41207 matches found
Matrimonial Script - SQL Injection
Matrimonial Script - SQL Injection Exploit Title: Matrimonial Script - SQL Injection Dork: N/A Date: 22.08.2017 Vendor Homepage: http://www.scubez.net/ Software Link: http://www.mscript.in/ Demo: http://www.mscript.in/matrimonial-demo.html Version: N/A Category: Webapps Tested on:...
Disk Pulse Enterprise 9.9.16 - Import Command Local Buffer Overflow
Disk Pulse Enterprise 9.9.16 - Import Command Local Buffer Overflow !/usr/bin/python Exploit Title : Disk Pulse Enterprise 9.9.16 - 'Import Command' Buffer Overflow Discovery by : Anurag Srivastava Email : [email protected] Website : www.pyramidcyber.com Discovery Date : 21/08/20...
Automated Logic WebCTRL 6.1 - Path Traversal Arbitrary File Write
Automated Logic WebCTRL 6.1 - Path Traversal Arbitrary File Write Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write Vendor: Automated Logic Corporation Product web page: http://www.automatedlogic.com Affected version: ALC WebCTRL, SiteScan Web 6.1 and prior ALC WebCTRL, i-Vu 6.0 and...
(Bitcoin Dogecoin) PHP Cloud Mining Script - Authentication Bypass
Bitcoin Dogecoin PHP Cloud Mining Script - Authentication Bypass Exploit Title: Bitcoin,Dogecoin Mining 1.0 - Authentication Bypass Dork: N/A Date: 21.08.2017 Vendor Homepage: https://codecanyon.net/user/bousague Software Link: https://codecanyon.net/item/bitcoindogecoin-mining-php-script/2031558...
PHP Coupon Script 6.0 - cid SQL Injection
PHP Coupon Script 6.0 - cid SQL Injection Exploit Title: PHP Coupon Script 6.0 - 'cid' Parameter SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://www.couponscript.com/ Software Link: http://www.couponscript.com/ Demo: http://www.couponscript.com/demo/ Version: 6.0 Category: Webapp...
Joomla! Component Ajax Quiz 1.8 - SQL Injection
Joomla! Component Ajax Quiz 1.8 - SQL Injection Exploit Title: Joomla! Component Ajax Quiz 1.8 - SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://webkul.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/education-a-culture/ajaxquiz/ Demo:...
PDF-XChange Viewer 2.5 Build 314.0 - Code Execution
PDF-XChange Viewer 2.5 Build 314.0 - Code Execution Exploit Title: PDF-XChange Viewer 2.5 Build 314.0 Javascript API Remote Code Execution Exploit Powershell PDF Exploit Creation Date: 21-08-2017 Software Link 32bit: http://pdf-xchange-viewer.it.uptodown.com/windows Exploit Author: Daniele Votta...
iTech Social Networking Script 3.08 - SQL Injection
iTech Social Networking Script 3.08 - SQL Injection Exploit Title: iTech Social Networking Script 3.08 - SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/social-networking-script/ Demo: http://social.itechscripts.com Version...
PHP Jokesite 2.0 - joke_id SQL Injection
PHP Jokesite 2.0 - jokeid SQL Injection Exploit Title: PHP Jokesite 2.0 - 'jokeid' Parameter SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://www.scriptdemo.com/ Software Link: http://www.scriptdemo.com/details/phpjokesite2/ Demo: http://www.scriptdemo.com/php-jokesite/ver2.0/...
Apache2Triad 1.5.4 - Multiple Vulnerabilities
Apache2Triad 1.5.4 - Multiple Vulnerabilities + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/APACHE2TRIAD-SERVER-STACK-v1.5.4-MULTIPLE-CVE.txt + ISR: ApparitionSec Vendor: =============== apache2triad.net...
Joomla! Component FocalPoint 1.2.3 - SQL Injection
Joomla! Component FocalPoint 1.2.3 - SQL Injection Exploit Title: Joomla! Component FocalPoint Pro / Free v1.2.3 - SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://focalpointx.com/ Software Link: http://focalpointx.com/demos/focalpoint-pro Demo:...
