Showing 51 - 75 of 186

Files

SWFupload 2.5.0 Cross Frame Scripting: Posted Jan 25, 2015; Authored by MindCracker, Vulnerability Laboratory | Site vulnerability-lab.com; SWFupload version 2.5.0 suffers from a cross frame scripting vulnerability.; tags | exploit; SHA-256 | 283ad27ae5c9a13078f97e8a54234064217dd402919457787519f9e2a3593820; Download | Favorite | View

WordPress Revolution Slider Local File Disclosure: Posted Jan 25, 2015; Authored by JOK3R; WordPress Revolution Slider plugin suffers from a local file disclosure vulnerability. Note that this finding houses site-specific data.; tags | exploit, local, info disclosure; SHA-256 | 720a49959bd9a6132917146b6e2e88c554c60a190b1b5cd3ab7232e9197dea43; Download | Favorite | View

Cisco Ironport Appliance Privilege Escalation: Posted Jan 24, 2015; Authored by Glafkos Charalambous; Cisco Ironport appliances are vulnerable to authenticated "admin" privilege escalation. By enabling the Service Account from the GUI or CLI allows an admin to gain root access on the appliance, therefore bypassing all existing "admin" account limitations. The vulnerability is due to weak algorithm implementation in the password generation process which is used by Cisco to remotely access the appliance to provide technical support.; tags | exploit, root; systems | cisco; SHA-256 | 7aa6e441f68e79df13353d80a424cccc6714794a6a89f8ed099d5267e077478d; Download | Favorite | View

ManageEngine ServiceDesk 9.0 SQL Injection: Posted Jan 23, 2015; Authored by Muhammed Ahmed Siddiqui | Site rewterz.com; ManageEngine ServiceDesk version 9.0 prior to build 9031 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | c5fe07e7b05786d6f07d6f09a432fc4fea83c7125de5549570e1eaafcc13b2a5; Download | Favorite | View

ManageEngine ServiceDesk 9.0 User Enumeration: Posted Jan 23, 2015; Authored by Muhammed Ahmed Siddiqui | Site rewterz.com; ManageEngine ServiceDesk version 9.0 prior to build 9031 suffers from a remote user enumeration vulnerability.; tags | exploit, remote; SHA-256 | b0b6bf9a9dab1ec3d533b6e5cd4cc1c40202b20474bcd7c7949b11077ff22ef3; Download | Favorite | View

ManageEngine ServiceDesk Plus 9.0 Privilege Escalation: Posted Jan 23, 2015; Authored by Muhammed Ahmed Siddiqui | Site rewterz.com; ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls.; tags | exploit, remote; SHA-256 | 1c879d55c033a0142d5afd25967e70e6b4b9946140355cc35138584d329406e7; Download | Favorite | View

ferretCMS 1.0.4-alpha Cross Site Scripting / SQL Injection: Posted Jan 23, 2015; Authored by Steffen Roesemann; ferretCMS version 1.0.4-alpha suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | e833ccba84d5f20433f71ab680b92585696d02bcf2c559cbe91d1e54827ceb49; Download | Favorite | View

SmartCMS 2 Cross Site Scripting: Posted Jan 23, 2015; Authored by Jing Wang; SmartCMS version 2 suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; advisories | CVE-2014-9557; SHA-256 | d555b444dbeca536ed18b052a1222905eb7bad519789a5478cf859d96838bbc8; Download | Favorite | View

SmartCMS 2 SQL Injection: Posted Jan 23, 2015; Authored by Jing Wang; SmartCMS version 2 suffers from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; advisories | CVE-2014-9558; SHA-256 | e1e15790d42f90cde2cfadfe486a281cb2d46f6ec3aa8cb911ff47fef02976c6; Download | Favorite | View

Program-O 2.4.6 XSS / LFI / HTTP Response Splitting: Posted Jan 23, 2015; Authored by Paulos Yibelo, Vulnerability Laboratory | Site vulnerability-lab.com; Program-O version 2.4.6 suffers from http response splitting, cross site scripting, and local file inclusion vulnerabilities.; tags | exploit, web, local, vulnerability, xss, file inclusion; SHA-256 | 76658244af3e987274e86b16084fa6ffaf0d26aebcfead558ea9f4ca01983a80; Download | Favorite | View

USAA Mobile App Information Disclosure: Posted Jan 23, 2015; Authored by David Longenecker; The USAA Mobile app for Android versions prior to 7.10.1 suffer from an information disclosure vulnerability.; tags | exploit, info disclosure; SHA-256 | 5885b9f88356cacbdd18637c155b3a61531b959d43dbc55fb93a82fdcff79bdf; Download | Favorite | View

articleFR CMS 3.0.5 Cross Site Scripting: Posted Jan 23, 2015; Authored by Tien Tran Dinh; articleFR CMS version 3.0.5 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2015-1363; SHA-256 | a7eec6dd3bb01b1d47f2da23b35af63ca219b46a7c1690081c0abac2fbb389cb; Download | Favorite | View

