Showing 76 - 100 of 159

Files

webEdition 6.3.8.0 Path Traversal: Posted Sep 17, 2014; Authored by High-Tech Bridge SA | Site htbridge.com; webEdition version 6.3.8.0 suffers from a path traversal vulnerability.; tags | exploit, file inclusion; advisories | CVE-2014-5258; SHA-256 | ec005fe83de7331a8a07d62daabf90f9ab9273ce575f1297e75142a6f7bfd2ae; Download | Favorite | View

ClassApps SelectSurvey.net 4.124.004 SQL Injection: Posted Sep 17, 2014; Authored by BillV; ClassApps SelectSurvey.net version 4.124.004 suffers from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; advisories | CVE-2014-6030; SHA-256 | a1a0d60bd1a776a335c6c68257966aad56e2df9f4539b06ada46bc128f8763ac; Download | Favorite | View

Livefyre LiveComments 3.0 Cross Site Scripting: Posted Sep 17, 2014; Authored by Brij Kishore Mishra; Livefyre LiveComments version 3.0 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 6eccdbf0d02ef4c32c64da9928ac0666d213e0a528332a271898fa571fbd3865; Download | Favorite | View

WordPress WP-Ban 1.62 Bypass: Posted Sep 17, 2014; Authored by Tom Adams; WordPress WP-Ban plugin version 1.62 suffers from a bypass vulnerability when a properly minted X-Forwarded-For header is used.; tags | exploit, bypass; advisories | CVE-2014-6230; SHA-256 | 993efa6dd07b224e9bb5b8fdab33d68bb547334c234e6e0ca083f1086bcc1733; Download | Favorite | View

WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS: Posted Sep 17, 2014; Authored by Tom Adams; WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, csrf; SHA-256 | 53f460ac91c7d419b8bcb368ddda31921d0dbe302556c55c904f552f999c5396; Download | Favorite | View

OsClass 3.4.1 Cross Site Scripting: Posted Sep 17, 2014; Authored by Omar Kurt | Site netsparker.com; OsClass version 3.4.1 suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 7ce8f234f3fc7d597b6dee841a59a83f9c72744d959a65c980de8c3c542ca5da; Download | Favorite | View

OsClass 3.4.1 Local File Inclusion: Posted Sep 17, 2014; Authored by Omar Kurt | Site netsparker.com; OsClass version 3.4.1 suffers from a local file inclusion vulnerability.; tags | exploit, local, file inclusion; SHA-256 | b57ade7f6829462047ddce456aabe66c7c6b4e59dec82158f58d6561c00f9dfb; Download | Favorite | View

seafile-server 3.1.5 Denial Of Service: Posted Sep 17, 2014; Authored by retset; seafile-server version 3.1.5 suffers from a denial of service vulnerability.; tags | exploit, denial of service; SHA-256 | 292d4506d9d6653341024ec2cafc303a777f6ba126e5032e2a14512b6d41a1b4; Download | Favorite | View

Cart Engine 3.0 XSS / Open Redirect / SQL Injection: Posted Sep 16, 2014; Authored by Pietro Minniti; Cart Engine version 3.0 suffers from cross site scripting, open redirection, and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 93b97ae25238ea635247cf9b07391c3f2b34639a700fb58a83afc6eb85e142ea; Download | Favorite | View

Laravel 2.1 Hash::make() bcrypt Truncation: Posted Sep 16, 2014; Authored by Pichaya Morimoto; Laravel version 2.1 fails to check length prior to password hash creation allowing for possible hash collisions for secrets over 72 characters.; tags | exploit; SHA-256 | c326cc304eeacde84a1ea946f533f0c9f4c6ce9cfb4ff9339cbc8e8cbada6457; Download | Favorite | View

Phpwiki Ploticus Remote Code Execution: Posted Sep 16, 2014; Authored by Benjamin Harris | Site metasploit.com; The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via command injection.; tags | exploit, remote, arbitrary; advisories | CVE-2014-5519; SHA-256 | 18e48e1283c1f7e2061ea8e462d3f9d53674f70eece48f0ad2d5d50a28673365; Download | Favorite | View

USB & WiFi Flash Drive 1.3 Code Execution: Posted Sep 16, 2014; Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com; USB & WiFi Flash Drive version 1.3 suffers from a code execution vulnerability.; tags | exploit, code execution; SHA-256 | 5f67a4819878789c4eaf919650741ce0f3db9fe98bf25f5622ecb03ec07b13ab; Download | Favorite | View

WordPress Slideshow Gallery 1.4.6 Shell Upload: Posted Sep 16, 2014; Authored by Claudio Viviani, Jesus Ramirez Pichardo; WordPress Slideshow Gallery plugin version 1.4.6 shell upload exploit.; tags | exploit, shell; advisories | CVE-2014-5460; SHA-256 | c99c433d6dd82c7b0776b88fdc07ae76f1b02ea1f79fc372b706050fe5f7185c; Download | Favorite | View