PHPMyWind 5.3 - Cross-Site Scripting
PHPMyWind 5.3 - Cross-Site Scripting Exploit Title:PHPMyWind 5.3 has XSS Exploit Author:小雨 Vendor Homepage:http://phpmywind.com Software Link:http://phpmywind.com/downloads/PHPMyWind5.3.zip Version:5.3 CVE:CVE-2017-12984 $r= $dosql-GetOne"SELECT Maxorderid AS orderid FROM @message"; $orderid=...
PHP-Lance 1.52 - subcat SQL Injection
PHP-Lance 1.52 - subcat SQL Injection Exploit Title: PHP-Lance 1.52 - 'subcat' Parameter SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://www.scriptdemo.com/ Software Link: http://www.scriptdemo.com/details/phplance/ Demo: http://www.scriptdemo.com/php-lance/ Version: 1.52 Categor...
Joomla! Component Flip Wall 8.0 - wallid SQL Injection
Joomla! Component Flip Wall 8.0 - wallid SQL Injection Exploit Title: Joomla! Component Flip Wall 8.0 - SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://pulseextensions.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/sponsors/flip-wall/ Demo...
Joomla! Component Sponsor Wall 8.0 - SQL Injection
Joomla! Component Sponsor Wall 8.0 - SQL Injection Exploit Title: Joomla! Component Sponsor Wall 8.0 - SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: http://pulseextensions.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/sponsors/sponsor-wall/...
Affiliate Niche Script 3.4.0 - SQL Injection
Affiliate Niche Script 3.4.0 - SQL Injection Exploit Title: Affiliate Niche Script 3.4.0 SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: https://scriptoffice.com/ Software Link: https://soft.scriptoffice.com/projects/affiliatenichescript/wiki/MainMenu Demo:...
PHP Classifieds Script 5.6.2 - SQL Injection
PHP Classifieds Script 5.6.2 - SQL Injection Exploit Title: PHP Classifieds Script 5.6.2 SQL Injection Dork: N/A Date: 21.08.2017 Vendor Homepage: https://scriptoffice.com/ Software Link: https://soft.scriptoffice.com/projects/classifiedscript/wiki/MainMenu Demo: http://www.classifieddemo.com/...
Easy DVD Creater 2.5.11 - Local Buffer Overflow (SEH)
Easy DVD Creater 2.5.11 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title: Easy DVD Creater 2.5.11 - 'Enter User Name' Field Buffer Overflow SEH Date: 19-08-2017 Exploit Author: Anurag Srivastava Website: www.pyramidcyber.com Vulnerable Software: Easy DVD Creater Vendor Homepage:...
Apple macOS Sierra 10.12.1 - IOFireWireFamily FireWire Port Denial of Service
Apple macOS Sierra 10.12.1 - IOFireWireFamily FireWire Port Denial of Service / IOFireWireFamily-overflow.c Brandon Azad Buffer overflow reachable from IOFireWireUserClient::localConfigDirectoryPublish. Download:...
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow
WebKitGTK 2.1.2 Ubuntu 14.04 - Heap based Buffer Overflow CVE-2014-1303 PoC for Linux CVE-2014-1303 WebKit Heap based BOF proof of concept for Linux. This repository demonstrates the WebKit heap based buffer overflow vulnerability CVE-2014-1303 on Linux. NOTE: Original exploit is written for Mac ...
ZKTime Web Software 2.0 - Improper Access Restrictions
ZKTime Web Software 2.0 - Improper Access Restrictions Exploit Title: ZKTime Web Software 2.0 - Broken Authentication CVE-ID: CVE-2017-14680 Vendor Homepage: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 2.0.1.12280 Category:...
iTech Movie Script 7.51 - SQL Injection
iTech Movie Script 7.51 - SQL Injection Exploit Title: iTech Movie Script 7.51 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/movie-portal-script/ Demo: http://movie-portal.itechscripts.com/ Version: 7.51 Category:...
iTech Caregiver Script 2.71 - SQL Injection
iTech Caregiver Script 2.71 - SQL Injection Exploit Title: iTech Caregiver Script 2.71 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/caregiver-script/ Demo: http://caregiver.itechscripts.com/ Version: 2.71 Category:...
eCardMAX 10.5 - SQL Injection
eCardMAX 10.5 - SQL Injection Exploit Title: eCardMAX 10.5 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : https://www.ecardmax.com/ Software Link: https://www.ecardmax.com/home/ecardmax/ Demo: https://ecardmax.com/ecardmaxdemo/ Version: 10.5 Category: Webapps Tested on:...
