39001 matches found
Microsoft Windows - Global Reparse Point Security Feature Bypass/Elevation of Privilege Exploit
Exploit for windows platform in category local exploits Windows: Global Reparse Point Security Feature Bypass/Elevation of Privilege Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevation of Privilege Summary: It’s possible to use the ne...
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < 4.25 - Denial of Service Exploit
Exploit for hardware platform in category dos / poc Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module V4.25 - Denial of Service Exploit Author: M. Can Kurnaz Contact: https://twitter.com/0x43414e Vendor Homepage: https://www.siemens.com Version: All devices that include...
Joomla File Download Tracker 3.0 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component File Download Tracker 3.0 - SQL Injection Vendor Homepage: http://techsolsystem.com/ Software Link: https://extensions.joomla.org/extensions/extension/directory-a-documentation/downloads/file-download-tracker/...
Joomla JS Jobs 1.1.9 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JS Jobs 1.1.9 - SQL Injection Vendor Homepage: http://www.joomsky.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/js-jobs/ Software Download:...
JBoss Remoting 6.14.18 - Denial of Service Exploit
Exploit for multiple platform in category dos / poc Exploit Title: Exploit Denial of Service JBoss Remoting 4447/9999 Exploit Author: Frank Spierings Vendor Homepage: https://www.redhat.com/en/technologies/jboss-middleware/application-platform/get-started Software Link:...
Joomla JquickContact 1.3.2.2.1 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor: http://coderspirit.blogspot.com.tr/2011/07/jquickcontact.html Software:...
EPIC MyChart - SQL Injection Vulnerability
Exploit for asp platform in category web applications Exploit Title: Epic Systems Corporation MyChart SQL Injection Google Dork: MyChart® licensed from Epic Systems Corporation Exploit Author: Shayan Sadigh http://threat.tevora.com/author/shayan/ Vendor Homepage: https://www.epic.com/software...
Joomla ccNewsletter 2.x.x Component id - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Vendor Homepage: https://www.chillcreations.com/ Software Link: https://extensions.joomla.org/extension/ccnewsletter/ Version: 2.x Stable Category: Webapps Tested on:...
Joomla Solidres 2.5.1 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Solidres 2.5.1 - SQL Injection Vendor Homepage: http://solidres.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/solidres/ Version: 2.5.1 Category:...
Joomla JTicketing 2.0.16 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JTicketing 2.0.16 - SQL Injection Vendor Homepage: https://techjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/jticketing/ Version: 2.0.16 Category: Webap...
Joomla SimpleCalendar 3.1.9 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component SimpleCalendar 3.1.9 - SQL Injection Vendor Homepage: http://albonico.ch/ Software Link: http://software.albonico.ch/downloads/file/3-simplecalendar-3-1-9.html Version: 3.1.9 Category: Webapps Tested on:...
Joomla Fastball 2.5 Component - season SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Fastball 2.5 - SQL Injection Vendor Homepage: http://www.fastballproductions.com/ Software Link: http://www.fastballproductions.com/ Version: 2.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Joomla Realpin 1.5.04 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Realpin = 1.5.04 - SQL Injection Vendor Homepage: http://realpin.frumania.com/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-display/realpin/ Software Download:...
Joomla Gallery WD 1.3.6 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Gallery WD 1.3.6 - SQL Injection Vendor Homepage: https://web-dorado.com/ Software Link: https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-wd/ Software Download:...
Joomla Pinterest Clone Social Pinboard 2.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection Vendor Homepage: https://www.apptha.com/ Software Link: https://www.apptha.com/joomla/social-pinboard-script Version: 2.0 Category: Webapps Tested on:...
Joomla Staff Master 1.0 RC 1 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Staff Master = 1.0 RC 1 - SQL Injection Vendor Homepage: http://www.systemsunited.net/ Software Link: http://www.systemsunited.net/ Version: = 1.0 RC 1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Twig < 2.4.4 - Server Side Template Injection Vulnerability
Exploit for php platform in category web applications Vulnerability details: Exploit Title: Twig Output: 16 2. POC: http://localhost/search?searchkey=44 OUTPUT: 4 http://localhost/search?searchkey=ls OUTPUT: list of files/directories etc…. 0day.today 2018-03-01...
