Lucene search
K
ExploitpackRecent

41207 matches found

exploitpack
exploitpack
added 2018/02/16 12:0 a.m.18 views

Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection

Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection Exploit Title: Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor: http://coderspirit.blogspot.com.tr/2011/07/jquickcontact.html Software:...

7.5CVSS0.3AI score0.02703EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.19 views

Joomla! Component SquadManagement 1.0.3 - SQL Injection

Joomla! Component SquadManagement 1.0.3 - SQL Injection Exploit Title: Joomla! Component SquadManagement 1.0.3 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.larshildebrandt.de/ Software Link:...

7.5CVSS0.4AI score0.02703EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.21 views

Joomla! Component SimpleCalendar 3.1.9 - SQL Injection

Joomla! Component SimpleCalendar 3.1.9 - SQL Injection Exploit Title: Joomla! Component SimpleCalendar 3.1.9 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://albonico.ch/ Software Link: http://software.albonico.ch/downloads/file/3-simplecalendar-3-1-9.html Version: 3.1.9 Categor...

7.5CVSS0.7AI score0.02703EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.41 views

Joomla! Component AllVideos Reloaded 1.2.x - divid SQL Injection

Joomla! Component AllVideos Reloaded 1.2.x - divid SQL Injection Exploit Title: Joomla! Component AllVideos Reloaded 1.2.x - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://allvideos.fritz-elfert.de Software Link:...

7.5CVSS0.5AI score0.02703EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.17 views

Joomla! Component Project Log 1.5.3 - search SQL Injection

Joomla! Component Project Log 1.5.3 - search SQL Injection Exploit Title: Joomla! Component Project Log 1.5.3 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://extensions.thethinkery.net/ Software Link:...

7.5CVSS0.6AI score0.03108EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.41 views

Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection

Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection Exploit Title: Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://thekrotek.com/ Software Link: https://extensions.joomla.org/extension/smart-shoutbox/ Version: 3.0.0 Category: Webapps...

7.5CVSS0.5AI score0.02703EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.16 views

PHIMS - Hospital Management Information System - Password SQL Injection

PHIMS - Hospital Management Information System - Password SQL Injection Exploit Title: PHIMS - Hospital Management Information System - 'Password' SQL Injection Dork: N/A Date: 2018-02-16 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.30 views

Joomla! Component Saxum Numerology 3.0.4 - SQL Injection

Joomla! Component Saxum Numerology 3.0.4 - SQL Injection Exploit Title: Joomla! Component Saxum Numerology 3.0.4 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.saxum2003.hu/ Software Link: http://www.saxum2003.hu/en/downloadsen/category/7-saxumnumerology-komponens.html...

7.5CVSS0.7AI score0.02703EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.22 views

Joomla! Component DT Register 3.2.7 - id SQL Injection

Joomla! Component DT Register 3.2.7 - id SQL Injection Exploit Title: Joomla! Component DT Register 3.2.7 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://www.dthdevelopment.com/ Software Link:...

7.5CVSS0.2AI score0.03872EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.17 views

Joomla! Component Staff Master 1.0 RC 1 - SQL Injection

Joomla! Component Staff Master 1.0 RC 1 - SQL Injection Exploit Title: Joomla! Component Staff Master = 1.0 RC 1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.systemsunited.net/ Software Link: http://www.systemsunited.net/ Version: = 1.0 RC 1 Category: Webapps Tested on:...

7.5CVSS0.5AI score0.02703EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.50 views

JBoss Remoting 6.14.18 - Denial of Service

JBoss Remoting 6.14.18 - Denial of Service Exploit Title: Exploit Denial of Service JBoss Remoting 4447/9999 Date: 14-02-2018 Exploit Author: Frank Spierings Vendor Homepage: https://www.redhat.com/en/technologies/jboss-middleware/application-platform/get-started Software Link:...

5CVSS0.4AI score0.15812EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.25 views

Joomla! Component Form Maker 3.6.12 - SQL Injection

Joomla! Component Form Maker 3.6.12 - SQL Injection Exploit Title: Joomla! Component Form Maker 3.6.12 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://demo.web-dorado.com/ Software Link: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/form-maker/...

