41207 matches found
Restaurant Website Script 1.0 - SQL Injection
Restaurant Website Script 1.0 - SQL Injection Exploit Title: Restaurant Website Script 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/small-business/restaurant-website-script Demo: http://restaurant.scriptzee.com/ Version:...
Topsites Script 1.0 - Cross-Site Request Forgery PHP Code Injection
Topsites Script 1.0 - Cross-Site Request Forgery PHP Code Injection Meta Tags File Footer File...
Job Board Software 1.0 - SQL Injection
Job Board Software 1.0 - SQL Injection Exploit Title: Job Board Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/job-board-software Demo: http://jobsite.scriptzee.com/ Version: 1.0 Category: Webapps...
Escort Marketplace 1.0 - SQL Injection
Escort Marketplace 1.0 - SQL Injection Exploit Title: Escort Website Script 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/escort-website Demo: http://escortwebsite.scriptzee.com/ Version: 1.0 Category: Webapps Tested on:...
Professional Service Booking 1.0 - SQL Injection
Professional Service Booking 1.0 - SQL Injection Exploit Title: Professional Service Booking Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/professional-service-booking-engine Demo:...
Babysitter Website Script 1.0 - SQL Injection
Babysitter Website Script 1.0 - SQL Injection Exploit Title: Babysitter Website Script 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/babysitter-website Demo: http://babysitter.scriptzee.com/ Version: 1.0...
Just Dial Marketplace 1.0 - SQL Injection
Just Dial Marketplace 1.0 - SQL Injection Exploit Title: Just Dial Marketplace Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/just-dial-marketplace Demo: http://classified.scriptzee.com/ Version: 1....
Online Print Business 1.0 - SQL Injection
Online Print Business 1.0 - SQL Injection Exploit Title: Online Print Business Software 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/online-print-business Demo: http://onlineprintbssiness.scriptzee.com/...
My Builder Marketplace 1.0 - SQL Injection
My Builder Marketplace 1.0 - SQL Injection Exploit Title: My Builder Marketplace Script 1.0 - SQL Injection Dork: N/A Date: 09.09.2017 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/best-softwares/my-builder-marketplace Demo: http://mybuilderjobs.scriptzee.com/ Version...
Apache Struts 2.0.1 2.3.33 2.5 2.5.10 - Arbitrary Code Execution
Apache Struts 2.0.1 2.3.33 2.5 2.5.10 - Arbitrary Code Execution import requests import sys from urllib import quote def exploiturl: res = requests.geturl, timeout=10 if res.statuscode == 200: print "+ Response: ".formatstrres.text print "\n+ Exploit Finished!" else: print "\n! Exploit Failed!" i...
Online Invoice System 3.0 - SQL Injection
Online Invoice System 3.0 - SQL Injection Exploit Title: Online Invoice System 3.0 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.onlineinvoicesystem.com/ Software Link: http://www.onlineinvoicesystem.com/indexv3.html Demo:...
Huawei HG255s - Directory Traversal
Huawei HG255s - Directory Traversal Exploit Title: Server Directory Traversal at Huawei HG255s Date: 07.09.2017 Exploit Author: Ahmet Mersin Vendor Homepage: www.huawei.com Software Link: Not published this modem just used by Turkey Version: V100R001C163B025SP02 POC:...
HiSilicon DVR Devices - Remote Code Execution
HiSilicon DVR Devices - Remote Code Execution !/usr/bin/env python2 pwn hisilicon dvr web service from pwn import from time import sleep import re import argparse import os parser = argparse.ArgumentParserdescription='exploit HiSilicon DVR devices' parser.addargument'--rhost', help='target host',...
EzInvoice 6.02 - SQL Injection
EzInvoice 6.02 - SQL Injection Exploit Title: EzInvoice - Invoice Management System 6.0.2 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.mysticdreams.net/ Software Link: http://www.mysticdreams.net/resources/ezinvoicedemo.zip Demo:...
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting Exploit Title: XSS persistent on intelbras router with firmware WRN 250 Date: 07/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150Mbps - WRN 240 Tested on: kali linux, windows...
EzBan 5.3 - id SQL Injection
EzBan 5.3 - id SQL Injection Exploit Title: EzBan - Banner Management System 5.3 - SQL Injection Dork: N/A Date: 07.09.2017 Vendor Homepage: http://www.mysticdreams.net/ Software Link: http://www.mysticdreams.net/resources/ezbandemo.zip Demo: http://www.mysticdreams.net/products/ezban/ Version: 5...
McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution
McAfee LiveSafe 16.0.3 - Man In The Middle Registry Modification Leading to Remote Command Execution Vulnerabilities Summary The following advisory describes a Remote Command Execution found in McAfee McAfee LiveSafe MLS versions prior to 16.0.3. The vulnerability allows network attackers to modi...
Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery (Update Admin)
Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery Update Admin Exploit Title: Pay Banner Text Link Ad 1.0.6.1 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link:...