Joomla Smart Shoutbox 3.0.0 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection Vendor Homepage: https://thekrotek.com/ Software Link: https://extensions.joomla.org/extension/smart-shoutbox/ Version: 3.0.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx...
Joomla jGive 2.0.9 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JGive 2.0.9 - SQL Injection Vendor Homepage: http://techjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/donations/jgive/ Version: 2.0.9 Category: Webapps Tested on:...
Joomla JS Autoz 1.0.9 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JS Autoz 1.0.9 - SQL Injection Vendor Homepage: http://www.joomsky.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/js-autoz/ Software Download:...
Joomla Form Maker 3.6.12 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Form Maker 3.6.12 - SQL Injection Vendor Homepage: http://demo.web-dorado.com/ Software Link: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/form-maker/ Version: 3.6.12 Category:...
Joomla Project Log 1.5.3 Component - search SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Project Log 1.5.3 - SQL Injection Vendor Homepage: https://extensions.thethinkery.net/ Software Link:...
Joomla DT Register 3.2.7 Component - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component DT Register 3.2.7 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://www.dthdevelopment.com/ Software Link:...
Joomla JB Bus 2.3 Component - order_number SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JB Bus 2.3 - SQL Injection Vendor Homepage: http://joombooking.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jbtransport/ Version: 2.3 Category:...
UserSpice 4.3 - Blind SQL Injection Exploit
Exploit for php platform in category web applications !/usr/env/python """ Application UserSpice PHP user management Vulnerability UserSpice = 4.3 Blind SQL Injection exploit URL https://userspice.com Date 1.2.2018 Author Dolev Farhi About the App: What makes userspice different from almost any...
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Oracle Primavera P6 Enterprise Project Portfolio Management HTTP Response Splitting Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis - RUNESEC Vendor Homepage:...
Joomla SquadManagement 1.0.3 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component SquadManagement 1.0.3 - SQL Injection Vendor Homepage: http://www.larshildebrandt.de/ Software Link: https://extensions.joomla.org/extensions/extension/sports-a-games/sports/squadmanagement/ Software Download:...
Joomla JomEstate PRO 3.7 Component - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JomEstate PRO = 3.7 - SQL Injection Vendor Homepage: http://comdev.eu/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/jomestate-pro/ Version: = 3.7 Category:...
Joomla Saxum Picker 3.2.10 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Saxum Picker 3.2.10 - SQL Injection Vendor Homepage: http://www.saxum2003.hu/ Software Link: https://extensions.joomla.org/extensions/extension/sports-a-games/games/saxumpicker/ Software Download:...
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications input type="submit" va...
Joomla Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 Component - Cross-Site Scripting
Exploit for php platform in category web applications Exploit Title: Joomla! Component SIGE version 3. Solution: Update to version 3.3.0 https://downloads.kubik-rubik.de/joomla-extensions/plgsigev3.3.0.zip 0day.today 2018-04-11...
Joomla Google Map Landkarten 4.2.3 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Google Map Landkarten = 4.2.3 - SQL Injection Vendor Homepage: http://www.joomla-24.de/ Software Link: https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/google-map-landkarten/...
Microsoft Edge - UnmapViewOfFile ACG Bypass Vulnerability
Exploit for windows platform in category dos / poc Background: To implement ACG https://blogs.windows.com/msedgedev/2017/02/23/mitigating-arbitrary-native-code-execution/VM4y5oTSGCRde3sk.97, Edge uses a separate process for JIT compiling. This JIT Process is also responsible for mapping native co...
PSNews Website 1.0.0 - Keywords SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: PSNews Website Same Backend with Mobile Apps 1.0.0 - 'Keywords' SQL Injection Dork: N/A Date: 2018-02-16 Exploit Author: Borna nematzadeh L0RD or email protected Vendor Homepage:...