LiveProjects 1.0 - SQL Injection
LiveProjects 1.0 - SQL Injection Exploit Title: LiveProjects 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/liveprojects-complete-project-management-crm/10436800 Demo: http://liveprojects.livecrm.co/livecrm/web/...
MessengerScan 1.05 - Local Buffer Overflow (PoC)
MessengerScan 1.05 - Local Buffer Overflow PoC !/usr/bin/python Exploit Title : MessengerScan v1.05 Hostname/IP Field SEH/EIP Overwrite POC Discovery by : Anurag Srivastava Email : [email protected] Discovery Date : 18/08/2017 Software Link :...
Joomla! Component Appointment 1.1 - SQL Injection
Joomla! Component Appointment 1.1 - SQL Injection Exploit Title: Joomla! Component Appointment v1.1 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extensions/extension/appointment/ Demo:...
Joomla! Component SP Movie Database 1.3 - SQL Injection
Joomla! Component SP Movie Database 1.3 - SQL Injection Exploit Title: Joomla! Component SP Movie Database 1.3 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://joomshaper.com/ Software Link:...
iTech Multi Vendor Script 6.63 - SQL Injection
iTech Multi Vendor Script 6.63 - SQL Injection Exploit Title: iTech Multi Vendor Script 6.63 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/multi-vendor-shopping-script/ Demo: http://multi-vendor.itechscripts.com/...
iTech Freelancer Script 5.27 - SQL Injection
iTech Freelancer Script 5.27 - SQL Injection Exploit Title: iTech Freelancer Script 5.27 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/freelancer-script/ Demo: http://freelance.itechscripts.com/ Version: 5.27 Category:...
DeWorkshop 1.0 - Arbitrary File Upload
DeWorkshop 1.0 - Arbitrary File Upload Exploit Title: DeWorkshop 1.0 - Arbitrary File Upload Dork: N/A Date: 18.08.2017 Vendor Homepage : https://sarutech.com/ Software Link: https://codecanyon.net/item/deworkshop-auto-workshop-portal/20336737 Demo: https://demo.sarutech.com/deworkshop/ Version:...
iTech Travel Script 9.49 - SQL Injection
iTech Travel Script 9.49 - SQL Injection Exploit Title: iTech Travel Script 9.49 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/travel-portal-script/ Demo: http://travelportal.itechscripts.com/ Version: 9.49 Category:...
DSScan 1.0 - Local Buffer Overflow (PoC)
DSScan 1.0 - Local Buffer Overflow PoC !/usr/bin/python Exploit Title : DSScan v1.0 Hostname/IP Field SEH Overwrite POC Discovery by : Anurag Srivastava Email : [email protected] Website : http://pyramidcyber.com/ Discovery Date : 18/08/2017 Software Link :...
iTech Image Sharing Script 4.13 - SQL Injection
iTech Image Sharing Script 4.13 - SQL Injection Exploit Title: iTech Image Sharing Script 4.13 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/image-sharing-script/ Demo: http://photo-sharing.itechscripts.com/ Version:...
iTech Classifieds Script 7.41 - SQL Injection
iTech Classifieds Script 7.41 - SQL Injection Exploit Title: iTech Classifieds Script 7.41 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/classifieds-script/ Demo: http://classifieds.itechscripts.com/ Version: 7.41...
iTech B2B Script 4.42 - SQL Injection
iTech B2B Script 4.42 - SQL Injection Exploit Title: Itech B2B Script 4.42 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/c/B2B/ Demo: http://b2b.itechscripts.com/ Version: 4.42 Category: Webapps Tested on:...
