41207 matches found
Avaya IP Office (IPO) 10.1 - SoftConsole Remote Buffer Overflow (SEH)
Avaya IP Office IPO 10.1 - SoftConsole Remote Buffer Overflow SEH + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-IPO-v9.1.0-10.1-SOFT-CONSOLE-REMOTE-BUFFER-OVERFLOW-0DAY.txt + ISR: apparitionSec Vendor:...
Actiontec C1000A Modem - Backdoor Account
Actiontec C1000A Modem - Backdoor Account Exploit Title: Actiontec C1000A backdoor account Google Dork: NA Date: 11/04/2017 Exploit Author: Joseph McDonagh Vendor Homepage: https://actiontecsupport.zendesk.com/hc/en-us Software Link: N/A Hardware Version: Firmware CAC003-31.30L.86 Tested on: Linu...
WordPress Plugin Userpro 4.9.17.1 - Authentication Bypass
WordPress Plugin Userpro 4.9.17.1 - Authentication Bypass Exploit Title: Userpro – WordPress Plugin – Authentication Bypass Google Dork: inurl:/plugins/userpro Date: 11.04.2017 Exploit Author: Colette Chamberland Wordfence, Iain Hadgraft Duke University Vendor Homepage:...
WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection
WordPress Plugin JTRT Responsive Tables 4.1 - SQL Injection Exploit Title: JTRT Responsive Tables 4.1 – WordPress Plugin – Sql Injection Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/jtrt-responsive-tables/ Software Link:...
GraphicsMagick - Memory Disclosure Heap Overflow
GraphicsMagick - Memory Disclosure Heap Overflow '''Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in GraphicsMagick. GraphicsMagick is “The swiss army knife of image processing. Comprised of 267K physical lines according to David A. Wheeler’s SLOCCount of...
Jnes 1.0.2 - Stack Buffer Overflow
Jnes 1.0.2 - Stack Buffer Overflow !/usr/bin/env python coding: utf-8 Exploit Title: Jnes Version 1.0.2 Stack Buffer Overflow Date: 3-11-2017 Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Vendor Homepage: http://www.jabosoft.com/home Software Link:...
Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting
Logitech Media Server 7.9.0 - Radio URL Cross-Site Scripting Exploit Title: Logitech Media Server : HTML code injection and execution. Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Version: 7.9.0...
Logitech Media Server 7.9.0 - favorites Cross-Site Scripting
Logitech Media Server 7.9.0 - favorites Cross-Site Scripting Exploit Title: Logitech Media Server : Persistent Cross Site ScriptingXSS Shodan Dork: Search Logitech Media Server Date: 11/03/2017 Exploit Author: Dewank Pant Vendor Homepage: www.logitech.com Software Link: download link if available...
Ladon Framework for Python 0.9.40 - XML External Entity Expansion
Ladon Framework for Python 0.9.40 - XML External Entity Expansion Advisory: XML External Entity Expansion in Ladon Webservice Attackers who can send SOAP messages to a Ladon webservice via the HTTP interface of the Ladon webservice can exploit an XML external entity expansion vulnerability and re...
Ipswitch WS_FTP Professional 12.6.0.3 - Local Buffer Overflow (SEH)
Ipswitch WSFTP Professional 12.6.0.3 - Local Buffer Overflow SEH !/usr/bin/python Title: Ipswitch WSFTP Professional Local Buffer Overflow SEH Author: Kevin McGuigan. Twitter: @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: https://www.ipswitch.com Date: 03/11/2017 Version:...
Debut Embedded HTTPd 1.20 - Denial of Service
Debut Embedded HTTPd 1.20 - Denial of Service Exploit Title: Remote un-authenticated DoS in Debut embedded httpd server in Brother printers Date: 11/02/2017 Exploit Author: z00n @0xz00n Vendor Homepage: http://www.brother-usa.com Version: = 1.20 CVE : CVE-2017-16249 Description: The Debut embedde...
