what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News Services About Contact Add New

Showing 1 - 25 of 109

Files from Janek Vind aka waraxe

MapProxy 1.11.0 Cross Site Scripting

Posted Aug 8, 2019

Authored by Janek Vind aka waraxe | Site waraxe.us

MapProxy version 1.11.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

MD5 | 0e07a7d40f1c725cd05b43db084ad338

Download | Favorite | View

WordPress Wordfence 7.1.12 XSS / Username Disclosure

Posted Oct 18, 2018

Authored by Janek Vind aka waraxe | Site waraxe.us

WordPress Wordfence plugin version 7.1.12 suffers from bypass, cross site scripting, and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss

MD5 | f85a44d7b6147f2f25a667a27e0309f9

Download | Favorite | View

WordPress Breadcrumb NavXT 6.1.0 Username Disclosure

Posted Sep 27, 2018

Authored by Janek Vind aka waraxe | Site waraxe.us

WordPress Breadcrumb NavXT plugin version 6.1.0 suffers from a username disclosure vulnerability.

tags | exploit

MD5 | 173afd20c324d341cdad331c3b81d260

Download | Favorite | View

WordPress FV Flowplayer 7.2.0.727 Cross Site Scripting

Posted Sep 21, 2018

Authored by Janek Vind aka waraxe | Site waraxe.us

WordPress FV Flowplayer plugin version 7.2.0.727 suffers from a cross site scripting vulnerability.

tags | exploit, xss

MD5 | 6a73d8627bafde17ab1cbdfe2441b625

Download | Favorite | View

Saurus CMS 4.7.1 4.7.1 LFI / RFI / XSS / SQL Injection / Traversal / CSRF

Posted Jul 15, 2013

Authored by Janek Vind aka waraxe | Site waraxe.us

Saurus CMS version 4.7.1 suffers from cross site scripting, remote file inclusion, local file inclusion, information disclosure, remote SQL injection, HTTP response splitting, cross site request forgery, and directory traversal vulnerabilities.

tags | exploit, remote, web, local, vulnerability, xss, sql injection, file inclusion, info disclosure, csrf

MD5 | c5bc8a3e9c7c1dcc21b2e1c2db019482

Download | Favorite | View

Spider Event Calendar 1.3.0 Cross Site Scripting / Path Disclosure / SQL Injection

Posted May 22, 2013

Authored by Janek Vind aka waraxe | Site waraxe.us

Spider Event Calendar version 1.3.0 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

MD5 | 1eaa7cb9bcc95f42fb737185ee768e3d

Download | Favorite | View

Spider Catalog 1.4.6 Cross Site Scripting / Path Disclosure / SQL Injection

Posted May 22, 2013

Authored by Janek Vind aka waraxe | Site waraxe.us

Spider Catalog version 1.4.6 is a Wordpress plugin that suffers from multiple cross site scripting, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

MD5 | ef43d2cf678bd3af7340cf9881abded6

Download | Favorite | View

phpMyAdmin Authenticated Remote Code Execution

Posted Apr 29, 2013

Authored by Janek Vind aka waraxe | Site metasploit.com

This Metasploit module exploits a PREG_REPLACE_EVAL vulnerability in phpMyAdmin's replace_prefix_tbl within libraries/mult_submits.inc.php via db_settings.php. This affects versions 3.5.x below 3.5.8.1 and 4.0.0 below 4.0.0-rc3. PHP versions greater than 5.4.6 are not vulnerable.

tags | exploit, php

advisories | CVE-2013-3238, OSVDB-92793

MD5 | 0f98ac49e2a0e97b78d728dd67072274

Download | Favorite | View

phpMyAdmin 3.5.8 / 4.0.0-RC2 Code Execution / LFI / Overwrite

Posted Apr 25, 2013

Authored by Janek Vind aka waraxe | Site waraxe.us

phpMyAdmin versions 3.5.8 and 4.0.0-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, file inclusion

advisories | CVE-2013-3238, CVE-2013-3239, CVE-2013-3240, CVE-2013-3241

MD5 | a19f7b563bcfd27ec869d2b00fdd590b

Download | Favorite | View

phpMyAdmin 3.5.7 Cross Site Scripting

Posted Apr 10, 2013

Authored by Janek Vind aka waraxe | Site waraxe.us

phpMyAdmin version 3.5.7 suffers from a reflective cross site scripting vulnerability.

tags | exploit, xss

MD5 | 03335a29baae9491a33ee4b265c32336

Download | Favorite | View

mRemote 1.50 Update Spoofing

Posted Mar 29, 2013

Authored by Janek Vind aka waraxe | Site waraxe.us

mRemote version 1.50 suffers from an update spoofing vulnerability.

