41207 matches found
My Builder Marketplace 1.0 - SQL Injection
My Builder Marketplace 1.0 - SQL Injection Exploit Title: My Builder Marketplace Script 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/my-builder-marketplace Demo: http://mybuilderjobs.scriptzee.com/ Version...
Babysitter Website Script 1.0 - SQL Injection
Babysitter Website Script 1.0 - SQL Injection Exploit Title: Babysitter Website Script 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/babysitter-website Demo: http://babysitter.scriptzee.com/ Version: 1.0...
Topsites Script 1.0 - Cross-Site Request Forgery PHP Code Injection
Topsites Script 1.0 - Cross-Site Request Forgery PHP Code Injection Meta Tags File Footer File...
Online Print Business 1.0 - SQL Injection
Online Print Business 1.0 - SQL Injection Exploit Title: Online Print Business Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/online-print-business Demo: http://onlineprintbssiness.scriptzee.com/...
Just Dial Marketplace 1.0 - SQL Injection
Just Dial Marketplace 1.0 - SQL Injection Exploit Title: Just Dial Marketplace Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/just-dial-marketplace Demo: http://classified.scriptzee.com/ Version: 1....
Job Board Software 1.0 - SQL Injection
Job Board Software 1.0 - SQL Injection Exploit Title: Job Board Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/job-board-software Demo: http://jobsite.scriptzee.com/ Version: 1.0 Category: Webapps...
Escort Marketplace 1.0 - SQL Injection
Escort Marketplace 1.0 - SQL Injection Exploit Title: Escort Website Script 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/escort-website Demo: http://escortwebsite.scriptzee.com/ Version: 1.0 Category: Webapps Tested on:...
Professional Service Booking 1.0 - SQL Injection
Professional Service Booking 1.0 - SQL Injection Exploit Title: Professional Service Booking Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/professional-service-booking-engine Demo:...
Law Firm 1.0 - SQL Injection
Law Firm 1.0 - SQL Injection Exploit Title: Law Firm Website Script 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/small-business/law-firm-website Demo: http://lawwebsite.scriptzee.com/ Version: 1.0 Category: Webapps Teste...
Apache Struts 2.0.1 2.3.33 2.5 2.5.10 - Arbitrary Code Execution
Apache Struts 2.0.1 2.3.33 2.5 2.5.10 - Arbitrary Code Execution import requests import sys from urllib import quote def exploiturl: res = requests.geturl, timeout=10 if res.statuscode == 200: print "+ Response: ".formatstrres.text print "\n+ Exploit Finished!" else: print "\n! Exploit Failed!" i...
Huawei HG255s - Directory Traversal
Huawei HG255s - Directory Traversal Exploit Title: Server Directory Traversal at Huawei HG255s Date: 07.09.2017 Exploit Author: Ahmet Mersin Vendor Homepage: www.huawei.com Software Link: Not published this modem just used by Turkey Version: V100R001C163B025SP02 POC:...
EzBan 5.3 - id SQL Injection
EzBan 5.3 - id SQL Injection Exploit Title: EzBan - Banner Management System 5.3 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.mysticdreams.net/ Software Link: http://www.mysticdreams.net/resources/ezbandemo.zip Demo: http://www.mysticdreams.net/products/ezban/ Version: 5...
EzInvoice 6.02 - SQL Injection
EzInvoice 6.02 - SQL Injection Exploit Title: EzInvoice - Invoice Management System 6.0.2 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.mysticdreams.net/ Software Link: http://www.mysticdreams.net/resources/ezinvoicedemo.zip Demo:...
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting Exploit Title: XSS persistent on intelbras router with firmware WRN 250 Date: 07/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150Mbps - WRN 240 Tested on: kali linux, windows...
Online Invoice System 3.0 - SQL Injection
Online Invoice System 3.0 - SQL Injection Exploit Title: Online Invoice System 3.0 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.onlineinvoicesystem.com/ Software Link: http://www.onlineinvoicesystem.com/indexv3.html Demo:...
HiSilicon DVR Devices - Remote Code Execution
HiSilicon DVR Devices - Remote Code Execution !/usr/bin/env python2 pwn hisilicon dvr web service from pwn import from time import sleep import re import argparse import os parser = argparse.ArgumentParserdescription='exploit HiSilicon DVR devices' parser.addargument'--rhost', help='target host',...
McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution
McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution Vulnerabilities Summary The following advisory describes a Remote Command Execution found in McAfee McAfee LiveSafe MLS versions prior to 16.0.3. The vulnerability allows network attackers to modi...
Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)
Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin Exploit Title: Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link:...