7.5CVSS0.4AI score0.02703EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.68 views

Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting

Joomla! Component Kubik-Rubik Simple Image Gallery Extended SIGE 3.2.3 - Cross-Site Scripting Exploit Title: Joomla! Component SIGE version 3. Solution: Update to version 3.3.0 https://downloads.kubik-rubik.de/joomla-extensions/plgsigev3.3.0.zip...

4.3CVSS6.1AI score0.02227EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.34 views

Joomla! Component JS Autoz 1.0.9 - SQL Injection

Joomla! Component JS Autoz 1.0.9 - SQL Injection Exploit Title: Joomla! Component JS Autoz 1.0.9 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.joomsky.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/js-autoz/ Software...

7.5CVSS0.6AI score0.19493EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.33 views

Front Accounting ERP 2.4.3 - Cross-Site Request Forgery

Front Accounting ERP 2.4.3 - Cross-Site Request Forgery...

6.8CVSS0.4AI score0.02392EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.45 views

Joomla! Component Saxum Astro 4.0.14 - SQL Injection

Joomla! Component Saxum Astro 4.0.14 - SQL Injection Exploit Title: Joomla! Component Saxum Astro 4.0.14 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.saxum2003.hu/ Software Link: https://extensions.joomla.org/extensions/extension/living/astrology-a-horoscope/saxumastro/...

7.5CVSS0.7AI score0.02759EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.28 views

Joomla! Component Gallery WD 1.3.6 - SQL Injection

Joomla! Component Gallery WD 1.3.6 - SQL Injection Exploit Title: Joomla! Component Gallery WD 1.3.6 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://web-dorado.com/ Software Link: https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-wd/ Software...

7.5CVSS0.6AI score0.02703EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.25 views

Joomla! Component Saxum Picker 3.2.10 - SQL Injection

Joomla! Component Saxum Picker 3.2.10 - SQL Injection Exploit Title: Joomla! Component Saxum Picker 3.2.10 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.saxum2003.hu/ Software Link: https://extensions.joomla.org/extensions/extension/sports-a-games/games/saxumpicker/...

7.5CVSS0.6AI score0.03953EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.28 views

Joomla! Component JTicketing 2.0.16 - SQL Injection

Joomla! Component JTicketing 2.0.16 - SQL Injection Exploit Title: Joomla! Component JTicketing 2.0.16 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://techjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/jticketing/ Versio...

7.5CVSS0.5AI score0.02703EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/15 12:0 a.m.15 views

Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions

Microsoft Edge Chakra JIT - Array Type Confusion via InitProto Instructions / If a native array is used as a prototype, it is converted to a Var array by the Js::JavascriptNativeFloatArray::SetIsPrototype method. In the JIT compiler, it uses InitProto instructions to set object literals' prototyp...

0.8AI score
Exploits0
exploitpack
exploitpack
added 2018/02/15 12:0 a.m.33 views

Pdfium - Pattern Shading Integer Overflows

Pdfium - Pattern Shading Integer Overflows This vulnerability relies on several minor oversights in the handling of shading patterns in pdfium, I'll try to detail all of the issues that could be fixed to harden the code against similar issues. The DrawXShading functions in cpdfrenderstatus.cpp re...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2018/02/15 12:0 a.m.21 views

Microsoft Edge Chakra JIT - Memory Corruption

Microsoft Edge Chakra JIT - Memory Corruption / Let's consider the following example code. function opt let arr = ; return arr'x'; // Optimize the "opt" function. for let i = 0; i inline Js::Var ExecuteImplicitCallJs::RecyclableObject function, Js::ImplicitCallFlags flags, Fn implicitCall // For...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2018/02/15 12:0 a.m.16 views

Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace

Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace Related to issue 1490 . When parsing ShadingPatterns; according to the specification they shouldn't be permitted to have a pattern colorspace as their base colorspace, but this is not validated, leading to out-of-bounds...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2018/02/15 12:0 a.m.12 views

Chrome V8 - Runtime_RegExpReplace Integer Overflow

Chrome V8 - RuntimeRegExpReplace Integer Overflow / Here's a snippet of the method. ASSIGNRETURNFAILUREONEXCEPTION isolate, captureslengthobj, Object::ToLengthisolate, captureslengthobj; const int captureslength = PositiveNumberToUint32captureslengthobj; ... if functionalreplace const int argc =...