OSSEC 2.8 umask Clear Text Passwords: Posted Sep 16, 2014; Authored by Alejandro Ramos; OSSEC version 2.8 inherits the umask of the user when adding cleartext passwords to the .passlist file, allowing for them to be world-readable instead of setting the permissions explicitly.; tags | exploit; SHA-256 | 0dfee385226e0fb3dc8f32f7d0068e69fcf46238bec5458dfc665b4a601c7e0a; Download | Favorite | View

CM Browser SOP Bypass: Posted Sep 16, 2014; Authored by Rafay Baloch; The CM browser suffers from a same-origin bypass vulnerability.; tags | exploit, bypass; SHA-256 | cb90f770b05e8da7d463a807bfd4d9059503a0f35122054dd9d80e1817d37c57; Download | Favorite | View

In-Portal CMS 5.2.0 Cross Site Scripting: Posted Sep 16, 2014; Authored by MustLive; In-Portal CMS versions 5.2.0 and below suffer from cross site scripting and brute forcing vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | e170753396594323bee4e2556fe03110708728dffbab6e52cabc4c2ee30b0a89; Download | Favorite | View

ALCASAR 2.8.1 Remote Root Code Execution: Posted Sep 15, 2014; Authored by EF; ALCASAR versions 2.8.1 and below suffer from a remote code execution vulnerability.; tags | exploit, remote, code execution; SHA-256 | 50969539e307aa3836b82e6e37ce5621a9257c22e78102c9e7849b899b4f8b8f; Download | Favorite | View

Briefcase 4.0 Code Execution / Local File Inclusion: Posted Sep 15, 2014; Authored by Benjamin Kunz Mejri, Vulnerability Laboratory | Site vulnerability-lab.com; Briefcase version 4.0 suffers from code execution and local file inclusion vulnerabilities.; tags | exploit, local, vulnerability, code execution, file inclusion; SHA-256 | ee4769ddc3ccb478d6f4b3846b15011421dba91117c82dee9377af11ba04b175; Download | Favorite | View

Aztech DSL5018EN / DSL705E / DSL705EU DoS / Broken Session Management: Posted Sep 15, 2014; Authored by Federick Joe P Fajardo; Aztech DSL5018EN, DSL705E, and DSL705EU ADSL modems/routers suffer from broken session management, denial of service, file exposure, and parameter tampering vulnerabilities.; tags | exploit, denial of service, vulnerability; advisories | CVE-2014-6435, CVE-2014-6436, CVE-2014-6437; SHA-256 | f6d378232da2f6443ab2049ec99245e887f6a80eb6f0844fa10661d9cbd6ca5d; Download | Favorite | View

DVWA Cross Site Request Forgery: Posted Sep 15, 2014; Authored by Paulos Yibelo; Damn Vulnerable Web Application, which is meant to be a vulnerable web application for security testing, can be leveraged by attackers to compromise your system when in use. This is a good reminder to only use DVWA on an air-gapped network. This exploits demonstrates the ability to gain code execution on the system.; tags | exploit, web, code execution, csrf; SHA-256 | 75399c599af8214d734313a75983c0648c16b80932511c55319919111ea07883; Download | Favorite | View

Splendid CRM Cross Site Scripting: Posted Sep 14, 2014; Authored by Provensec; Splendid CRM suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | f3ec24f1b0f8a6f48890014674c1fdd67559525020cc9f604e6360fa1ef742aa; Download | Favorite | View

MyITCRM Cross Site Scripting: Posted Sep 14, 2014; Authored by Provensec; MyITCRM suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 501a32b63637e9bf017927195b228d103c1cebf55f57955460fab48cc9193829; Download | Favorite | View

Rooted SSH/SFTP Daemon Default Login Credentials: Posted Sep 12, 2014; Authored by Larry W. Cashdollar; Rooted SSH/SFTP Daemon installs with static default root credentials and does not prompt the user to change them.; tags | exploit, root; SHA-256 | 04c4d92a411b17314d846f4d2d72d2c504c386afce4fbd9c2181d3687821c1dc; Download | Favorite | View

Joomla Spider Form Maker 3.4 SQL Injection: Posted Sep 12, 2014; Authored by Claudio Viviani; Joomla Spider Form Maker versions 3.4 and below suffer from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 5c25d9bbb458923098a56f057354dcfed35e345f3b132afb9cfcd72b197098bc; Download | Favorite | View

Food Order Portal 8.3 Cross Site Request Forgery: Posted Sep 12, 2014; Authored by KnocKout; Food Order Portal version 8.3 suffers from a cross site request forgery vulnerability. Note that this finding houses site-specific data.; tags | exploit, csrf; SHA-256 | 1ea1544a5ebc5aaffe39261af2fcca694eb003fcf7092e12495bbea16b10c3d5; Download | Favorite | View

Page 4 of 7 Back 2 3 4 5 6 Next

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

Files

Top Authors In Last 30 Days

Recent News