Tor (Linux) - X11 Linux Sandbox Breakout
Tor Linux - X11 Linux Sandbox Breakout / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1293&desc=2 EDIT: I mixed up two different sandboxes; see the comment below for a correction. From inside the Linux sandbox described in , it is still possible to talk to the X server withou...
Pay Banner Text Link Ad 1.0.6.1 - SQL Injection
Pay Banner Text Link Ad 1.0.6.1 - SQL Injection Exploit Title: Pay Banner Text Link Ad 1.0.6.1 - SQL Injection Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Pay-Banner-Textlink-Ad-Pay-Banner-Advertisement-PHP-Script-i-1.html Demo:...
Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin)
Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery Update Admin Exploit Title: Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link:...
Cory Support - pr SQL Injection
Cory Support - pr SQL Injection Exploit : Cory Support pr SQL Injection Vulnerability Author : v3n0m Contact : v3n0matoutlookdotcom Date : September, 06-2017 GMT +7:00 Jakarta, Indonesia Developer : Cory App Software : Cory Support App Link : http://coryapp.com/?product&index Demo :...
Jungo DriverWizard WinDriver 12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation
Jungo DriverWizard WinDriver 12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation -- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1:...
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation (1)
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation 1 -- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Pool Overflow Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba...
Apache Struts 2.5 2.5.12 - REST Plugin XStream Remote Code Execution
Apache Struts 2.5 2.5.12 - REST Plugin XStream Remote Code Execution Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link:...
FiberHome ADSL AN1020-25 - Improper Access Restrictions
FiberHome ADSL AN1020-25 - Improper Access Restrictions Title: ==== FiberHome Unauthenticated ADSL Router Factory Reset. Credit: ====== Name: Ibad Shah Twitter: @BeeFaauBee09 Website: beefaaubee09.github.io CVE: ===== CVE-2017-14147 Date: ==== 05-09-2017 dd/mm/yyyy About FiberHome: ====== FiberHo...
Ultimate HR System 1.2 - Directory Traversal Cross-Site Scripting
Ultimate HR System 1.2 - Directory Traversal Cross-Site Scripting Exploit Title: HRM - Workable Zone : Ultimate HR System Last Name Other vulnerable fields include: First Name, Contact Number Unauthenticated Directory Traversal:...
The Car Project 1.0 - SQL Injection
The Car Project 1.0 - SQL Injection Exploit Title: The Car Project 1.0 - SQL Injection Dork: N/A Date: 05.09.2017 Vendor Homepage: http://thecarproject.org/ Software Link: http://thecarproject.org/thecarproject.zip Demo: http://www.thecarproject.org/cp Version: 1.0 Category: Webapps Tested on:...
A2billing 2.x - SQL Injection
A2billing 2.x - SQL Injection Title : A2billing 2.x , Sql injection vulnerability Vulnerable software : A2billing 2.x Author : Ahmed sultan 0x4148 Email : [email protected] Linkedin : https://www.linkedin.com/in/0x4148/ If you're looking for deep technical stuff , overcoming sanitization/hardening...
Wireless Repeater BE126 - Remote Code Execution
Wireless Repeater BE126 - Remote Code Execution Exploit Title: WIFI Repeater BE126 – Remote Code Execution Date Publish: 09/09/2017 Exploit Authors: Hay Mizrachi, Omer Kaspi Contact: [email protected], [email protected] Vendor Homepage: http://www.twsz.com Category: Webapps Version: 1.0 Teste...
CodeMeter 6.50 - Cross-Site Scripting
CodeMeter 6.50 - Cross-Site Scripting Document Title: =============== Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2074 ID: FB49498 Acknowledgements:...
Dup Scout Enterprise 9.9.14 - Input Directory Local Buffer Overflow
Dup Scout Enterprise 9.9.14 - Input Directory Local Buffer Overflow !/usr/bin/python Exploit Title : Dup Scout Enterprise v9.9.14 - 'Input Directory' Local Buffer Overflow Date : 04 Sept, 2017 Exploit Author : Touhid M.Shaikh - www.touhidshaikh.com Contact : https://github.com/touhidshaikh Vendor...
iGreeting Cards 1.0 - SQL Injection
iGreeting Cards 1.0 - SQL Injection Exploit Title: iGreeting Cards 1.0 - SQL Injection Dork: N/A Date: 04.09.2017 Vendor Homepage: http://coryapp.com/ Software Link: http://coryapp.com/?product&index Demo: http://coryapp.com/demo/greetingcards/ Version: 1.0 Category: Webapps Tested on:...