1.2AI score
Exploits0
exploitpack
exploitpack
added 2018/02/15 12:0 a.m.13 views

Microsoft Edge Chakra JIT - GlobOpt::OptTagChecks Must Consider IsLoopPrePass Properly (2)

Microsoft Edge Chakra JIT - GlobOpt::OptTagChecks Must Consider IsLoopPrePass Properly 2 It seems this is the patch for the bug. https://github.com/Microsoft/ChakraCore/pull/4226/commits/874551dd00ff6f404e593c7e0162efb54b953f5a The following two cases will bypass the fix. 1: function opt let obj ...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2018/02/15 12:0 a.m.12 views

Microsoft Edge Chakra JIT - LdThis Type Confusion

Microsoft Edge Chakra JIT - LdThis Type Confusion / LdThis instructions' value type is assumed to be "Object". Since "this" can be other objects like an array, it has to be assumed to be "LikelyObject", otherwise, operations to "this" will not be checked properly. PoC: / function optarr arr0 = 1....

0.8AI score
Exploits0
exploitpack
exploitpack
added 2018/02/15 12:0 a.m.12 views

Microsoft Edge Chakra JIT - ImplicitCallFlags Checks Bypass

Microsoft Edge Chakra JIT - ImplicitCallFlags Checks Bypass / Here's a snippet of ExecuteImplicitCall which is responsible for updating the ImplicitCallFlags flag. template inline Js::Var ExecuteImplicitCallJs::RecyclableObject function, Js::ImplicitCallFlags flags, Fn implicitCall...

0.5AI score
Exploits0
exploitpack
exploitpack
added 2018/02/15 12:0 a.m.16 views

Microsoft Edge Chakra JIT - NewScObjectNoCtor Array Type Confusion

Microsoft Edge Chakra JIT - NewScObjectNoCtor Array Type Confusion / This is similar to the previous issues 1457, 1459 MSRC 42551, MSRC 42552. If a JavaScript function is used as a consturctor, it sets the new object's "proto" to its "prototype". The JIT compiler uses NewScObjectNoCtor instructio...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2018/02/15 12:0 a.m.25 views

Microsoft Edge Chakra JIT - Array.prototype.reverse Array Type Confusion

Microsoft Edge Chakra JIT - Array.prototype.reverse Array Type Confusion / This is simillar to the previous issue 1457. But this time, we use Array.prototype.reverse. Array.prototype.reverse can be inlined and may invoke EnsureNonNativeArray to convert the prototype of "this" to a Var array. Call...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 9:9 p.m.13 views

T9uSX62CBPeacuH

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

2.9AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 9:8 p.m.13 views

f3KOTJ0fqueVFEI

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

2.9AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 3:53 p.m.15 views

g6LJ13AJmUiI3LV

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

2.9AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 2:55 p.m.12 views

dwUjN2s6BF1pLOo

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

2.9AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 2:37 p.m.9 views

Br6Q8A5La1vHEXc

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

2.9AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 2:11 p.m.13 views

LZiu47KuvVGGiya

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

2.9AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 2:3 p.m.15 views

1dr3WheuN0QMcPU

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

2.9AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 1:57 p.m.14 views

dzQhdsmL3yNgUKJ

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

2.9AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 1:31 p.m.13 views

imjlGlBKdX7OY6y

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

2.9AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 1:6 p.m.11 views

2Lulc8bMIZt16Pt

A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...