Apache Struts 2.5 2.5.12 - REST Plugin XStream Remote Code Execution
Apache Struts 2.5 2.5.12 - REST Plugin XStream Remote Code Execution Exploit Title: Struts 2.5 - 2.5.12 REST Plugin XStream RCE Google Dork: filetype:action Date: 06/09/2017 Exploit Author: Warflop Vendor Homepage: https://struts.apache.org/ Software Link:...
Advertiz PHP Script 0.2 - Cross-Site Request Forgery (Update Admin)
Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin Exploit Title: Advertiz PHP Script 0.2 - Cross-Site Request Forgery Update Admin User&Pass Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link:...
Cory Support - pr SQL Injection
Cory Support - pr SQL Injection Exploit : Cory Support pr SQL Injection Vulnerability Author : v3n0m Contact : v3n0matoutlookdotcom Date : September, 06-2017 GMT +7:00 Jakarta, Indonesia Developer : Cory App Software : Cory Support App Link : http://coryapp.com/?product&index Demo :...
Pay Banner Text Link Ad 1.0.6.1 - SQL Injection
Pay Banner Text Link Ad 1.0.6.1 - SQL Injection Exploit Title: Pay Banner Text Link Ad 1.0.6.1 - SQL Injection Dork: N/A Date: 06.09.2017 Vendor Homepage: http://www.dijiteol.com/ Software Link: http://www.dijiteol.com/p-Pay-Banner-Textlink-Ad-Pay-Banner-Advertisement-PHP-Script-i-1.html Demo:...
Tor (Linux) - X11 Linux Sandbox Breakout
Tor Linux - X11 Linux Sandbox Breakout / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1293&desc=2 EDIT: I mixed up two different sandboxes; see the comment below for a correction. From inside the Linux sandbox described in , it is still possible to talk to the X server withou...
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation (1)
Jungo DriverWizard WinDriver 12.4.0 - Kernel Pool Overflow Local Privilege Escalation 1 -- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Pool Overflow Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1: 3527cc974ec885166f0d96f6aedc8e542bb66cba...
Jungo DriverWizard WinDriver 12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation
Jungo DriverWizard WinDriver 12.4.0 - Kernel Out-of-Bounds Write Privilege Escalation -- coding: utf-8 -- """ Jungo DriverWizard WinDriver Kernel Out-of-Bounds Write Privilege Escalation Vulnerability Download: http://www.jungo.com/st/products/windriver/ File: WD1240.EXE Sha1:...
Ultimate HR System 1.2 - Directory Traversal Cross-Site Scripting
Ultimate HR System 1.2 - Directory Traversal Cross-Site Scripting Exploit Title: HRM - Workable Zone : Ultimate HR System Last Name Other vulnerable fields include: First Name, Contact Number Unauthenticated Directory Traversal:...
The Car Project 1.0 - SQL Injection
The Car Project 1.0 - SQL Injection Exploit Title: The Car Project 1.0 - SQL Injection Dork: N/A Date: 05.09.2017 Vendor Homepage: http://thecarproject.org/ Software Link: http://thecarproject.org/thecarproject.zip Demo: http://www.thecarproject.org/cp Version: 1.0 Category: Webapps Tested on:...
A2billing 2.x - SQL Injection
A2billing 2.x - SQL Injection Title : A2billing 2.x , Sql injection vulnerability Vulnerable software : A2billing 2.x Author : Ahmed sultan 0x4148 Email : [email protected] Linkedin : https://www.linkedin.com/in/0x4148/ If you're looking for deep technical stuff , overcoming sanitization/hardening...
FiberHome ADSL AN1020-25 - Improper Access Restrictions
FiberHome ADSL AN1020-25 - Improper Access Restrictions Title: ==== FiberHome Unauthenticated ADSL Router Factory Reset. Credit: ====== Name: Ibad Shah Twitter: @BeeFaauBee09 Website: beefaaubee09.github.io CVE: ===== CVE-2017-14147 Date: ==== 05-09-2017 dd/mm/yyyy About FiberHome: ====== FiberHo...
Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution
Mongoose Web Server 6.5 - Cross-Site Request Forgery Remote Code Execution + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MONGOOSE-WEB-SERVER-v6.5-CSRF-COMMAND-EXECUTION.txt + ISR: apparitionSec Vendor: ===============...
Wireless Repeater BE126 - Remote Code Execution
Wireless Repeater BE126 - Remote Code Execution Exploit Title: WIFI Repeater BE126 – Remote Code Execution Date Publish: 09/09/2017 Exploit Authors: Hay Mizrachi, Omer Kaspi Contact: [email protected], [email protected] Vendor Homepage: http://www.twsz.com Category: Webapps Version: 1.0 Teste...
CodeMeter 6.50 - Cross-Site Scripting
CodeMeter 6.50 - Cross-Site Scripting Document Title: =============== Wibu Systems AG CodeMeter 6.50 - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2074 ID: FB49498 Acknowledgements:...