RubyGems 2.6.13 - Arbitrary File Overwrite
RubyGems 2.6.13 - Arbitrary File Overwrite There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a...
Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution
Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt + ISR: apparitionSec Vendor: ===============...
A2billing 2.x - Backup File Download Remote Code Execution
A2billing 2.x - Backup File Download Remote Code Execution Title : A2billing 2.x , Unauthenticated Backup dump / RCE flaw Vulnerable software : A2billing 2.x Author : Ahmed Sultan 0x4148 Email : [email protected] Home : 0x4148.com Linkedin : https://www.linkedin.com/in/0x4148/ A2billing contain...
Joomla! Component Survey Force Deluxe 3.2.4 - invite SQL Injection
Joomla! Component Survey Force Deluxe 3.2.4 - invite SQL Injection Exploit Title: Joomla! Component Survey Force Deluxe 3.2.4 - SQL Injection Dork: N/A Date: 03.09.2017 Vendor Homepage: http://joomplace.com/ Software Link:...
Joomla! Component CheckList 1.1.0 - SQL Injection
Joomla! Component CheckList 1.1.0 - SQL Injection Exploit Title: Joomla! Component CheckList 1.1.0 - SQL Injection Dork: N/A Date: 03.09.2017 Vendor Homepage: http://joomplace.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/personal-life/checklist/ Demo:...
Lotus Notes Diagnostic Tool 8.59.0 - Local Privilege Escalation
Lotus Notes Diagnostic Tool 8.59.0 - Local Privilege Escalation Exploit Title: Lotus Notes Diagnostic Tool nsd.exe Privelege Escalation Date: 02-09-2017 Exploit Author: ParagonSec Website: https://github.com/paragonsec Version: 8.5 & 9.0 Tested on: Windows 7 Enterprise CVE: CVE-2015-0179 Vendor C...
IBM Notes 8.5.x9.0.x - Denial of Service
IBM Notes 8.5.x9.0.x - Denial of Service Exploit Title: IBM Notes is affected by a denial of service vulnerability Date: 31 August 2017 Software Link: https://www-01.ibm.com/support/docview.wss?uid=swg24037141 Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website:...
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-102...
OpenJPEG - mqc.c Heap Buffer Overflow
OpenJPEG - mqc.c Heap Buffer Overflow DESCRIPTION An Out-of-Bounds Write issue can be occurred in function opjmqcbyteout of mqc.c during executing opjcompress. This issue was caused by a malformed BMP file. CREDIT This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB. TESTED VERSION...
WordPress Plugin Participants Database 1.7.5.10 - Cross-Site Scripting
WordPress Plugin Participants Database 1.7.5.10 - Cross-Site Scripting Exploit Title: Wordpress Plugin Participants Database 1.7.5.10 - XSS Google Dork: inurl:wp-content/plugins/participants-database/ Date: 01-Sep-17 Exploit Author: Benjamin Lim Vendor Homepage: https://xnau.com/ Software Link:...
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection Exploit Title Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Date: 2016-09-16 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-catalog/ Software Link: Version: 1.0.7...
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection Exploit Title Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 Date: 2016-09-16 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-portfolio-gallery/ Software Link...
IBM Notes 8.5.x9.0.x - Denial of Service (2)
IBM Notes 8.5.x9.0.x - Denial of Service 2 Exploit Title: IBM Notes is affected by a denial of service vulnerability Date: 31 August 2017 Software Link: http://www-01.ibm.com/support/docview.wss?uid=swg21999384 Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website:...
Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection
Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection Exploit Title Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Google Dork: if applicable Date: 2016-09-15 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-video-gallery/...
Sitefinity CMS 9.2 - Cross-Site Scripting
Sitefinity CMS 9.2 - Cross-Site Scripting Exploit Title: Stored Cross Site Scripting XSS in Progress Sitefinity CMS 9.2 Date: Aug 31, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitefinity.com/ Tested on: Progress Sitefinity CMS 9.2 and lower CVE : NA Vendor Description...
IBM Notes 8.5.x9.0.x - Denial of Service (Metasploit)
IBM Notes 8.5.x9.0.x - Denial of Service Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "IBM Notes encodeURI DOS", 'Description' = %q This module exploits a vulnerability in the nati...
Oracle Java JDKJRE 1.8.0.131 Apache Xerces 2.11.0 - PDFDocx Server Side Denial of Service
Oracle Java JDKJRE 1.8.0.131 Apache Xerces 2.11.0 - PDFDocx Server Side Denial of Service Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Oracle Java JDK/JRE 1.8.0.131 and previous versions packages and Apache Xerces 2.11.0 The vulnerabilities are: Oracle...