Ingenious School Management System 2.3.0 - friend_index SQL injection
Ingenious School Management System 2.3.0 - friendindex SQL injection Exploit Title: Ingenious School Management System 2.3.0 - SQL injection Date: 01.11.2017 Vendor Homepage: http://iloveprograming.com/ Software Link: https://www.codester.com/items/4945/ingenious-school-management-system Demo:...
OctoberCMS 1.0.426 (Build 426) - Cross-Site Request Forgery
OctoberCMS 1.0.426 Build 426 - Cross-Site Request Forgery Exploit Title: OctoberCMS 1.0.426 - CSRF to Admin Account Takover Vendor Homepage: https://octobercms.com Software Link: https://octobercms.com/download Exploit Author: Zain Sabahat Website: https://about.me/ZainSabahat Category: webapps...
Cisco UCS Platform Emulator 3.1(2ePE1) - Remote Code Execution
Cisco UCS Platform Emulator 3.12ePE1 - Remote Code Execution Vulnerabilities Summary The following advisory describes two remote code execution vulnerabilities found in Cisco UCS Platform Emulator version 3.12ePE1. Cisco UCS Platform Emulator is the Cisco UCS Manager application bundled into a...
WhatsApp 2.17.52 - Memory Corruption
WhatsApp 2.17.52 - Memory Corruption !/usr/bin/env python -- coding: utf-8 -- Found this and more exploits on my open source security project: http://www.exploitpack.com Exploit Author: Juan Sacco at KPN Red Team - http://www.kpn.com Date and time of release: 11 October 2017 Tested on: iPhone 5/6...
Vir.IT eXplorer Anti-Virus 8.5.39 - VIAGLT64.SYS Local Privilege Escalation
Vir.IT eXplorer Anti-Virus 8.5.39 - VIAGLT64.SYS Local Privilege Escalation / Exploit Title - Vir.IT eXplorer Anti-Virus Arbitrary Write Privilege Escalation Date - 1st November 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.tgsoft.it Tested Version - 8.5.39 Driver...
ZyXEL PK5001Z Modem - Backdoor Account
ZyXEL PK5001Z Modem - Backdoor Account Exploit Title: ZyXEL PK5001Z Modem - CenturyLink Hardcoded admin and root Telnet Password. Google Dork: n/a Date: 2017-10-31 Exploit Author: Matthew Sheimo Vendor Homepage: https://www.zyxel.com/ Software Link: n/a Version: PK5001Z 2.6.20.19 Tested on: Linux...
WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection
WordPress Plugin Ultimate Product Catalog 4.2.24 - PHP Object Injection Exploit Title: WP Plugin Ultimate Product Catalog 4.2.24 PHP Object Injection Google Dork: NA Date: Okt 30 2017 Exploit Author: tomplixsee Author blog : cupuzone.wordpress.com Vendor Homepage:...
Job Board Script - nice_theme SQL Injection
Job Board Script - nicetheme SQL Injection Exploit Title: Job Board Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.nicephpscripts.com/ Software http://www.nicephpscripts.com/jobboardscript.htm Demo: http://www.nicephpscripts.com/scripts/faqscript/ Version: N/A...
Vastal I-Tech Dating Zone 0.9.9 - product_id SQL Injection
Vastal I-Tech Dating Zone 0.9.9 - productid SQL Injection Exploit Title: Vastal I-Tech Dating Zone 0.9.9 - 'productid' Parameter SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://vastal.com/ Software http://vastal.com/dating-zone-the-dating-software.html Demo:...
MyBuilder Clone 1.0 - subcategory SQL Injection
MyBuilder Clone 1.0 - subcategory SQL Injection Exploit Title: MyBuilder Clone 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.contractorscripts.com/ Software Link: http://order.contractorscripts.com/ Demo: http://demo.contractorscripts.com/ Version: 1.0 Category: Webap...
