Date: 2018-05-24 Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/eu-mrv-regulatory-complete-solution/21680923?srank=11 Version: v1...
ASP.NET jVideo Kit - query SQL Injection
ASP.NET jVideo Kit - query SQL Injection Exploit Title: ASP.NET jVideo Kit - 'query' SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: MediaSoft Pro Vendor Homepage: https://www.mediasoftpro.com/video-sharing-script/mvc/ Version: v1.0 Category: Webapps...
PaulNews 1.0 - keyword SQL Injection Cross-Site Scripting
PaulNews 1.0 - keyword SQL Injection Cross-Site Scripting Exploit Title: PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: MediaSoft Pro Vendor Homepage:...
Honeywell XL Web Controller - Cross-Site Scripting
Honeywell XL Web Controller - Cross-Site Scripting Exploit Title: Honeywell XL Web Controller - Cross-Site Scripting Date: 2018-05-24 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : XL1000C50 EXCEL WEB 52 I/O, XL1000C100 EXCEL WEB 104 I/O, XL1000C500...
MySQL Blob Uploader 1.7 - download.php SQL Injection Cross-Site Scripting
MySQL Blob Uploader 1.7 - download.php SQL Injection Cross-Site Scripting Exploit Title: MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...
GPSTracker 1.0 - id SQL Injection
GPSTracker 1.0 - id SQL Injection Exploit Title: GPSTracker v1.0 - Login Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.wecodex.com https://codecanyon.net/item/gpstracker-gps-trackgin-system/21873663 Version: 1.0 Category:...
Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing
Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing OMACP is a protocol supported by many mobile devices which allows them to receive provisioning information over the mobile network. One way to provision a device is via a WAP push SMS message containing provisioning...
PHP Dashboards 4.5 - SQL Injection
PHP Dashboards 4.5 - SQL Injection Exploit Title: PHP Dashboards 4.5 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104 Version: v4.5 Category: Webapps Tested on...
PHP Dashboards 4.5 - email SQL Injection
PHP Dashboards 4.5 - email SQL Injection Exploit Title: PHP Dashboards v4.5 - Registration Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/php-dashboards-v40-collaborative-social-dashboards/19314871 Version: v4.5...
Wecodex Store Paypal 1.0 - SQL Injection
Wecodex Store Paypal 1.0 - SQL Injection Exploit Title: Wecodex Store Paypal 1.0 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.wecodex.com/item/view/online-store-system-with-paypal-sdk-in-php/9 Version: 1.0 Category: Webapps Test...
WordPress Plugin Peugeot Music - Arbitrary File Upload
WordPress Plugin Peugeot Music - Arbitrary File Upload Exploit Title: Wordpress Plugin Peugeot Music - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/peugeot-music-plugin/ Date: 2018-05-23 Exploit Author: Mr.7z Vendor Homepage: - Software Link: - Version: 1.0 Tested on: Windows 10...
MySQL Blob Uploader 1.7 - home-filet-edit.php SQL Injection
MySQL Blob Uploader 1.7 - home-filet-edit.php SQL Injection Exploit Title: MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...
SAT CFDI 3.3 - SQL Injection
SAT CFDI 3.3 - SQL Injection Exploit Title: SAT CFDI 3.3 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.wecodex.com/item/view/verification-and-validation-system-sat-cfdi-33/8 Version: 3.3 Category: Webapps Tested on: Kali linux...
Shipping System CMS 1.0 - SQL Injection
Shipping System CMS 1.0 - SQL Injection Exploit Title: Shipping System CMS 1.0 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/shipping-system-by-parcel-in-php-and-mysql/4 Version: 1...
Siemens SCALANCE S613 - Remote Denial of Service
Siemens SCALANCE S613 - Remote Denial of Service Exploit Title: Siemens SCALANCE S613 - Remote Denial of Service Date: 2018-05-23 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.siemens.com/ Version: SCALANCE S613 MLFB: 6GK5613-0BA00-2AA3: All versions. Tested on: Kali Linux CVE:...
MySQL Smart Reports 1.0 - id SQL Injection Cross-Site Scripting
MySQL Smart Reports 1.0 - id SQL Injection Cross-Site Scripting Exploit Title: MySQL Smart Reports 1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...
Gigs 2.0 - username SQL Injection
Gigs 2.0 - username SQL Injection Exploit Title: Gigs v2.0 - Login Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/gigs-services-marketplace/20716059 Version: v2.0 Category: Webapps Tested on: Kali linux...
EasyService Billing 1.0 - p1 SQL Injection
EasyService Billing 1.0 - p1 SQL Injection Exploit Title: EasyService Billing 1.0 - 'customer-new-s.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...