tags | exploit, spoof

MD5 | 5f0a05105f4eac25a94fcdac8802592f

Download | Favorite | View

Royal TS 2.1.5 Update Spoofing

Posted Mar 29, 2013

Authored by Janek Vind aka waraxe | Site waraxe.us

Royal TS version 2.1.5 suffers from an update spoofing vulnerability.

tags | exploit, spoof

MD5 | 716632b0b203b43be35e845638c4c9b1

Download | Favorite | View

LibreOffice 4.0.1.2 Update Spoofing

Posted Mar 22, 2013

Authored by Janek Vind aka waraxe | Site waraxe.us

LibreOffice version 4.0.1.2 suffers from an update spoofing vulnerability due to not using a secure channel nor digital signatures.

tags | exploit, spoof

MD5 | 645d9184c722c4ebf8a8cd85e7f54810

Download | Favorite | View

OpenCart 1.5.5.1 Directory Traversal

Posted Mar 20, 2013

Authored by Janek Vind aka waraxe | Site waraxe.us

OpenCart version 1.5.5.1 suffers from a directory traversal vulnerability.

tags | exploit

MD5 | 913e42fd7df4415a289dd82aa2d74ece

Download | Favorite | View

PHP-Fusion 7.02.05 XSS / LFI / SQL Injection

Posted Mar 1, 2013

Authored by Janek Vind aka waraxe | Site waraxe.us

PHP-Fusion version 7.02.05 suffers from insecure backup handling, cross site scripting, local file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, php, vulnerability, xss, sql injection, file inclusion

MD5 | eadd12888d7ffd1ee998cbf595a1c10b

Download | Favorite | View

Zenphoto 1.4.3.3 SQL Injection / Interface Exposure / XSS

Posted Nov 5, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

Zenphoto version 1.4.3.3 suffers from multiple vulnerabilities including an administrative interface exposure, cross site scripting, file restriction bypass, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

MD5 | 2f60ce75dd49b8aaa8b4ae9542b059d5

Download | Favorite | View

WordPress FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection

Posted Oct 30, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

WordPress FoxyPress plugin version 0.4.2.5 suffers from cross site request forgery, cross site scripting, path disclosure, remote shell upload, open redirect, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection, csrf

MD5 | e44f54fc880cd61618e25f10fa7a4eb6

Download | Favorite | View

WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite

Posted Oct 25, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

WordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection

MD5 | 1798752200454dd6f75de4aecc6a5bd0

Download | Favorite | View

Wordpress Social Discussions 6.1.1 File Inclusion / Path Disclosure

Posted Oct 18, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

WordPress Social Discussions plugin version 6.1.1 suffers from local file inclusion, path disclosure, and remote file inclusion vulnerabilities.

tags | exploit, remote, local, vulnerability, file inclusion

MD5 | b890a9a3e2212a99dfe4390948d22fb1

Download | Favorite | View

WordPress Slideshow 2.1.12 Cross Site Scripting / Path Disclosure

Posted Oct 18, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

WordPress Slideshow plugin versions 2.1.12 and below suffer from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss

MD5 | 798c584e637f9368f7d174b90f1c2fb4

Download | Favorite | View

phpMyBitTorrent 2.04 SQL Injection / Local File Inclusion

Posted Oct 3, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

phpMyBitTorrent version 2.04 suffers from insecure cache handling, remote file disclosure, local file inclusion, and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion

MD5 | e645edbaa7854fb3332c60b8de127efa

Download | Favorite | View

Thomson SpeedTouch ST780 Insecure SSL Connection

Posted Sep 25, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

Thomson SpeedTouch ST780, by design, has mixed content in the DOM during an SSL encapsulated session.

tags | advisory

MD5 | fb05f515c38819c36c89573aa5785d84

Download | Favorite | View

TorrentTrader 2.08 XSS / Directory Traversal / Bypass

Posted Sep 17, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

TorrentTrader version 2.08 suffers from authorization bypass, cross site scripting, path disclosure, and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss

MD5 | 80f944bda396bc57c5a55368cbeda7aa

Download | Favorite | View

Joomla 2.5.4 Cross Site Scripting

Posted May 3, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

Joomla version 2.5.4 suffers from a cross site scripting vulnerability in the administrative sysinfo page.

tags | exploit, xss

advisories | CVE-2012-2412

MD5 | 17a3b6890babbd1c67d14005a7cd4e11

Download | Favorite | View

Joomla 1.5.26 ja_purity Cross Site Scripting

Posted May 3, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

Joomla version 1.5.26 suffers from a cross site scripting vulnerability in the ja_purity template.

tags | exploit, xss

advisories | CVE-2012-2413

MD5 | 27da82ecd8ff206a83c29d3f06faeb11

Download | Favorite | View