TV - Video Subscription - Authentication Bypass SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: TV - Video Subscription - Authentication Bypass Exploit Author: Borna nematzadeh L0RD or email protected Vendor Homepage: https://codecanyon.net/item/tv-video-subscription/13966427?srank=1677 Version: All version Category: Webap...
ABRT - raceabrt Privilege Escalation Exploit
Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ABRT raceabrt Privilege Escalation', 'Description' = %q This module attempts to gain root...
Joomla NeoRecruit 4.1 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component NeoRecruit 4.1 - SQL Injection Vendor Homepage: http://neojoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/neorecruit/ Version: 4.1 Category:...
Joomla Saxum Numerology 3.0.4 Component - SQL Injection Vulnerability
Exploit for perl platform in category web applications Exploit Title: Joomla! Component Saxum Numerology 3.0.4 - SQL Injection Vendor Homepage: http://www.saxum2003.hu/ Software Link: http://www.saxum2003.hu/en/downloadsen/category/7-saxumnumerology-komponens.html Software Download:...
Joomla Saxum Astro 4.0.14 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Saxum Astro 4.0.14 - SQL Injection Vendor Homepage: http://www.saxum2003.hu/ Software Link: https://extensions.joomla.org/extensions/extension/living/astrology-a-horoscope/saxumastro/ Software Download:...
Joomla Aist 2.0 Component - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Aist = 2.0 - SQL Injection Vendor Homepage: http://aist.bmstu.ru/ Software Link: http://aist.bmstu.ru/ Version: = 2.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-5993 Exploit Author: Ihsan...
Joomla AllVideos Reloaded 1.2.x Component - divid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component AllVideos Reloaded 1.2.x - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://allvideos.fritz-elfert.de Software Link:...
Joomla MediaLibrary Free 4.0.12 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection Vendor Homepage: http://ordasoft.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/education-a-culture/medialibrary-basic/ Software Download:...
PHIMS - Hospital Management Information System - Password SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: PHIMS - Hospital Management Information System - 'Password' SQL Injection Exploit Author: Borna nematzadeh L0RD or email protected Vendor Homepage: https://codecanyon.net/item/phims/14974225?srank=1566 Version: All version...
Joomla Advertisement Board 3.1.0 Component - catname SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Advertisement Board 3.1.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://ordasoft.com/ Software Link:...
Joomla InviteX 3.0.5 Component - invite_type SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component InviteX 3.0.5 - SQL Injection Vendor Homepage: http://techjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/content-sharing/bookmark-a-recommend/invitex/ Version: 3.0.5 Category:...
Joomla Timetable Responsive Schedule For Joomla 1.5 Component - alias SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - SQL Injection Vendor Homepage: http://quanticalabs.com/joomla/ Software Link:...
Microsoft Edge Chakra JIT - LdThis Type Confusion Exploit
Exploit for windows platform in category dos / poc / LdThis instructions' value type is assumed to be "Object". Since "this" can be other objects like an array, it has to be assumed to be "LikelyObject", otherwise, operations to "this" will not be checked properly. PoC: / function optarr arr0 =...
Microsoft Edge Chakra JIT - ImplicitCallFlags Checks Bypass Exploit
Exploit for windows platform in category dos / poc / Here's a snippet of ExecuteImplicitCall which is responsible for updating the ImplicitCallFlags flag. template inline Js::Var ExecuteImplicitCallJs::RecyclableObject function, Js::ImplicitCallFlags flags, Fn implicitCall ... Js::ImplicitCallFla...
Dell EMC Isilon OneFS - Multiple Vulnerabilities
Exploit for linux platform in category web applications Dell EMC Isilon OneFS Multiple Vulnerabilities 1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:...
Microsoft Edge Chakra JIT - Memory Corruption Exploit
Exploit for windows platform in category dos / poc / Let's consider the following example code. function opt let arr = ; return arr'x'; // Optimize the "opt" function. for let i = 0; i inline Js::Var ExecuteImplicitCallJs::RecyclableObject function, Js::ImplicitCallFlags flags, Fn implicitCall //...