41207 matches found
Job Board Script - nice_theme SQL Injection
Job Board Script - nicetheme SQL Injection Exploit Title: Job Board Script - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.nicephpscripts.com/ Software http://www.nicephpscripts.com/jobboardscript.htm Demo: http://www.nicephpscripts.com/scripts/faqscript/ Version: N/A...
Adult Script Pro 2.2.4 - SQL Injection
Adult Script Pro 2.2.4 - SQL Injection Exploit Title: Adult Script Pro 2.2.4 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.adultscriptpro.com/ Software Link: http://www.adultscriptpro.com/order.html Demo: http://www.adultscriptpro.com/demo.html Version: 2.2.4 Category:...
PG All Share Video 1.0 - SQL Injection
PG All Share Video 1.0 - SQL Injection Exploit Title: PG All Share Video 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.pilotgroup.net/ Software Link: http://www.allsharevideo.com/features.php Demo: http://demo.allsharevideo.com/ Version: 1.0 Category: Webapps Tested o...
iProject Management System 1.0 - ID SQL Injection
iProject Management System 1.0 - ID SQL Injection Exploit Title: iProject Management System 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://ikodes.com/ Software Link: https://codecanyon.net/item/iproject-management-system/20483358 Demo: http://project.ikodes.com/ikpms/...
Same Sex Dating Software Pro 1.0 - SQL Injection
Same Sex Dating Software Pro 1.0 - SQL Injection Exploit Title: Same Sex Dating Software Pro 1.0 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://www.softdatepro.com/ Software Link: https://codecanyon.net/item/same-date-pro-same-sex-dating-software/4530959 Demo:...
Joomla! Component NS Download Shop 2.2.6 - id SQL Injection
Joomla! Component NS Download Shop 2.2.6 - id SQL Injection Exploit Title: Joomla! Component NS Download Shop 2.2.6 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: https://nswd.co/ Software Link:...
Uniview - Remote Command Execution Export Config (PoC)
Uniview - Remote Command Execution Export Config PoC STX Subject: Uniview RCE and export config PoC Researcher: bashis October 2017 Attack Vector: Remote Authentication: Anonymous no credentials needed Export config...
PHP Melody 2.6.1 - SQL Injection
PHP Melody 2.6.1 - SQL Injection + Author : Venkat Rajgor + Email : [email protected] + Vulnerability : SQL injection E-mail ID : [email protected] Download : http://www.phpsugar.com Web : http://www.phpsugar.com Price : $39 USD Vulnerable parameter: http://x.x.x.x/playlists.php?playlist=...
PHPMyFAQ 2.9.8 - Cross-Site Scripting (3)
PHPMyFAQ 2.9.8 - Cross-Site Scripting 3 Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vulnerability Date: 28-9-2017 Exploit Author: Nikhil Mittal Payatu Labs Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Version: 2.9.8 Tested on: MAC OS CVE :...
MitraStar DSL-100HN-T1GPT-2541GNAC - Privilege Escalation
MitraStar DSL-100HN-T1GPT-2541GNAC - Privilege Escalation Exploit Title: Privilege escalation MitraStar routers Date: 28-10-2017 Exploit Author: j0lama Vendor Homepage: http://www.mitrastar.com/ Provider Homepage: https://www.movistar.com/ Models affected: MitraStar DSL-100HN-T1 and MitraStar...
Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow (PoC)
Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow PoC / Sync Breeze Enterprise BOF - Ivan Ivanovic Ivanov Иван-дурак недействительный 31337 Team / define WINSOCKDEPRECATEDNOWARNINGS define DEFAULTBUFLEN 512 include include include include DWORD SendRequestchar request, int requestsize WSADA...
phpMyFAQ 2.9.8 - Cross-Site Request Forgery
phpMyFAQ 2.9.8 - Cross-Site Request Forgery Exploit Title: phpMyFAQ 2.9.8 CSRF Vulnerability Date: 27-9-2017 Exploit Author: Nikhil Mittal Payatu Labs Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Version: 2.9.8 Tested on: MAC OS CVE :...
Tizen Studio 1.3 Smart Development Bridge 2.3.2 - Buffer Overflow (PoC)
Tizen Studio 1.3 Smart Development Bridge 2.3.2 - Buffer Overflow PoC Exploit Title: Smart Development Bridge =2.3.2 part of Tizen Studio 1.3 Windows x86/x64 - Buffer Overflow PoC Date: 22.10.17 Exploit Author: Marcin Kopec Vendor Homepage: https://developer.tizen.org/ Software Link:...
Watchdog Development Anti-Malware Online Security Pro - NULL Pointer Dereference
Watchdog Development Anti-Malware Online Security Pro - NULL Pointer Dereference / Exploit Title - Watchdog Development Anti-Malware/Online Security Pro Null Pointer Dereference Date - 26th October 2017 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - https://www.watchdogdevelopment.com/...
HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow
HitmanPro 3.7.15 Build 281 - Kernel Pool Overflow Exploit-CVE-2017-6008 The CVE-2017-6008 is a vulnerability in the HitmanPro scan that allows privilege escalation by exploiting a kernel pool buffer overflow. The exploits here use the Quota Process Pointer Overwrite attack as described in the...
KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS...
KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting
KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform:...
PHPMailer 5.2.21 - Local File Disclosure
PHPMailer 5.2.21 - Local File Disclosure Exploit Title: PHPMailer SetFrom$POST"your-email", $POST"your-name"; $address = "admin@localhost"; $mail-AddAddress$address, "root"; if isset$POST'cc' $mail-AddCC$POST"your-email", $POST"your-name"; $mail-Subject = "PHPMailer MsgHTML$POST"your-message";...
FS Thumbtack Clone - ser SQL Injection
FS Thumbtack Clone - ser SQL Injection Exploit Title: FS Thumbtack Clone - 'ser' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/thumbtack-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 ...
FS Trademe Clone - id SQL Injection
FS Trademe Clone - id SQL Injection Exploit Title: FS Trademe Clone - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/trademe-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS...
Mura CMS 6.2 - Server-Side Request Forgery XML External Entity Injection
Mura CMS 6.2 - Server-Side Request Forgery XML External Entity Injection Exploit Title: Mura CMS before 6.2 SSRF + XXE Date: 30-10-2017 Exploit Author: Anthony Cole Vendor Homepage: http://www.getmura.com/ Version: before 6.2 Contact: http://twitter.com/acole76 Website: http://twitter.com/acole76...
FS Realtor Clone - id SQL Injection
FS Realtor Clone - id SQL Injection Exploit Title: FS Realtor Clone - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/realtor-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS...
FS Monster Clone - id SQL Injection
FS Monster Clone - id SQL Injection Exploit Title: FS Monster Clone - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/monster-clone/ Version: 24 October 17 Tested on: Kali Linux 2.0 | Mac OS...
FS Crowdfunding Script - id SQL Injection
FS Crowdfunding Script - id SQL Injection Exploit Title: FS Crowdfunding Script - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/crowdfunding-script/ Version: 24 October 17 Tested on: Kali...
FS Care Clone - sitterService SQL Injection
FS Care Clone - sitterService SQL Injection Exploit Title: FS Care Clone - 'sitterService' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/care-clone/ Version: 24 October 17 Tested on: Kali Linux...
FS Shutter Stock Clone - keywords SQL Injection
FS Shutter Stock Clone - keywords SQL Injection Exploit Title: FS Shutter Stock Clone - 'keywords' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/shutterstock-clone/ Version: 24 October 17 Teste...
FS Ebay Clone - pd_maincat_id SQL Injection
FS Ebay Clone - pdmaincatid SQL Injection Exploit Title: FS Ebay Clone - SQL Injection Date: 2017-10-23 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/ebay-clone/ Version: 23 October 17 Tested on: Kali Linux 2.0 | Mac OS...
FS Indiamart Clone - keywords SQL Injection
FS Indiamart Clone - keywords SQL Injection Exploit Title: FS Indiamart Clone - SQL Injection Date: 2017-10-23 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/indiamart-clone/ Version: 23 October 17 Tested on: Kali Linux 2.0 |...
FS OLX Clone - catg_id SQL Injection
FS OLX Clone - catgid SQL Injection Exploit Title: FS OLX Clone - SQL Injection Date: 2017-10-23 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/olx-clone/ Version: 23 October 17 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Emai...
FS Groupon Clone - category SQL Injection
FS Groupon Clone - category SQL Injection Exploit Title: FS Groupon Clone - SQL Injection Date: 2017-10-23 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/groupon-clone/ Version: 23 October 17 Tested on: Kali Linux 2.0 | Mac O...
FS Food Delivery Script - keywords SQL Injection
FS Food Delivery Script - keywords SQL Injection Exploit Title: FS Food Delivery Script - SQL Injection Date: 2017-10-23 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/food-delivery/ Version: 23 October 17 Tested on: Kali Lin...
FS Book Store Script - category SQL Injection
FS Book Store Script - category SQL Injection Exploit Title: FS Book Store Script - SQL Injection Date: 2017-10-23 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/book-store-script/ Version: 23 October 17 Tested on: Kali Linux...
K7 Total Security 15.1.0.305 - Device Driver Arbitrary Memory Read
K7 Total Security 15.1.0.305 - Device Driver Arbitrary Memory Read Vulnerability Summary The following advisory describes an Crash found in K7 Total Security. Credit An independent security researcher, Kyriakos Economou aka @kyREcon, has reported this vulnerability to Beyond Security’s SecuriTeam...
Kaltura 13.2.0 - Remote Code Execution
Kaltura 13.2.0 - Remote Code Execution !/usr/bin/env python Kaltura = 13.1.0 RCE CVE-2017-14143 https://telekomsecurity.github.io/2017/09/kaltura-rce.html $ python kalturarce.py "https://example.com" 0xxxxxxxx "system'id'" host: https://example.com entryid: 0xxxxxxxx code: system'id' + sending...
