exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

CMSLogik 1.2.1 Shell Upload
Posted Apr 15, 2013
Authored by LiquidWorm | Site zeroscience.mk

CMSLogik version 1.2.1 remote shell upload exploit that leverages upload_file_ajax().

tags | exploit, remote, shell
SHA-256 | 388dfda9e5c2864733fb1f35877311c346de30bf143c65b9a736d9621df80c12

Related Files

CMSLogik 1.2.1 Cross Site Scripting
Posted Apr 15, 2013
Authored by LiquidWorm | Site zeroscience.mk

CMSLogik version 1.2.1 suffers from multiple persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0d689e042dfbcc06d7598ea63bfdfc89986778efbd29a42b5b292eb8d35e93cc
CMSLogik 1.2.1 User Enumeration Weakness
Posted Apr 15, 2013
Authored by LiquidWorm | Site zeroscience.mk

CMSLogik version 1.2.1 suffers from a user enumeration weakness vulnerability.

tags | exploit
SHA-256 | e2341029bd4b0b4be62556695943838129160100fef2bcf39d008c3fc5e97008
SetSeed CMS 5.8.20 SQL Injection
Posted Nov 2, 2011
Authored by LiquidWorm | Site zeroscience.mk

SetSeed CMS version 5.8.20 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the vulnerable script using the cookie input 'loggedInUser', which could allow the attacker to view, add, modify or delete information in the back-end database.

tags | exploit, remote, sql injection
SHA-256 | 2c7d6fde362078986308ded7ffb7656180b3a2a54c0736c861bf3fe6f0c9453c
vtiger CRM 5.2.1 Cross Site Scripting
Posted Oct 26, 2011
Authored by LiquidWorm | Site zeroscience.mk

vtiger CRM version 5.2.1 suffers from a cross site scripting vulnerability when parsing user input to the _operation and search parameters in the /modules/mobile/index.php script.

tags | exploit, php, xss
SHA-256 | 0d29026874a0d4432347cabc827eb094403c710e733c7fac2c1688bc88169e26
Cotonti CMS 0.9.4 Cross Site Scripting / SQL Injection
Posted Oct 11, 2011
Authored by LiquidWorm | Site zeroscience.mk

Cotonti CMS version 0.9.4 suffers from cross site scripting and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | b78c131af15357169e90a8032c9b2b2eab261a641f5750e9c8d881852f3be7e0
Ashampoo Burning Studio Elements 10.0.9 Heap Overflow
Posted Oct 3, 2011
Authored by LiquidWorm | Site zeroscience.mk

Ashampoo Burning Studio Elements version 10.0.9 suffers from a heap overflow vulnerability. It fails to properly sanitize user supplied input when parsing .ashprj project file formats resulting in a crash corrupting the heap-based memory. The attacker can use this scenario to lure unsuspecting users to open malicious crafted .ashprj files with a potential for arbitrary code execution on the affected system.

tags | exploit, overflow, arbitrary, code execution
SHA-256 | f75aa6cbf3a17f5685e22633550ca4c85791c38d464e76137942ed86c5fbeea8
Adobe Photoshop Elements 8.0 Code Execution
Posted Oct 1, 2011
Authored by LiquidWorm | Site zeroscience.mk

Adobe Photoshop Elements 8 suffers from a buffer overflow vulnerability when dealing with .ABR (brushes) and .GRD (gradients) format files. The application fails to sanitize the user input resulting in a memory corruption, overwriting several memory registers which can aid the attacker to gain the power of executing arbitrary code on the affected system or denial of service scenario.

tags | exploit, denial of service, overflow, arbitrary
systems | linux
advisories | CVE-2011-2443
SHA-256 | de231a932c681e757853f9b30b26ba630e5371c0793ff22cac8c46c88a5791d2
Toko Lite CMS 1.5.2 HTTP Response Splitting
Posted Sep 19, 2011
Authored by LiquidWorm | Site zeroscience.mk

Toko Lite CMS version 1.5.2 suffers from a HTTP response splitting vulnerability. Input passed to the 'charSet' parameter in 'edit.php' is not properly sanitized before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user.

tags | exploit, web, arbitrary, php
SHA-256 | 0ece8e90a521dbb49857876275b2f7437dfe10ead5f178eb312f800e5e26394b
Toko Lite CMS 1.5.2 Cross Site Scripting
Posted Sep 19, 2011
Authored by LiquidWorm | Site zeroscience.mk

