50702 matches found
aSgbookPHP 1.9 Cross Site Scripting
================================= aSgbookPHP v1.9 XSS Vulnerability ================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=0 0 . .--. .--. .---. . 1 1 .'| / | 0 0 | --: --: / .-.| .-. . . 1 1 | / | | | 0 0 '---' --' --' ' -'--'---| 1 1 ; 0 0 Site : 1337day.com -' ...
PHPDug 2.0.0 Cross Site Scripting / Denial Of Service
======================================================================================== | Title : PHPDug version 2.0.0 Cross Site Scripting Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | Total alerts...
@lex Guestbook Cross Site Scripting
============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || ============================================================================== » Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi...
Sad Raven Guetbook 1.1 passwd.dat Disclosure
!/usr/bin/python Portal Name: Sad Raven's Guestbook version: 1.1 Google Dork: sad Raven's Guestbook Exploit Coded by: PouyaServer Exploit Discovered by: PouyaServer Contact Me: [email protected] import urllib import sys import parser serv="http://" i=0 for arg in sys.argv: i=i+1 if i!=3: pri...
cpdynalinks-sql.txt
!/usr/bin/perl cpDynaLinks 1.02 Remote Sql Inyection exploit download: http://www.cplinks.com/download/cpdynalinks/cpdynalinksversion102full.zip bug found by s0cratex exploit written by ka0x D.O.M TEAM 2007 d0rk: Powered by cpDynaLinks need magicquotesgpc off contact: ka0x@domlabs: perl...
phpizabi-traverse.txt
PHPizabi v0.848b traversal file access Vendor url:http://www.phpizabi.net/ Advisore:http://lostmon.blogspot.com/2008/08/ phpizabi-v0848b-traversal-file-access.html Vendor notify:no exploit available:yes Description By vendor page: PHPizabi is one of the most powerful social networking platforms o...
indexscript-sql.txt
Site: http://indexscript.com Found By: xssvgamer Google Dork: allintext: "This site is powered by IndexScript" exploit: http://www.example.com/showcat.php?catid=-1 UNION ALL SELECT login,password FROM dirlogin / Blind SQL injection in indexscript.. Vul Code: "$sql = "select name, metatitle,...
PHPDug 2.0.0 Cross Site Scripting
´´´´´´´´´´´´´´´´´´´´´¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶¶´´´´´´´´´´´´´´´´´´´´´ ´´´´´´´´´´´´´´´´´¶¶¶¶¶¶´´´´´´´´´´´´´¶¶¶¶¶¶¶´´´´´´´´´´´´´´´´ ´´´´´´´´´´´´´´¶¶¶¶´´´´´´´´´´´´´´´´´´´´´´´¶¶¶¶´´´´´´´´´´´´´´ ´´´´´´´´´´´´´¶¶¶´´´´´´´´´´´´´´´´´´´´´´´´´´´´´¶¶´´´´´´´´´´´´ ´´´´´´´´´´´´¶¶´´´´´´´´´ ´´´´´´´´´´´´´´´´´´´´´´¶¶´´´´´´´´´...
easylink-sql.txt
================================================================================ easyLink V1.1.0 detail.php Remote SQL Injection Vulnerability ================================================================================ Discovered By: Egypt Coder home : WWW.Sec-Area.com Mail:...
Joomla DatsoGallery 3.4.4 SQL Injection
Exploit Title : Joomla DatsoGallery Components 3.4.4 SQL Injection Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 14/02/2019 Vendor Homepage : datso.fr Software Download Link : datso.fr/products.html Software Information Link :...
Apache 2.4.x Buffer Overflow
Exploit Title: Apache 2.4.x - Buffer Overflow Date: Jan 2 2023 Exploit Author: Sunil Iyengar Vendor Homepage: https://httpd.apache.org/ Software Link: https://archive.apache.org/dist/httpd/ Version: Any version less than 2.4.51. Tested on 2.4.50 and 2.4.51 Tested on: Server Kali, Client MacOS...
OpenSSH Forwarded SSH-Agent Remote Code Execution
Qualys Security Advisory CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent ======================================================================== Contents ======================================================================== Summary Background Experiments Results...