Alibaba Cross Site Scripting / Open Redirect: Posted Jan 23, 2015; Authored by Jing Wang; Various Alibaba sites suffer from cross site scripting and open redirect vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 4122adb3397a297f4e601144cc131e86b766b44301d48f154f47babf55aaeed6; Download | Favorite | View

ecommerceMajor SQL Injection: Posted Jan 23, 2015; Authored by Manish Tanwar; ecommerceMajor suffers from remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; SHA-256 | 130972cbcc57088872f5ad921761903a21a4ffdef387d6ce66b050a87a8f21e4; Download | Favorite | View

Arris VAP2500 tools_command.php Command Execution: Posted Jan 22, 2015; Authored by HeadlessZeke | Site metasploit.com; Arris VAP2500 access points are vulnerable to OS command injection in the web management portal via the tools_command.php page. Though authentication is required to access this page, it is trivially bypassed by setting the value of a cookie to an md5 hash of a valid username.; tags | exploit, web, php; advisories | CVE-2014-8423, CVE-2014-8424; SHA-256 | a3a633df95163ac8abfd1b19d769fa3b73f2a1713b3feb2b4d0ff3be073861e7; Download | Favorite | View

EventSentry 3.1.0 Cross Site Scripting: Posted Jan 22, 2015; Authored by Sudhanshu Chauhan; EventSentry version 3.1.0 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2015-1180; SHA-256 | da0f4374ef92f5ee3eea2636f7aa15246d345cf90fa0777320bc476ba11a4c44; Download | Favorite | View

Mango Automation SCADA/HMI 2.4.0 Cross Site Scripting: Posted Jan 22, 2015; Authored by Sudhanshu Chauhan; Mango Automation SCADA/HMI version 2.4.0 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2015-1179; SHA-256 | 704e29f5301856f265965bf91b0847bbf30b4043a406207865521cb452b58b6d; Download | Favorite | View

X-CART e-Commerce 5.1.8 Cross Site Scripting: Posted Jan 22, 2015; Authored by Sudhanshu Chauhan; X-CART e-Commerce version 5.1.8 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2015-1178; SHA-256 | 555b632a4f5d3cfbee4028e75235fa7360c2220cfa003692dc1d0d40899feee8; Download | Favorite | View

Symantec SDCS:SA / SCSP XSS / Bypass / SQL Injection / Disclosure: Posted Jan 22, 2015; Authored by Stefan Viehboeck | Site sec-consult.com; Symantec Data Center Security: Server Advanced (SDCS:SA) and Symantec Critical System Protection (SCSP) suffer from cross site scripting, remote SQL injection, information disclosure, and policy bypass vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection, info disclosure; advisories | CVE-2014-7289, CVE-2014-9224, CVE-2014-9225, CVE-2014-9226; SHA-256 | c2294e75032fb839b9cb87eecedc88efda3874129c4fc1fbc3e1c516eb643ca7; Download | Favorite | View

Exponent CMS 2.3.2 Cross Site Scripting: Posted Jan 22, 2015; Authored by Sudhanshu Chauhan; Exponent CMS version 2.3.2 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2015-1177; SHA-256 | 48c6e80dad6478f82d642f57814f2a221955d4230c4eeb2b6b29cf0bd4259847; Download | Favorite | View

osTicket 1.9.4 Cross Site Scripting: Posted Jan 22, 2015; Authored by Sudhanshu Chauhan; osTicket version 1.9.4 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2015-1176; SHA-256 | 8003e3196ed9e2fd6b263aace480f15a18ea6434721e52f87dd4a81d355e4753; Download | Favorite | View

CAS Server 3.5.2 LDAP Authentication Bypass: Posted Jan 22, 2015; Authored by Jose Tozo; CAS Server version 3.5.2 allows remote attackers to bypass LDAP authentication via crafted wildcards.; tags | exploit, remote, bypass; advisories | CVE-2015-1169; SHA-256 | acdd49563e5c313169658b0544468eb337857711cbf273a6c35da6f861cdb17c; Download | Favorite | View

AVM FRITZ!Box Firmware Signature Bypass: Posted Jan 21, 2015; Site redteam-pentesting.de; The signature check of FRITZ!Box firmware images is flawed. Malicious code can be injected into firmware images without breaking the RSA signature. The code will be executed either if a manipulated firmware image is uploaded by the victim or if the victim confirms an update on the webinterface during a MITM attack.; tags | exploit; advisories | CVE-2014-8872; SHA-256 | b874a9011fb2ca0d221ff39d36dbb4e90c05998298389c0f0392ad2528babfbe; Download | Favorite | View

articleFR CMS 3.0.5 SQL Injection: Posted Jan 21, 2015; Authored by Tien Tran Dinh; articleFR CMS version 3.0.5 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2015-1364; SHA-256 | cf0e954b5df6aa5ec410aaab404196e221790b3b12e65427bddab5a4f981b512; Download | Favorite | View

OS X 10.9.5 IOKit IntelAccelerator NULL Pointer Dereference: Posted Jan 21, 2015; Authored by Google Security Research; OS X 10.9.5 IOKit IntelAccelerator suffers from a null pointer dereference vulnerability. This is the proof of concept exploit released by Google.; tags | exploit, proof of concept; systems | apple, osx; SHA-256 | 4eb96b629d8eab7927b29a5ec7a9f92753cd3f849943a9328dda80e152688d6a; Download | Favorite | View

Page 3 of 8 Back 1 2 3 4 5 Next

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

Files

Top Authors In Last 30 Days

Recent News