Toko Lite CMS version 15.2 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 1e375defb0b70ff576bb4ab30105128e41f023f56c06f5adc032a0786038ed7c
iGallery Plugin 1.0.0 Cross Site Scripting
Posted Sep 18, 2011
Authored by LiquidWorm | Site zeroscience.mk

iGallery plugin version 1.0.0 suffers from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in '/scripts/pthumb/demo/phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

tags | exploit, arbitrary, php, xss
SHA-256 | 649c0e5f670adcc02d2f48ac41bb3b9dbf1473ba6e21da4a9bebd40f9b3f7896
iManager Plugin 1.2.8 Cross Site Scripting
Posted Sep 18, 2011
Authored by LiquidWorm | Site zeroscience.mk

iManager plugin versions 1.2.8 build 02012008 and below suffer from a cross site scripting vulnerability when parsing user input to the 'dir' parameter via GET method in 'random.php' and 'phpThumb.demo.random.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

tags | exploit, arbitrary, php, xss
SHA-256 | 4c4c2b763221737d36a6acfffd6dbb477bc08d64d63061a263200f70c4504d7a
iBrowser Plugin 1.4.1 Cross Site Scripting
Posted Sep 18, 2011
Authored by LiquidWorm | Site zeroscience.mk

iBrowser plugin versions 1.4.1 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2107ed08679b3cadf3a5612f0068b8a88d9524b1ecc47a00f4761fae255d7405
iManager Plugin 1.2.8 Arbitrary File Deletion
Posted Sep 18, 2011
Authored by LiquidWorm | Site zeroscience.mk

iManager plugin version 1.2.8 suffers from an arbitrary file deletion vulnerability.

tags | exploit, arbitrary
SHA-256 | 63d8ec3f4d364c44e15e1df3ae54eb79901968d0e854a24fdc9ff42dc237090b
iManager Plugin 1.2.8 Local File Inclusion
Posted Sep 17, 2011
Authored by LiquidWorm | Site zeroscience.mk

iManager plugin version 1.2.8 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to imanager.php, rfiles.php, symbols.php, colorpicker.php, loadmsg.php, ov_rfiles.php and examples.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.

tags | exploit, local, php, file inclusion
SHA-256 | d0cf4e6a0566ee44420d01dd97fde3f21f7a6d484e9d9448f4b1f6a0c32cc43c
iBrowser Plugin 1.4.1 Local File Inclusion
Posted Sep 16, 2011
Authored by LiquidWorm | Site zeroscience.mk

iBrowser plugin version 1.4.1 suffers from a local file inclusion vulnerability / file disclosure vulnerability when input passed thru the 'lang' parameter to ibrowser.php, loadmsg.php, rfiles.php and symbols.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks and URL encoded NULL bytes.

tags | exploit, local, php, file inclusion
SHA-256 | a153b7a4a47ff146d91e0d79e554e424553ad4ca1efa41e15eaa049ec8a0b46d
Mini FTP Server 1.1 Denial Of Service
Posted Aug 28, 2011
Authored by LiquidWorm | Site zeroscience.mk

Mini FTP Server version 1.1 buffer corruption remote denial of service exploit.

tags | exploit, remote, denial of service
SHA-256 | b954b66b92fff6c7c4842db209961c835199a37a3c1bb75a49811ee6ddea2b88
ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting
Posted Aug 23, 2011
Authored by LiquidWorm | Site zeroscience.mk

ManageEngine ServiceDesk Plus version 8.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | c5e4aace24eeb232523198e9b9fbf7a3b8bc002a0ecc544c0dcfc4d68c940c72
ATutor 2.0.2 HTTP Response Splitting
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor version 2.0.2 suffers from a HTTP response splitting vulnerability.

tags | exploit, web
SHA-256 | da8399ab3bad548b518a4945303c6c748c100bc0caaeae91414d81c717c8ce1e
ATutor 2.0.2 Cross Site Scripting / SQL Injection
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor version 2.0.2 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection
SHA-256 | 156e8ca29442c39dd68f426ab627536ea459ec2f62caf6d738900896523fcea0
ATutor AChecker 1.2 Cross Site Scripting / Path Disclosure
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor AChecker version 1.2 suffers from cross site scripting and path disclosure vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | f051fdf159320c7c589e285d8b88bea2bf95dbf5dda51944394344650d558b95
ATutor AChecker 1.2 SQL Injection
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor AChecker version 1.2 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | 69d0f7a89f886464429de2e220cc5aeecc1f9b05cd0e22b446911e96c541b9f1
ATutor AContent 1.1 Script Insertion
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor AContent version 1.1 suffers from a script insertion vulnerability.

tags | exploit
SHA-256 | a6be43d63054eb477eddea9f0ec640843c438d24439cee3724859cfa283bb118
ATutor AContent 1.1 / 1.3 Cross Site Scripting
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor AContent version 1.1 suffers from multiple cross site scripting vulnerabilities. This also affects version 1.3 as of 2014/01/05.

tags | exploit, vulnerability, xss
SHA-256 | 11f71a7a8fc1b6198d0accd72f3c4a62c57ad812171943bba7e230803cb30eff
ATutor AContent 1.1 SQL Injection
Posted Aug 6, 2011
Authored by LiquidWorm | Site zeroscience.mk

ATutor AContent version 1.1 suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
SHA-256 | f56291915b34b94f96cf88882cc5c3ad29f32c7cd6bb2be6f841ce2ae4b2f103
Digital Scribe 1.5 Cross Site Scripting
Posted Jul 31, 2011
Authored by LiquidWorm | Site zeroscience.mk

Digital Scribe version 1.5 suffers from multiple post cross site scripting vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.

tags | exploit, php, vulnerability, xss
SHA-256 | b4e758e765d3c3f1dd3bae0aeac26f05237bd21334ea75852e11273d369ff975
Page 1 of 4
Back1234Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close