Joomla! Component NS Download Shop 2.2.6 - id SQL Injection
Joomla! Component NS Download Shop 2.2.6 - id SQL Injection Exploit Title: Joomla! Component NS Download Shop 2.2.6 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: https://nswd.co/ Software Link:...
iStock Management System 1.0 - Arbitrary File Upload
iStock Management System 1.0 - Arbitrary File Upload Exploit Title: iStock Management System 1.0 - Arbitrary File Upload Dork: N/A Date: 30.10.2017 Vendor Homepage: http://ikodes.com/ Software Link: https://codecanyon.net/item/istock-management-system/20405084 Demo:...
Protected Links - SQL Injection
Protected Links - SQL Injection Username Password...
D-Park Pro 1.0 - SQL Injection
D-Park Pro 1.0 - SQL Injection Username: Password:...
Nice PHP FAQ Script - nice_theme SQL Injection
Nice PHP FAQ Script - nicetheme SQL Injection Exploit Title: Nice PHP FAQ Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.nicephpscripts.com/ Software http://www.nicephpscripts.com/demophpscript-PHP-FAQ-Script-Knowledgebase-Script.htm Demo:...
Online Exam Test Application - sort SQL Injection
Online Exam Test Application - sort SQL Injection Exploit Title: Online Exam Test Application - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/1z2e4672468/php-scripts/online-exam-test-application Demo:...
Vastal I-Tech Agent Zone - searchCommercial.php searchResidential.php SQL Injection
Vastal I-Tech Agent Zone - searchCommercial.php searchResidential.php SQL Injection Exploit Title: Vastal I-Tech Agent Zone - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://vastal.com/ Software http://vastal.com/agent-zone-real-estate-script.html Demo:...
Mailing List Manager Pro 3.0 - SQL Injection
Mailing List Manager Pro 3.0 - SQL Injection Exploit Title: Mailing List Manager Pro 3.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.vote-pro.com/ Software Link: http://www.mailing-manager.com/demo.html Demo: http://www.mailing-manager.com/demo-gold/ Version: 3.0...
Sokial Social Network Script 1.0 - SQL Injection
Sokial Social Network Script 1.0 - SQL Injection Exploit Title: Sokial Social Network Script 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.sokial.net/ Software http://www.sokial.net/demonstrations-social-network.sk Demo: http://demo.sokial.net/ Version: 1.0 Category:...
Basic B2B Script - SQL Injection
Basic B2B Script - SQL Injection Exploit Title: Basic B2B Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/nC3F4570353/php-scripts/basic-b2b-script Demo:...
CPA Lead Reward Script - SQL Injection
CPA Lead Reward Script - SQL Injection...
Php Inventory - Arbitrary File Upload
Php Inventory - Arbitrary File Upload Exploit Title: Php Inventory & Invoice Management System - Arbitrary File Upload Dork: N/A Date: 30.10.2017 Vendor Homepage: http://savsofteproducts.com/ Software Link: http://www.phpinventory.com/ Demo: http://phpinventory.com/phpinventorydemo/ Version: N/A...
News 1.0 - SQL Injection
News 1.0 - SQL Injection Exploit Title: News Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/news-dynamic-newspaper-magazine-and-blog-cms-script/19656143 Demo: http://demo.geniusocean.com/news/...
Article Directory Script 3.0 - id SQL Injection
Article Directory Script 3.0 - id SQL Injection Exploit Title: Article Directory Script 3.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.yourarticlesdirectory.com/ Software Link: http://www.yourarticlesdirectory.com/ Demo: http://www.yourarticlesdirectory.com/livedemo.ph...
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure
Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure !/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$...
AROX School ERP PHP Script - id SQL Injection
AROX School ERP PHP Script - id SQL Injection Exploit Title: AROX School ERP PHP Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://arox.in/ Software Link: https://www.codester.com/items/4908/arox-school-erp-php-script Demo: http://erp1.arox.in/ Version: CVE-2017-15978...
