what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 7 of 7

Files from Wan Ikram

MyBiz MyProcureNet 5.0.0 File Upload / Cross Site Scripting

Posted May 14, 2018

Authored by Fikri Fadzil, Wan Ikram, Jasveer Singh, Ahmad Ramadhan Amizudin | Site sec-consult.com

MyBiz MyProcureNet version 5.0.0 suffers from remote file upload and cross site scripting vulnerabilities.

tags | advisory, remote, vulnerability, xss, file upload

advisories | CVE-2018-11091, CVE-2018-11090

SHA-256 | 051be9c96f5fc1dcdd65d667cf867817b2d9754a57b28812ac9fe96bc7e1ca84

Download | Favorite | View

ClipBucket SQL Injection / Command Injection / File Upload

Posted Feb 27, 2018

Authored by Fikri Fadzil, Wan Ikram, Jasveer Singh, Ahmad Ramadhan Amizudin | Site sec-consult.com

ClipBucket versions prior to 4.0.0 Release 4902 suffer from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, file upload

SHA-256 | 9c6e2a39e41028f37a5698b02254f9b2ad0ed428ace7ac29e792084d6d5b69b5

Download | Favorite | View

OpenEMR 5.0.0 Command Injection / Cross Site Scripting

Posted Dec 4, 2017

Authored by Fikri Fadzil, Wan Ikram, Jasveer Singh | Site sec-consult.com

OpenEMR version 5.0.0 suffers from code execution and cross site scripting vulnerabilities.

tags | exploit, vulnerability, code execution, xss

SHA-256 | cb323afd4eb9936c8fd21b2415f3e7b565e714471a0bae50bb61af03fdd63c92

Download | Favorite | View

Western Digital TV Media Player 1.03.07 LFI / CSRF / File Upload

Posted May 19, 2017

Authored by Fikri Fadzil, Wan Ikram | Site sec-consult.com

Western Digital TV Media Player version 1.03.07 suffers from file upload, local file inclusion, cross site request forgery, private key issue, remote SQL injection, and other vulnerabilities.

tags | advisory, remote, local, vulnerability, sql injection, file inclusion, file upload, csrf

SHA-256 | 385687d49d2c40482bc4095866410a41b9a17b1428c065bcb0a4be85c09e9a45

Download | Favorite | View

I, Librarian PDF Manager 4.6 / 4.7 Command Injection / SSRF / Enumeration

Posted May 9, 2017

Authored by Fikri Fadzil, Wan Ikram, Jasveer Singh | Site sec-consult.com

I, Librarian PDF Manager versions 4.6 and below along with version 4.7 suffer from command injection, server-side request forgery, cross site scripting, and directory enumeration vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | 7c325bdc1f88a6aa340e376d6463a768c9678e77c7cc0d563169c21c0f5a558f

Download | Favorite | View

MyBB 1.8.10 Server-Side Request Forgery

Posted Apr 7, 2017

Authored by Fikri Fadzil, Wan Ikram, Jasveer Singh | Site sec-consult.com

MyBB version 1.8.10 suffers from a server-side request forgery vulnerability.

tags | exploit

advisories | CVE-2017-7566

SHA-256 | 6def021f002d068b7afcd4018825a75bd63b3083cfd72ea4e1babc7809fe489e

Download | Favorite | View

Western Digital My Cloud Command Injection / File Upload

Posted Mar 7, 2017

Authored by Fikri Fadzil, Wan Ikram | Site sec-consult.com

Western Digital My Cloud suffers from unauthenticated OS command injection and arbitrary file upload vulnerabilities.

tags | exploit, arbitrary, vulnerability, file upload

SHA-256 | 51f0b3c25ef788a912ab98c33ba93698f1e03c6437ab8611aaf32ab9e41abb83

Download | Favorite | View