what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 26 - 50 of 109

Files from Janek Vind aka waraxe

Invision Power Board 3.3.0 Local File Inclusion

Posted Apr 13, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

Invision Power Board version 3.3.0 suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion

advisories | CVE-2012-2226

SHA-256 | f60495dc85f064342f7246563e66ad86955a8f7a941db582ed6b51ec5253b559

Download | Favorite | View

Uploadify Integration 0.9.6 Cross Site Scripting

Posted Apr 10, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

Uploadify Integration version 0.9.6 suffers from multiple reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | 2cec663ed8f499e02e5821c830115810999de117f9fed461880943ad28c12e39

Download | Favorite | View

OpenCart 1.5.2.1 LFI / Shell Upload / Response Splitting

Posted Apr 9, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

OpenCart version 1.5.2.1 suffers from arbitrary file upload, HTTP response splitting, local file inclusion, path disclosure, and failed randomness vulnerabilities.

tags | exploit, web, arbitrary, local, vulnerability, file inclusion, file upload

SHA-256 | 25944ffdc2a7a3db202a1db3e98135989ccf06c08ac03ec68f53ed95c4abb836

Download | Favorite | View

Uploadify 2.1.4 Cross Site Scripting / Shell Upload

Posted Apr 6, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

Uploadify version 2.1.4 suffers from cross site scripting, arbitrary file upload, and file existence disclosure vulnerabilities.

tags | exploit, arbitrary, vulnerability, xss, file upload

SHA-256 | 3f38c74b43ba1c025dd465775f3d1dc92c03a7e41854abae55a3586edd31ee50

Download | Favorite | View

Uploadify 3.0.0 File Existence Disclosure

Posted Apr 6, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

Uploadify version 3.0.0 suffers from a file existence disclosure vulnerability.

tags | exploit

SHA-256 | 05c97b59546e15f878181c5d6fbca56feb0254a860b7c9fc364aa9d33eb51a6f

Download | Favorite | View

Coppermine 1.5.18 Cross Site Scripting / Path Disclosure

Posted Mar 30, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

Coppermine version 1.5.18 suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | 7ed975c2a3c1cbdf0d8633640f3ac1828890da246e38234fa66957454d96fdde

Download | Favorite | View

NextBBS 0.6.0 Authentication Bypass / SQL Injection / XSS

Posted Mar 28, 2012

Authored by Janek Vind aka waraxe | Site waraxe.us

NextBBS version 0.6.0 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

SHA-256 | bfa83da9859d83d6988d38e9d8dc4e00aea5881410d054635c38bf926bc80c44

Download | Favorite | View

Coppermine 1.5.10 Cross Site Scripting

Posted Dec 29, 2010

Authored by Janek Vind aka waraxe | Site waraxe.us

Coppermine version 1.5.10 suffers from reflective cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | be8b73580a130da9b082972278f6af1869440c879e56b3306245c47f80cea697

Download | Favorite | View

CruxCMS 3.0.0 Bypass / Shell Upload / SQL Injection / XSS / LFI

Posted Dec 27, 2010

Authored by Janek Vind aka waraxe | Site waraxe.us

CruxCMS version 3.0.0 suffers from cross site scripting, local file inclusion, authentication bypass, shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, local, vulnerability, xss, sql injection, file inclusion

SHA-256 | 5375e0a5494a05b2ea69af210a5d3d1856065f95387bd5c4db520a4274857a70

Download | Favorite | View

Calibre 0.7.34 Cross Site Scripting/ Directory Traversal

Posted Dec 22, 2010

Authored by Janek Vind aka waraxe | Site waraxe.us

Calibre version 0.7.34 suffers from cross site scripting and directory traversal vulnerabilities.

tags | exploit, vulnerability, xss

SHA-256 | bdada2cbfe5d06feef10c7a93b08915bba5a2569537ebbe88dce78e46581aaf2

Download | Favorite | View

Coppermine Photo Gallery 1.4.14 picEditor.php Command Execution

Posted Feb 20, 2010

Authored by Janek Vind aka waraxe | Site metasploit.com

This Metasploit module exploits a vulnerability in the picEditor.php script of Coppermine Photo Gallery. When configured to use the ImageMagick library, the 'quality', 'angle', and 'clipval' parameters are not properly escaped before being passed. NOTE: Use of the ImageMagick library is a non-default option. However, a user can specify its use at installation time.

tags | exploit, php

advisories | CVE-2008-0506

SHA-256 | c125091ac8421181cd0302afb6f49897b22d6f924ad3dc28cf4a23ab0afcfdee

Download | Favorite | View

SugarCRM SQL Injection / Access / Code Execution

Posted Dec 1, 2009

Authored by Janek Vind aka waraxe | Site waraxe.us

Sugar CRM versions 5.5.0.RC2 and 5.2.0j suffer from remote SQL injection, unauthorized access, remote file inclusion, and code execution vulnerabilities.

tags | exploit, remote, vulnerability, code execution, sql injection, file inclusion

SHA-256 | c370b50f7ecb557a73820f6d5a6ebce4eff9879ae4443b4683dfaf0d5cfee27b

Download | Favorite | View

Vivvo CMS 4.1.5.1 File Disclosure

Posted Oct 22, 2009

Authored by Janek Vind aka waraxe | Site waraxe.us

Vivvo CMS version 4.1.5.1 suffers from a remote file disclosure vulnerability.