OpenSSH Server regreSSHion Remote Code Execution
Qualys Security Advisory regreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems CVE-2024-6387 ======================================================================== Contents ======================================================================== Summary SSH-2.0-OpenSSH3.4p1 Debian...
WikkaWiki 1.3.2 Spam Logging PHP Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "WikkaWiki 1.3.2...
indexu-xss.txt
vulnerability script indexu all versions Found by :SwEET-DeViL & viP HaCkEr & HaCkEr sUn TeaM AL-GaRNi Application : indexu version : all versions URL : http://www.nicecoder.com/ google : "Powered by INDEXU 5." Exploits : |//1\| in upgrade.php...
elgg 1.5 Local File Inclusion
Product: elgg.org Version: dbname,$mysqldblink 48: if $simplecacheenabled || $override 49: $filename = $dataroot . 'viewssimplecache/' . md5$viewtype . $view; 51: $contents = filegetcontents$filename; 56: else 59: $contents = elggview$view; /lib/elgglib.php: 237: function elggview$view, .. 317:...
myUPB 2.2.6 Local File Inclusion
=============== altbta ====================== Name: myUPB = v2.2.6 Multiple Vulnerabilities Download: http://sourceforge.net/projects/textmb/files/UPB/ Vulnerability: CSRF privilege escalation Tested on: 2.2.6 Author : altbta [email protected] Dork: "Powered by myUPB" ================= backup exploi...
PhpLinks SQL Injection
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...
Apache 2.4.55 mod_proxy HTTP Request Smuggling
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
deV!L'z Clanportal 1.5 Remote File Inclusion
======================================================================================== | Title : deV!Lz Clanportal V1.5 Mullti Vulnerability | Author : indoushka | email : [email protected] | Home : www.iqs3cur1ty.com/vb | Script : CMS © 2005 - 2010 by deV!Lz Clanportal - supported by...
ArticleBeach-2.0.txt
------------------------------------------------------------------------------ ArticleBeach Script = 2.0 page Remote File Inclusion Vulnerability ------------------------------------------------------------------------------ Author : Zeni Susanto a.k.a Bithedz Date Found : October, 22th 2006...
Esotalk CMS Cross Site Scripting
/ Exploit Title: esotalk cms topics xss vulnerability Google Dork: powered by esotalk Date: 2014-11-01 Vul Author: Evi1m0ff0000team Vul Advisory: http://www.hackersoul.com/post/ff0000-hsdb-0006.html Vendor Homepage: http://esotalk.org/ Software Link: http://esotalk.org/download Tested on: Linux /...
SSHtranger Things SCP Client File Issue
Exploit Title: SSHtranger Things Date: 2019-01-17 Exploit Author: Mark E. Haase Vendor Homepage: https://www.openssh.com/ Software Link: download link if available Version: OpenSSH 7.6p1 Tested on: Ubuntu 18.04.1 LTS CVE : CVE-2019-6111, CVE-2019-6110 ''' Title: SSHtranger Things Author: Mark E...
OpenSSH 7.2 Denial Of Service
Title : OpenSSH before 7.3 Crypt CPU Consumption DoS Vulnerability Author : Kashinath T [email protected] www.secpod.com Vendor : http://www.openssh.com/ Software : http://www.openssh.com/ Version : OpenSSH before 7.3 Tested on : Ubuntu 16.04 LTS, Centos 7 CVE : CVE-2016-6515 Date : 20-10-201...
nginx 1.20.0 DNS Resolver Off-By-One Heap Write
Advisory X41-2021-002: nginx DNS Resolver Off-by-One Heap Write Vulnerability ============================================================================= Severity Rating: High Confirmed Affected Versions: 0.6.18 - 1.20.0 Confirmed Patched Versions: 1.21.0, 1.20.1 Vendor: F5, Inc. Vendor URL:...
Nostromo 1.9.6 Directory Traversal / Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nostromo Directory Traversal Remote Command Execution', 'Description' = %q This module exploits a remote command execution vulnerability in...