Adult Script Pro 2.2.4 - SQL Injection
Adult Script Pro 2.2.4 - SQL Injection Exploit Title: Adult Script Pro 2.2.4 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.adultscriptpro.com/ Software Link: http://www.adultscriptpro.com/order.html Demo: http://www.adultscriptpro.com/demo.html Version: 2.2.4 Category:...
Website Broker Script - status_id SQL Injection
Website Broker Script - statusid SQL Injection Exploit Title: Website Broker Script - 'statusid' Parameter SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/UwCG4464436/php-scripts/website-broker-script...
PHP CityPortal 2.0 - SQL Injection
PHP CityPortal 2.0 - SQL Injection Exploit Title: PHP CityPortal 2.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.phpcityportal.com/ Software Link: http://www.phpcityportal.com/index.php Demo: http://phpcityportal.com/demo Version: 2.0 Category: Webapps Tested on:...
iTech Gigs Script 1.21 - SQL Injection
iTech Gigs Script 1.21 - SQL Injection Exploit Title: iTech Gigs Script 1.21 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/the-gigs-script/ Demo: http://gigs.itechscripts.com/ Version: 1.21 Category: Webapps Tested on:...
ZeeBuddy 2x - groupid SQL Injection
ZeeBuddy 2x - groupid SQL Injection Exploit Title: ZeeBuddy 2x - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.zeescripts.com/ Software Link: http://www.zeebuddy.com/ Demo: http://www.zeebuddy.com/demo/ Version: 2x Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
US Zip Codes Database - state SQL Injection
US Zip Codes Database - state SQL Injection Exploit Title: US Zip Codes Database Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://rowindex.com/ Software Link: https://www.codester.com/items/4898/us-zip-codes-database-php-script Demo: http://rowindex.com/demo/ Version: N/A...
Same Sex Dating Software Pro 1.0 - SQL Injection
Same Sex Dating Software Pro 1.0 - SQL Injection Exploit Title: Same Sex Dating Software Pro 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.softdatepro.com/ Software Link: https://codecanyon.net/item/same-date-pro-same-sex-dating-software/4530959 Demo:...
Ingenious 2.3.0 - Arbitrary File Upload
Ingenious 2.3.0 - Arbitrary File Upload Exploit Title: Ingenious School Management System 2.3.0 - Arbitrary File Upload Dork: N/A Date: 30.10.2017 Vendor Homepage: http://iloveprograming.com/ Software Link: https://www.codester.com/items/4945/ingenious-school-management-system Demo:...
Newspaper 1.0 - SQL Injection
Newspaper 1.0 - SQL Injection Exploit Title: Newspaper Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/mymagazine-fully-responsive-magazine-cms/19493325 Demo:...
PG All Share Video 1.0 - SQL Injection
PG All Share Video 1.0 - SQL Injection Exploit Title: PG All Share Video 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.pilotgroup.net/ Software Link: http://www.allsharevideo.com/features.php Demo: http://demo.allsharevideo.com/ Version: 1.0 Category: Webapps Tested o...
tPanel 2009 - Authentication Bypass
tPanel 2009 - Authentication Bypass Exploit Title: tPanel 2009 - Authentication Bypass Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.datacomponents.net/ Software Link: http://www.datacomponents.net/products/hosting/tpanel/ Demo: http://demo.datacomponents.net/tpanel/ Version: 2009...
iProject Management System 1.0 - ID SQL Injection
iProject Management System 1.0 - ID SQL Injection Exploit Title: iProject Management System 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://ikodes.com/ Software Link: https://codecanyon.net/item/iproject-management-system/20483358 Demo: http://project.ikodes.com/ikpms/...
MyMagazine 1.0 - id SQL Injection
MyMagazine 1.0 - id SQL Injection Exploit Title: MyMagazine Magazine & Blog CMS 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://geniusocean.com/ Software Link: https://codecanyon.net/item/mymagazine-bootstrap-newspaper-magazine-and-blog-cms-script/19620468 Demo:...