FS Amazon Clone - category_id SQL Injection
FS Amazon Clone - categoryid SQL Injection Exploit Title: FS Amazon Clone - SQL Injection Date: 2017-10-23 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/amazon-clone/ Version: 23 October 17 Tested on: Kali Linux 2.0 | Mac OS...
FS Lynda Clone - category SQL Injection
FS Lynda Clone - category SQL Injection Exploit Title: FS Lynda Clone - SQL Injection Date: 2017-10-23 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/lynda-clone/ Version: 23 October 17 Tested on: Kali Linux 2.0 | Mac OS...
FS Car Rental Script - pickup_location SQL Injection
FS Car Rental Script - pickuplocation SQL Injection Exploit Title: FS Car Rental Script - SQL Injection Date: 2017-10-23 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/car-rental-script/ Version: 23 October 17 Tested on: Kali...
Mikogo 5.4.1.160608 - Local Credentials Disclosure
Mikogo 5.4.1.160608 - Local Credentials Disclosure !/usr/bin/env python Mikogo 5.4.1.160608 Local Credentials Disclosure Vendor: Snapview GmbH Product web page: https://www.mikogo.com Affected version: 5.4.1.160608 Summary: Mikogo is a desktop sharing software application for web conferencing and...
FS Freelancer Clone - sk SQL Injection
FS Freelancer Clone - sk SQL Injection Exploit Title: FS Freelancer Clone - SQL Injection Date: 2017-10-23 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/freelancer-clone/ Version: 23 October 17 Tested on: Kali Linux 2.0 | Ma...
FS Expedia Clone - hid SQL Injection
FS Expedia Clone - hid SQL Injection Exploit Title: FS Expedia Clone - SQL Injection Date: 2017-10-23 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/expedia-clone/ Version: 23 October 17 Tested on: Kali Linux 2.0 | Mac OS...
CometChat 6.2.0 BETA 1 - Local File Inclusion
CometChat 6.2.0 BETA 1 - Local File Inclusion Exploit Title: CometChat Vendor Homepage: https://cometchat.com/ Version: 6.2.0 BETA 1 Tested on: Ubuntu Linux 14.04 -------------------------------------------------------------------------------------- In versions of CometChat before version v6.2.0...
WordPress Plugin Polls 1.2.4 - SQL Injection (PoC)
WordPress Plugin Polls 1.2.4 - SQL Injection PoC Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Vulnerable version:Download Link : https://downloads.wordpress.org/plugin/polls-widget.1.2.4.zip //////////////////////// /// Overview: //////////////////////// WordPress Polls...
Linux Kernel 4.14.0-rc4+ - waitid() Local Privilege Escalation
Linux Kernel 4.14.0-rc4+ - waitid Local Privilege Escalation define GNUSOURCE include include include include include include include struct cred; struct taskstruct; typedef struct cred preparekernelcredt struct taskstruct daemon attributeregparm3; typedef int commitcredst struct cred new...
Ayukov NFTP FTP Client 2.0 - Remote Buffer Overflow
Ayukov NFTP FTP Client 2.0 - Remote Buffer Overflow !/usr/bin/env python coding: utf-8 Description: The vulnerability was discovered during a vulnerability research lecture. This is meant to be a PoC. Exploit Title: Ayukov NFTP FTP Client - Buffer Overflow Date: 2017-10-21 Exploit Author: Berk Ce...
ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service
ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service !/usr/bin/env python coding: utf-8 Description: The vulnerability was discovered during a vulnerability research lecture. Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU...
Sync Breeze Enterprise 10.1.16 - POST Remote Buffer Overflow
Sync Breeze Enterprise 10.1.16 - POST Remote Buffer Overflow !/usr/bin/python import socket try: print "\nSending evil buffer..." shellcode = "\xba\x31\x13\x39\xe4\xdb\xd3\xd9\x74\x24\xf4\x5e\x33\xc9\xb1" "\x52\x31\x56\x12\x03\x56\x12\x83\xdf\xef\xdb\x11\xe3\xf8\x9e"...
Axis SSI - Remote Command Execution Read Files
Axis SSI - Remote Command Execution Read Files STX Subject: SSI Remote Execute and Read Files Researcher: bashis August 2016 Release date: October, 2017 Old stuff that I've forgotten, fixed Q3/2016 by Axis Attack Vector: Remote Authentication: Anonymous no credentials needed Conditions: The cam...
Mozilla Firefox 55 - Denial of Service
Mozilla Firefox 55 - Denial of Service Exploit Title: Mozilla Firefox Firefox Lockout Vulnerability"; //Content to be forcibly viewed echo ""; //End echo "setTimeout"location.href ='".$location."';",10000;"; ? Solution: Update to version 55 https://www.mozilla.org/en-US/firefox/55.0/releasenotes/...
Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection
Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MS-WINDOWS-GAME-DEFINITION-FILE-MAKER-v6.3.9600-XML-EXTERNAL-ENTITY.txt + ISR: ApparitionSec...
Linksys E Series - Multiple Vulnerabilities
Linksys E Series - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Linksys E series, see "Vulnerable / tested versions" vulnerable version: see "Vulnerable /...