PHPFox 3.6.0 Cross Site Scripting
------------------------------------------------------------ Exploit Title: PHPFox v3.6.0 build6 Multiple Cross-Site Scripting vulnerabilities ------------------------------------------------------------ Author: BHG Security Center Date: Saturday, October 12, 2013 Vendor: http://www.phpfox.com...
clipshare26-passwd.txt
!/usr/bin/perl -w priv8 Pr0metheuS Exploit Name: Clipshare Remote User Password Change Exploit Version Script: Clipshare 2.6 Dork: "Powered by Clipshare" EnjoY print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"; print "\nClipshare 2.6 Remote User Passord Change Exploit\n"; print "\nBy...
Webid 1.0.6 File Disclosure / SQL Injection
Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability Google Dork: intext:"Powered by WeBid" Author: Ahmed Aboul-Ela Contact: Ahmed.Aboul3laatgmaildotcom Vendor: http://www.webidsupport.com/ Software Link:...
PhpFox 3.0.1 Cross Site Scripting
Exploit Title: phpFox Version 3.0.1 Cross site Scripting Vulnerability Google Dork: Intext:"Powered By phpFox Version 3.0.1" Date: 09/04/2012 Author: Crim3R & Ajax Security Team Home : Http://WwW.AjaxTm.com/ Vendor Home : http://www.phpfox.com/ Tested on: all ================================== +...
PHP Weby Directory Software 1.2 SQL Injection / Cross Site Request Forgery
=========================================== Vulnerable Software: PHP Weby directory software version 1.2 Vendor: http://phpweby.com Download: htp://phpweby.com/down/phpwebydirectory.zip Vuln: Blind SQL injection && CSRF Dork: intext:Powered by PHP weby software...
Online Guestbook Pro SQL Injection
Begin :D Online Guestbook Pro display Blind SQL Injection Vulnerability Author: Hussin X Home : WwW.IQ-TY.CoM email: darkangelg85atYahooDoTcom script : http://www.esoftpro.com/webscriptsonlineguestbookpro.php DorK : Powered by Online Guestbook Pro Demo :...
phpLinks Cross Site Scripting
Exploit Title: PhpLinks Cross Site Scripting Vulnerability Date: 2013 15 September Author: Arsan Vendor Homepage: www.newphplinks.com Version : All Version Tested on: Linux & Windows Category: webapps Google Keywords: inurl:"/index.php?PID=" intext:"Powered By phpLinks" + Exploit :...
jQuery 1.2 Cross Site Scripting
Exploit Title: jQuery 1.2 - Cross-Site Scripting XSS Date: 04/29/2020 Exploit Author: Central InfoSec Version: jQuery versions greater than or equal to 1.2 and before 3.5.0 CVE : CVE-2020-11022 Proof of Concept 1:...
Clip Share 4.1.4 Cross Site Scripting
==================================================================================================================================== | Title : Clip Share 4.1.4 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.264-bit | | Vendor :...
jQuery 1.0.3 Cross Site Scripting
Exploit Title: jQuery 1.0.3 - Cross-Site Scripting XSS Date: 04/29/2020 Exploit Author: Central InfoSec Version: jQuery versions greater than or equal to 1.0.3 and before 3.5.0 CVE : CVE-2020-11023 Proof of Concept 1: Proof of Concept 2 Only jQuery 3.x affected: "...
sitesift-sql.txt
powered by Site Sift scripts SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 BLOG : http://my.opera.com/SQL-Injection/blog/ MAiL : [email protected] DORK 1 : powered by Site Sift DORK 2 : allinurl: "index php go addpage" DORK 2 : allinurl: "index.php?go=deta...
vlBookXSS.txt
vlBook 1.02 Advisory ==================== Date: ----- 2005 June 23 Product: -------- vlBook 1.02 © 2005 Vendor: ------- http://vlab.info/ Descriptions: ------------- The vlbook is a free, open source and light-weight guestbook written in PHP using flat files to store messages and settings. It com...
Vitalex Computers SRO Tvorba Skolnich Webu 1.0 SQL Injection
Exploit Title : Vitalex Computers SRO Tvorba A!kolnAch webu 1.0 SQL Injection Exploit Author Discovered By : KingSkrupellos Date : 30/12/2018 Vendor Homepages : vitalex.cz Google Dork 1 : intext:'' Vitalex Computers - Tvorba A!kolnAch webu'' site:cz Google Dork 2 :...