MySQL Blob Uploader 1.7 - home-file-edit.php SQL Injection Cross-Site Scripting
MySQL Blob Uploader 1.7 - home-file-edit.php SQL Injection Cross-Site Scripting Exploit Title: MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...
eWallet Online Payment Gateway 2 - Cross-Site Request Forgery
eWallet Online Payment Gateway 2 - Cross-Site Request Forgery Exploit Title: eWallet - Online Payment Gateway 2 - Cross-Site Request Forgery Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/ewallet-online-payment-gateway/19316332?srank=1110 Version: 2 Tested on:...
Library CMS 1.0 - SQL Injection
Library CMS 1.0 - SQL Injection Exploit Title: Library CMS 1.0 - SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/library-management-system-in-php-and-mysql/1 Version: 1.0 Category:...
Honeywell Scada System - Information Disclosure
Honeywell Scada System - Information Disclosure Exploit Title: Honeywell Scada System - Information Disclosure Date: 2018-05-23 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS Tested on: Linux To be written...
Mobile Card Selling Platform 1 - Cross-Site Request Forgery
Mobile Card Selling Platform 1 - Cross-Site Request Forgery Exploit Title: Mcard - Mobile Card Selling Platform 1 - Cross-Site Request Forgery Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?srank=15 Version: 1 Tested...
MySQL Blob Uploader 1.7 - home-filet-edit.php SQL Injection Cross-Site Scripting
MySQL Blob Uploader 1.7 - home-filet-edit.php SQL Injection Cross-Site Scripting Exploit Title: MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...
FTPShell Server 6.80 - Buffer Overflow (SEH)
FTPShell Server 6.80 - Buffer Overflow SEH !/usr/bin/python ---------------------------------------------------------------------------------------------------------- Exploit Title : FTPShell Server v6.80 - Local Buffer Overflow SafeSEH Bypass Exploit Author : Hashim Jawad - @ihack4falafel Vendor...
FTPShell Server 6.80 - Denial of Service
FTPShell Server 6.80 - Denial of Service Exploit Title: FTPShell Server 6.80 - Local Denial of Service Exploit Author: Hashim Jawad Date: 2018-05-23 Vendor Homepage: http://www.ftpshell.com/ Vulnerable Software: http://www.ftpshell.com/downloadserver.htm Tested on: Windows 7 Enterprise - SP1 x86...
SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change
SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change Exploit Title: SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change Shodan Dork: SDT-CW3B1 Date: 2018-05-23 Exploit Author: Safak Aslan Vendor Homepage: http://telesquare.co.kr/ Version: SKT CW3B1 sw version 1.2.0 Tested on:...
School Management System CMS 1.0 - username SQL Injection
School Management System CMS 1.0 - username SQL Injection Exploit Title: School Management System CMS 1.0 - Admin Login SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage:...
EasyService Billing 1.0 - SQL Injection Cross-Site Scripting
EasyService Billing 1.0 - SQL Injection Cross-Site Scripting Exploit Title: EasyService Billing 1.0 - 'template.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...
Online Store System CMS 1.0 - SQL Injection
Online Store System CMS 1.0 - SQL Injection Exploit Title: Online Store System CMS 1.0 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/online-store-system-in-php-and-mysql/3 Version:...
Wecodex Restaurant CMS 1.0 - Login SQL Injection
Wecodex Restaurant CMS 1.0 - Login SQL Injection Exploit Title: Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/...
Mcard Mobile Card Selling Platform 1 - SQL Injection
Mcard Mobile Card Selling Platform 1 - SQL Injection Exploit Title: Exploit Title: Mcard Mobile Card Selling Platform 1 - SQL Injection Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?srank=15 Version: 1 Tested on: Kal...
Wecodex Hotel CMS 1.0 - Admin Login SQL Injection
Wecodex Hotel CMS 1.0 - Admin Login SQL Injection Exploit Title: Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage:...
Dell EMC RecoverPoint boxmgmt CLI 5.1.2 - Arbitrary File Read
Dell EMC RecoverPoint boxmgmt CLI 5.1.2 - Arbitrary File Read Exploit Title: Dell EMC RecoverPoint boxmgmt CLI /etc/passwd: terminating, 34 bad configuration options Command "ssh...
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-22 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1200 CPU family...
Auto Car 1.2 - car_title SQL Injection Cross-Site Scripting
Auto Car 1.2 - cartitle SQL Injection Cross-Site Scripting Exploit Title: Auto car 1.2 - 'cartitle' SQL Injection / Cross-Site Scripting Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/auto-car-car-listing-script/19221368?srank=1159 Version: 1.2...
NewsBee CMS 1.4 - download.php SQL Injection
NewsBee CMS 1.4 - download.php SQL Injection Exploit Title: NewsBee CMS 1.4 - 'download.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Version:...