2.9AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 12:0 a.m.61 views

Dell EMC Isilon OneFS - Multiple Vulnerabilities

Dell EMC Isilon OneFS - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Dell EMC Isilon OneFS Multiple Vulnerabilities 1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:...

7.2CVSS0.4AI score0.287EPSS
Exploits13
exploitpack
exploitpack
added 2018/02/14 12:0 a.m.18 views

Social Oauth Login PHP - Authentication Bypass

Social Oauth Login PHP - Authentication Bypass Exploit Title: Social Oauth Login PHP - Authentication Bypass Dork: N/A Date: 2018-02-12 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.codester.com/items/4554/social-oauth-login-php Version: All...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 12:0 a.m.34 views

userSpice 4.3 - Cross-Site Scripting

userSpice 4.3 - Cross-Site Scripting Application UserSpice PHP user management Vulnerability userSpice alert"1"&csrf=8b1339546d6af1e7536da0a705302e9c&updatebio= Vulnerable code: id?" class="nounderline"id?...

6.8AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 12:0 a.m.15 views

SOA School Management - access_login SQL Injection

SOA School Management - accesslogin SQL Injection Exploit Title: SOA - School Management Software with Integrated Parents/Students Portal & Mobile App - 'accesslogin' SQL Injection Dork: N/A Date: 2018-02-14 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2018/02/14 12:0 a.m.68 views

Tenda AC15 Router - Remote Code Execution

Tenda AC15 Router - Remote Code Execution !/usr/bin/env python EDB Note Source: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ import urllib2 import struct import time import socket from optparse import import SimpleHTTPServer import SocketServer import threading import sys...

7.5CVSS0.5AI score0.41403EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/14 12:0 a.m.25 views

NAT32 2.2 Build 22284 - Remote Command Execution

NAT32 2.2 Build 22284 - Remote Command Execution + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CVE-2018-6940.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Product:...

4.3CVSS6.6AI score0.02828EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/14 12:0 a.m.21 views

NAT32 2.2 Build 22284 - Cross-Site Request Forgery

NAT32 2.2 Build 22284 - Cross-Site Request Forgery + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt + ISR: Apparition Security -- D1rty0tis Vendor: ============= www.nat32.com Produc...

6.8CVSS0.6AI score0.03544EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/14 12:0 a.m.35 views

GNU binutils 2.26.1 - Integer Overflow (PoC)

GNU binutils 2.26.1 - Integer Overflow PoC Exploit Title: Objdump - Integer Overflow Crash POC Date: 12.02.2018 Exploit Author: r4xis Tested Version: 2.26.1 Vuln Version: \nint mainprintf"HelloWorld!\n"; return 0;" f = open"helloWorld.c", 'w' f.writehello f.close os.system"gcc -c helloWorld.c -o...

6.8CVSS0.6AI score0.05944EPSS
Exploits5
exploitpack
exploitpack
added 2018/02/13 12:0 a.m.17 views

TypeSetter CMS 5.1 - Host Header Injection

TypeSetter CMS 5.1 - Host Header Injection ​ Exploit Title: TypeSetter CMS 5.1 Host Header Injection Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/ Version: 5.1...

7.7AI score
Exploits0
exploitpack
exploitpack
added 2018/02/13 12:0 a.m.16 views

News Website Script 2.0.4 - search SQL Injection

News Website Script 2.0.4 - search SQL Injection Exploit Title:News Website Script - SQL Injection Error Based Google Dork: NA Date: 12.02.2018 Exploit Author: Varun Bagaria Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: http://under24usd.com/demo/newstoday/index.php Version: 2.0...

Exploits0
exploitpack
exploitpack
added 2018/02/13 12:0 a.m.11 views

TypeSetter CMS 5.1 - Cross-Site Request Forgery

TypeSetter CMS 5.1 - Cross-Site Request Forgery Exploit Title: TypeSetter CMS 5.1 Cross Site Request Forgery Date: 10-02-2018 Exploit Author: Navina Asrani Contact: https://twitter.com/NavinaSanjay Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.typesettercms.com/...

0.4AI score
Exploits0
Total number of security vulnerabilities41207