OpenSSH User Enumeration
!/usr/bin/env python2 CVE-2018-15473 SSH User Enumeration by Leap Security @LeapSecurity https://leapsecurity.io Credits: Matthew Daley, Justin Gardner, Lee David Painter import argparse, logging, paramiko, socket, sys, os class InvalidUsernameException: pass malicious function to malform packet...
pliggcms-sql.txt
|| | | Pligg Beta 9.9.0 id Remote SQL Injection Vulnerability | | |---------------------Hussin X----------------------| | | Author: Hussin X | | Home : www.tryag.cc/cc | | email: darkangelg85atYahooDoTcom | | | | | | | | script : http://www.pligg.com/ | | DorK : Powered By Pligg | Legal: License...
Microsoft Windows MS17-010 SMB Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework auxiliary/scanner/smb/smbms17010 require 'msf/core' class MetasploitModule 'MS17-010 SMB RCE Detection', 'Description' = %q Uses information disclosure to determine if...
Orion Elite Hidden IP Browser Pro 7.9 OpenSSL / Tor / Man-In-The-Middle
Exploit Title: Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities Date: 14/Jul/17 Exploit Author: MaXe Vendor Homepage: http://www.orionbrowser.com && https://www.linkedin.com/company-beta/18034392/ &&...
SPIP 4.2.1 Remote Code Execution
!/usr/bin/env python3 -- coding: utf-8 -- Exploit Title: SPIP v4.2.1 - Remote Code Execution Unauthenticated Google Dork: inurl:"/spip.php?page=login" Date: 19/06/2023 Exploit Author: nuts7 https://github.com/nuts7/CVE-2023-27372 Vendor Homepage: https://www.spip.net/ Software Link:...
Request-Baskets 1.2.1 Server-Side Request Forgery
Exploit Title: Request-Baskets v1.2.1 - Server-side request forgery SSRF Exploit Author: Iyaad Luqman K init6 Application: Request-Baskets v1.2.1 Tested on: Ubuntu 22.04 CVE: CVE-2023-27163 PoC !/bin/bash if "$" -lt 2 || "$1" = "-h" || "$1" = "--help" ; then help="Usage: exploit.sh \n\n";...
CARPE (DIEM) Apache 2.4.x Local Privilege Escalation
?php CARPE DIEM: CVE-2019-0211 Apache Root Privilege Escalation Charles Fol @cfreal 2019-04-08 INFOS https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html USAGE 1. Upload exploit to Apache HTTP server 2. Send request to page 3. Await 6:25AM for logrotate to restart Apache 4...
PHP Melody 1.0 Cross Site Request Forgery
PHP Melody 1.9 CSRF vulnerabilitie ------------------------------------------------------------ == Description == - Software link: http://www.dl.seven7soft.net/script/PHPMELODY1.9.zip - Affected versions: version 1.9 .other versions might be affected as well. - Vulnerability discovered by: Mehdi...
OpenSSH Arbitrary Library Loading
OpenSSH: agent protocol permits loading arbitrary libraries CVE-2016-10009 The OpenSSH agent permits its clients to load PKCS11 providers using the commands SSHAGENTCADDSMARTCARDKEY and SSHAGENTCADDSMARTCARDKEYCONSTRAINED if OpenSSH was compiled with the ENABLEPKCS11 flag normally enabled and the...
clipshare301-sql.txt
// / / / Clipshare / / / / Remote SQL Injection Vulnerability / / / / / // AUTHOR : SuNHouSe2 ALGERIAN HaCkEr DORK : "powered by clipshare" VERSION : less than v3.0.1 EXPLOIT :...
Apache Scoreboard / Status Race Condition
::: ::::::::: ::: :::::::: ::: ::::::::::::: ::: :::::::::::::::::::::::::::::::::: ::::::::: :+: :+: :+: :+: :+: :+: :+: :+::+: :+::+: :+: :+: :+: :+: :+: :+::+: :+: +:+ +:+ +:+ +:++:+ +:+ +:+ +:+ +:++:+ +:+ +:+ +:+ +:+ +:+ +:++:+ +:+ +++:++++:+++:++++++:++++:++ +++:+++++++:++ +++:++++ ++ ++...