tags | exploit, remote

SHA-256 | 05fa1a11934b14f1095d2c734f42bad4dce651a581110e502fd5ee11a280b96c

Download | Favorite | View

TorrentTrader Classic 1.09 SQL Injection

Posted Jun 15, 2009

Authored by Janek Vind aka waraxe | Site waraxe.us

TorrentTrader Classic version 1.09 suffers from information leakage, forced database backup, and multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection

SHA-256 | e8769d9da4b097523f74971e6c76bddfba18b6af3bdc4de9d5059363ee58d5d2

Download | Favorite | View

VirtueMart 1.1.2 SQL Injection / RFI / LFI / XSS

Posted Apr 1, 2009

Authored by Janek Vind aka waraxe | Site waraxe.us

VirtueMart versions 1.1.2 and below suffer from cross site scripting, SQL injection, remote/local file inclusion, and code execution vulnerabilities.

tags | exploit, remote, local, vulnerability, code execution, xss, sql injection, file inclusion

SHA-256 | c1b8b1b104c5cb8ad97f285c6bcdb1512e50ac13adc92396ee282e41ac8a0bed

Download | Favorite | View

VirtueMart 1.1.2 SQL Injection

Posted Apr 1, 2009

Authored by Janek Vind aka waraxe | Site waraxe.us

This Metasploit module exploits a blind SQL injection vulnerability in VirtueMart versions 1.1.2 and below.

tags | exploit, sql injection

SHA-256 | ee0b781624a9fe618d7bcb74a678739c7905f9010ed773f93804bcce0cfa5691

Download | Favorite | View

Orbit Downloader 2.8.7 File Deletion

Posted Mar 24, 2009

Authored by Janek Vind aka waraxe | Site waraxe.us

Orbit Downloader version 2.8.7 suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary

SHA-256 | e5ce7cc15101de30539c9ea9bc9a79cf27d07d7874d3092fd7718656d8b13022

Download | Favorite | View

RavenNuke 2.3.0 Code Execution / SQL Injection

Posted Feb 16, 2009

Authored by Janek Vind aka waraxe | Site waraxe.us

RavenNuke version 2.3.0 suffers from multiple code execution and SQL injection vulnerabilities.

tags | exploit, vulnerability, code execution, sql injection

SHA-256 | c34ff1a2c075baf5cd498bcc9dba388976bcf111db9b56ba7173af2090138d40

Download | Favorite | View

Chrome chromehtml: Code Execution

Posted Jan 30, 2009

Authored by Janek Vind aka waraxe | Site waraxe.us

Updated version of the Google Chrome chromehtml: code execution vulnerability that demonstrates disabling of the sandbox. Version 1.0.154.46 is affected.

tags | exploit, code execution

SHA-256 | 51fc96a054aa0a16bfb637685259cda45d65bdab9ef532392919c35d2dc90cd4

Download | Favorite | View

MKPortal 1.2.1 XSS / SQL Injection / File Upload

Posted Jan 16, 2009

Authored by Janek Vind aka waraxe | Site waraxe.us

MKPortal versions 1.2.1 and below suffer from insecure upload methods, reflected and stored cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

SHA-256 | 5f449583ffaa8667d7d232a825f8025e360d301db52df1c99e3ae7f4a6e8c644

Download | Favorite | View

waraxe-2008-SA068.txt

Posted Nov 18, 2008

Authored by Janek Vind aka waraxe | Site waraxe.us

vBulletin version 3.7.3pl1 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | 281f8824a21ee744c2e9623738b4bfcf0f02c5d55605d6775a421d5c519da677

Download | Favorite | View

waraxe-2008-SA069.txt

Posted Nov 18, 2008

Authored by Janek Vind aka waraxe | Site waraxe.us

vBulletin version 3.7.4 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection

SHA-256 | 7616ea592696b19126df0c67e92f237a255b4bc6899fc4efcf4894b2314caa88

Download | Favorite | View

ipb235-sql.txt

Posted Sep 22, 2008

Authored by Janek Vind aka waraxe | Site waraxe.us

Invision Power Board versions 2.3.5 and below remote SQL injection exploit.

tags | exploit, remote, sql injection

SHA-256 | 76badd14786989e37d15975fe6be7b411428ffab8d0db1da5298996b3b06b24e

Download | Favorite | View

waraxe-2008-SA066.txt

Posted Feb 1, 2008

Authored by Janek Vind aka waraxe | Site waraxe.us

Coppermine version 1.4.14 suffers from cross site scripting and SQL injection vulnerabilities.

tags | exploit, vulnerability, xss, sql injection

SHA-256 | 25419706766caddd648005f4bea79752b224aed766ae85d7be23135f0555917e

Download | Favorite | View

waraxe-2008-SA065.txt

Posted Jan 31, 2008

Authored by Janek Vind aka waraxe | Site waraxe.us

Coppermine version 1.4.14 suffers from a remote shell command execution vulnerability in include/imageObjectIM.class.php.

tags | exploit, remote, shell, php

SHA-256 | 31a81742b5b6bb6f8d30f9640e25a0378a178d04d82a26078fcb19fbb421504f

Download | Favorite | View