Textpattern CMS 4.6.2 – Cross-site Request Forgery
October 25th, 2020 📆 | 7314 Views ⚑
# Exploit Title: Textpattern CMS 4.6.2 - Cross-site Request Forgery # Exploit Author: Alperen Ergel # Contact: @alpren_ae # Software
Browsing the "php" Tag
Tagged with: cms • cross • CrossSite • forgery • php • request • textpattern • webapps
Typesetter CMS 5.1 – Arbitrary Code Execution (Authenticated)
October 25th, 2020 📆 | 4713 Views ⚑
# Exploit Title: Typesetter CMS 5.1 - Arbitrary Code Execution # Exploit Author: Rodolfo "t0gu" Tavares # Contact: @t0guu (TW)
Tagged with: arbitrary • authenticated • cms • code • CVE-2020-25790 • execution • php • typesetter • webapps
Hostel Management System 2.1 – Cross Site Scripting (Multiple Fields)
October 25th, 2020 📆 | 5711 Views ⚑
# Exploit Title: PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, City # Google
Tagged with: cross • CVE-2020-25270 • fields • hostel • management • multiple • php • scripting • Site • system • webapps
Online Discussion Forum Site 1.0 – XSS in Messaging System
October 25th, 2020 📆 | 5122 Views ⚑
# Exploit Title: Online Discussion Forum Site 1.0 - XSS in Messaging System # Google Dork: N/A # Date: 2020-10-17
Tagged with: discussion • forum • messaging • online • php • Site • system • webapps • XSS
Online Job Portal 1.0 – Cross Site Scripting (Stored)
October 25th, 2020 📆 | 2956 Views ⚑
# Exploit Title: Online Job Portal 1.0 Cross Site Scripting (Stored) # Google Dork: N/A # Date: 2020/10/17 # Exploit
Tagged with: cross • Job • online • php • portal • scripting • Site • stored • webapps
Nagios XI 5.7.3 – ‘SNMP Trap Interface’ Authenticated SQL Injection
October 25th, 2020 📆 | 6100 Views ⚑
# Exploit Title: Nagios XI 5.7.3 - 'SNMP Trap Interface' Authenticated SQL Injection # Date: 10-18-2020 # Exploit Author: Matthew
Tagged with: authenticated • injection • interface • nagios • php • SNMP • SQL • Trap • webapps
WordPress Plugin Rest Google Maps
October 25th, 2020 📆 | 7482 Views ⚑
# Exploit Title: WordPress Rest Google Maps Plugin SQL Injection # Google Dork: inurl:index.php?rest_route=3D/wpgmza/ # Date: 2020-09-09 # Exploit Author:
Tagged with: google • maps • php • plugin • rest • webapps • wordpress
Mobile Shop System v1.0 – SQL Injection Authentication Bypass
October 25th, 2020 📆 | 2572 Views ⚑
# Title: Mobile Shop System v1.0 - SQLi lead to authentication bypass # Exploit Author: Moaaz Taha (0xStorm) # Date:
Tagged with: authentication • bypass • injection • mobile • php • Shop • SQL • system • V10 • webapps
RiteCMS 2.2.1 – Remote Code Execution (Authenticated)
October 25th, 2020 📆 | 2471 Views ⚑
# Exploit Title: RiteCMS 2.2.1 - Authenticated Remote Code Execution # Date: 2020-07-03 # Exploit Author: H0j3n # Vendor Homepage:
Tagged with: authenticated • code • execution • php • remote • ritecms • webapps
WordPress Plugin HS Brand Logo Slider 2.1 – ‘logoupload’ File Upload
October 25th, 2020 📆 | 8499 Views ⚑
# Exploit Title: WordPress Plugin HS Brand Logo Slider 2.1 - 'logoupload' File Upload # Date: 2020-10-20 # Exploit Author:
Tagged with: brand • File • Logo • logoupload • php • plugin • slider • upload • webapps • wordpress
User Registration & Login and User Management System With admin panel 2.1 – Persistent XSS
October 24th, 2020 📆 | 3561 Views ⚑
# Exploit Title: User Registration & Login and User Management System With admin panel 2.1 - Persistent XSS # Google
Tagged with: admin • login • management • panel • persistent • php • registration • system • user • webapps • XSS
Visitor Management System in PHP 1.0 – SQL Injection (Authenticated)
October 24th, 2020 📆 | 5472 Views ⚑
# Title: Visitor Management System in PHP 1.0 - Authenticated SQL Injection # Exploit Author: Rahul Ramkumar # Date: 2020-09-16
Tagged with: authenticated • injection • management • php • SQL • system • visitor • webapps
Ultimate Project Manager CRM PRO Version 2.0.5 – SQLi (Authenticated)
October 24th, 2020 📆 | 7898 Views ⚑