A2billing 2.x - Backup File Download Remote Code Execution
A2billing 2.x - Backup File Download Remote Code Execution Title : A2billing 2.x , Unauthenticated Backup dump / RCE flaw Vulnerable software : A2billing 2.x Author : Ahmed Sultan 0x4148 Email : [email protected] Home : 0x4148.com Linkedin : https://www.linkedin.com/in/0x4148/ A2billing contain...
iGreeting Cards 1.0 - SQL Injection
iGreeting Cards 1.0 - SQL Injection Exploit Title: iGreeting Cards 1.0 - SQL Injection Dork: N/A Date: 04.09.2017 Vendor Homepage: http://coryapp.com/ Software Link: http://coryapp.com/?product&index Demo: http://coryapp.com/demo/greetingcards/ Version: 1.0 Category: Webapps Tested on:...
Dup Scout Enterprise 9.9.14 - Input Directory Local Buffer Overflow
Dup Scout Enterprise 9.9.14 - Input Directory Local Buffer Overflow !/usr/bin/python Exploit Title : Dup Scout Enterprise v9.9.14 - 'Input Directory' Local Buffer Overflow Date : 04 Sept, 2017 Exploit Author : Touhid M.Shaikh - www.touhidshaikh.com Contact : https://github.com/touhidshaikh Vendor...
RubyGems 2.6.13 - Arbitrary File Overwrite
RubyGems 2.6.13 - Arbitrary File Overwrite There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a...
Joomla! Component Survey Force Deluxe 3.2.4 - invite SQL Injection
Joomla! Component Survey Force Deluxe 3.2.4 - invite SQL Injection Exploit Title: Joomla! Component Survey Force Deluxe 3.2.4 - SQL Injection Dork: N/A Date: 03.09.2017 Vendor Homepage: http://joomplace.com/ Software Link:...
Joomla! Component CheckList 1.1.0 - SQL Injection
Joomla! Component CheckList 1.1.0 - SQL Injection Exploit Title: Joomla! Component CheckList 1.1.0 - SQL Injection Dork: N/A Date: 03.09.2017 Vendor Homepage: http://joomplace.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/personal-life/checklist/ Demo:...
IBM Notes 8.5.x9.0.x - Denial of Service
IBM Notes 8.5.x9.0.x - Denial of Service Exploit Title: IBM Notes is affected by a denial of service vulnerability Date: 31 August 2017 Software Link: https://www-01.ibm.com/support/docview.wss?uid=swg24037141 Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website:...
Lotus Notes Diagnostic Tool 8.59.0 - Local Privilege Escalation
Lotus Notes Diagnostic Tool 8.59.0 - Local Privilege Escalation Exploit Title: Lotus Notes Diagnostic Tool nsd.exe Privelege Escalation Date: 02-09-2017 Exploit Author: ParagonSec Website: https://github.com/paragonsec Version: 8.5 & 9.0 Tested on: Windows 7 Enterprise CVE: CVE-2015-0179 Vendor C...
OpenJPEG - mqc.c Heap Buffer Overflow
OpenJPEG - mqc.c Heap Buffer Overflow DESCRIPTION An Out-of-Bounds Write issue can be occurred in function opjmqcbyteout of mqc.c during executing opjcompress. This issue was caused by a malformed BMP file. CREDIT This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB. TESTED VERSION...
WordPress Plugin Participants Database 1.7.5.10 - Cross-Site Scripting
WordPress Plugin Participants Database 1.7.5.10 - Cross-Site Scripting Exploit Title: Wordpress Plugin Participants Database 1.7.5.10 - XSS Google Dork: inurl:wp-content/plugins/participants-database/ Date: 01-Sep-17 Exploit Author: Benjamin Lim Vendor Homepage: https://xnau.com/ Software Link:...
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass
Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-102...
Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection
Joomla! Component Huge-IT Video Gallery 1.0.9 - SQL Injection Exploit Title Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Google Dork: if applicable Date: 2016-09-15 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-video-gallery/...
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection Exploit Title Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 Date: 2016-09-16 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-portfolio-gallery/ Software Link...
Sitefinity CMS 9.2 - Cross-Site Scripting
Sitefinity CMS 9.2 - Cross-Site Scripting Exploit Title: Stored Cross Site Scripting XSS in Progress Sitefinity CMS 9.2 Date: Aug 31, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitefinity.com/ Tested on: Progress Sitefinity CMS 9.2 and lower CVE : NA Vendor Description...
IBM Notes 8.5.x9.0.x - Denial of Service (Metasploit)
IBM Notes 8.5.x9.0.x - Denial of Service Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "IBM Notes encodeURI DOS", 'Description' = %q This module exploits a vulnerability in the nati...
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.7 - SQL Injection Exploit Title Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Date: 2016-09-16 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-catalog/ Software Link: Version: 1.0.7...
IBM Notes 8.5.x9.0.x - Denial of Service (2)
IBM Notes 8.5.x9.0.x - Denial of Service 2 Exploit Title: IBM Notes is affected by a denial of service vulnerability Date: 31 August 2017 Software Link: http://www-01.ibm.com/support/docview.wss?uid=swg21999384 Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website:...
Invoice Manager 3.1 - Cross-Site Request Forgery (Add Admin)
Invoice Manager 3.1 - Cross-Site Request Forgery Add Admin ======================================================== Invoice Manager v3.1 Cross site request forgery Add Admin Description : Invoice Manager v3.1 is vulnerable to CSRF attack No CSRF token in place which if an admin user can be tricke...