Mozilla Firefox 45.0 - nsHtml5TreeBuilder Use-After-Free (EMET 5.52 Bypass)
Mozilla Firefox 45.0 - nsHtml5TreeBuilder Use-After-Free EMET 5.52 Bypass CVE-2016-1960 / Exploit Title: Mozilla Firefox . 1 https://bugzilla.mozilla.org/showbug.cgi?id=1246014 2 https://ftp.mozilla.org/pub/firefox/releases/44.0.2/win32/en-US/ / "use strict"; / This is executed after having pivot...
NoviFlow NoviWare NW400.2.6 - Multiple Vulnerabilities
NoviFlow NoviWare NW400.2.6 - Multiple Vulnerabilities NoviFlow NoviWare = NW400.2.6 multiple vulnerabilities Introduction ========== NoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant switch software developed by NoviFlow and available for license to network equipment...
Joomla! Component Zap Calendar Lite 4.3.4 - SQL Injection
Joomla! Component Zap Calendar Lite 4.3.4 - SQL Injection Exploit Title: Joomla! Component Zap Calendar Lite 4.3.4 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: https://zcontent.net/ Software Link:...
Joomla! Component Twitch Tv 1.1 - SQL Injection
Joomla! Component Twitch Tv 1.1 - SQL Injection Exploit Title: Joomla! Component Twitch Tv 1.1 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://www.raindropsinfotech.com/ Software Link:...
SOA School Management 3.0 - SQL Injection
SOA School Management 3.0 - SQL Injection Exploit Title: SOA School Management 3.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : https://ynetinteractive.com/ Software Link:...
LiveSales 1.0 - SQL Injection
LiveSales 1.0 - SQL Injection Exploit Title: LiveSales 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/livesales-complete-sales-management-crm/20243171 Demo: http://livesales.livecrm.co/livecrm/web/ Version: 1.0...
LiveSupport 1.0 - SQL Injection
LiveSupport 1.0 - SQL Injection Exploit Title: LiveSupport 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/livesupport-complete-ticketing-system-crm/20243447 Demo: http://livesupport.livecrm.co/livecrm/web/ Version: 1....
LiveCRM 1.0 - SQL Injection
LiveCRM 1.0 - SQL Injection Exploit Title: LiveCRM 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/livecrm-complete-business-management-solution/20249151 Demo: http://demo.livecrm.co/livecrm/web/ Version: 1.0 Category:...
iTech Dating Script 3.40 - SQL Injection
iTech Dating Script 3.40 - SQL Injection Exploit Title: iTech Dating Script 3.40 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/dating-script/ Demo: http://dating.itechscripts.com/ Version: 3.40 Category: Webapps Tested...
ZKTime Web Software 2.0 - Cross-Site Request Forgery
ZKTime Web Software 2.0 - Cross-Site Request Forgery Exploit Title: ZKTime Web Software 2.0 - Cross Site Request Forgery CVE-ID: CVE-2017-13129 Vendor Homepage: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 2.0.1.12280 Category:...
iTech Job Script 9.27 - SQL Injection
iTech Job Script 9.27 - SQL Injection Exploit Title: iTech Job Script 9.27 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/job-portal-script/ Demo: http://job-portal.itechscripts.com/ Version: 9.27 Category: Webapps Test...
Joomla! Component KissGallery 1.0.0 - SQL Injection
Joomla! Component KissGallery 1.0.0 - SQL Injection Exploit Title: Joomla! Component KissGallery 1.0.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://terrywcarter.com/ Software Link: https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/kissgallery/ Demo...
Matrimony Script 2.7 - SQL Injection
Matrimony Script 2.7 - SQL Injection Exploit Title: Matrimony Script 2.7 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://www.matrimony-script.com/ Software Link: http://www.matrimony-script.com/php-matrimony-software.html Demo: http://www.matrimonysearch.com/ Version: 2.7...
Joomla! Component Calendar Planner 1.0.1 - SQL Injection
Joomla! Component Calendar Planner 1.0.1 - SQL Injection Exploit Title: Joomla! Component Calendar Planner 1.0.1 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://joomlathat.com/ Software Link:...