# Exploit Title: Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage # Date: 2020-16-09 # Exploit Author: nag0mez
Tagged with: authenticated • CRM • manager • php • Pro • project • SQLi • ultimate • version • webapps
Loan Management System 1.0 – Multiple Cross Site Scripting (Stored)
October 24th, 2020 📆 | 5415 Views ⚑
# Exploit Title: Loan Management System 1.0 - Multiple Cross Site Scripting (Stored) # Google Dork: N/A # Date: 2020/10/19
Tagged with: cross • Loan • management • multiple • php • scripting • Site • stored • system • webapps
WordPress Plugin WP Courses
October 24th, 2020 📆 | 4020 Views ⚑
# Exploit Title: WP Courses < 2.0.29 - Broken Access Controls leading to Courses Content Disclosure # Exploit Author: Stefan
Tagged with: courses • php • plugin • webapps • wordpress
Tiki Wiki CMS Groupware 21.1 – Authentication Bypass
October 24th, 2020 📆 | 3487 Views ⚑
# Exploit Title: Tiki Wiki CMS Groupware 21.1 - Authentication Bypass # Date: 01.08.2020 (1st August 2020) # Exploit Author:
Tagged with: authentication • bypass • cms • groupware • php • Tiki • webapps • Wiki
Stock Management System 1.0 – ‘Categories Name’ Persistent Cross-Site Scripting
October 24th, 2020 📆 | 8050 Views ⚑
# Exploit Title: Stock Management System 1.0 - Persistent Cross-Site Scripting (Categories Name) # Exploit Author: Adeeb Shah (@hyd3sec) #
Tagged with: categories • cross • CrossSite • management • persistent • php • scripting • stock • system • webapps
Stock Management System 1.0 – ‘Product Name’ Persistent Cross-Site Scripting
October 24th, 2020 📆 | 1648 Views ⚑
# Exploit Title: Stock Management System 1.0 - Persistent Cross-Site Scripting (Product Name) # Exploit Author: Adeeb Shah (@hyd3sec) #
Tagged with: cross • CrossSite • management • persistent • php • product • scripting • stock • system • webapps
GOautodial 4.0 – Authenticated Shell Upload
October 24th, 2020 📆 | 2802 Views ⚑
# Exploit Title: GOautodial 4.0 - Authenticated Shell Upload # Author: Balzabu # Discovery Date: 07-23-2020 # Vendor Homepage: https://goautodial.org/
Tagged with: authenticated • goautodial • php • shell • upload • webapps
Car Rental Management System 1.0 – Arbitrary File Upload
October 24th, 2020 📆 | 3850 Views ⚑
# Exploit Title: Car Rental Management System 1.0 - Arbitrary File Upload # Date: 22-10-2020 # Exploit Author: Jyotsna Adhana
Tagged with: arbitrary • Car • File • management • php • rental • system • upload • webapps
Stock Management System 1.0 – ‘brandId and categoriesId’ SQL Injection
October 24th, 2020 📆 | 4508 Views ⚑
# Exploit Title: Stock Management System 1.0 - SQL Injection # Dork: N/A # Date: 2020-10-22 # Exploit Author: Ihsan
Tagged with: brandid • categoriesid • injection • management • php • SQL • stock • system • webapps
Bludit 3.9.2 – Auth Bruteforce Bypass
October 24th, 2020 📆 | 3973 Views ⚑
#!/usr/bin/python3 # Exploit ## Title: Bludit < = 3.9.2 - Bruteforce Mitigation Bypass ## Author: ColdFusionX (Mayank Deshmukh) ## Author
Tagged with: Auth • bludit • bruteforce • bypass • CVE-2019-17240 • php • webapps
Online Library Management System 1.0 – Arbitrary File Upload
October 24th, 2020 📆 | 5562 Views ⚑
# Exploit Title: Online Library Management System 1.0 - Arbitrary File Upload # Date: 22-10-2020 # Exploit Author: Jyotsna Adhana
Tagged with: arbitrary • File • library • management • online • php • system • upload • webapps
TextPattern CMS 4.8.3 – Remote Code Execution (Authenticated)
October 24th, 2020 📆 | 2908 Views ⚑
#!/usr/bin/python3 # Exploit Title: TextPattern < = 4.8.3 - Authenticated Remote Code Execution via Unrestricted File Upload # Google Dork:
Tagged with: authenticated • cms • code • execution • php • remote • textpattern • webapps
Popular
FIN11 uncovered: Hacking group promoted to financial… October 14, 2020 Versatile threat actors are the first cybercrime gang to win…
Apple pays $288,000 to white-hat hackers who had run… October 9, 2020 Nick Wright. Used by permission. For months, Apple’s corporate network…
ZeroLogon vulnerability being actively exploited September 28, 2020 Microsoft has revealed it has discovered threat actors using exploits…
Why You Should Stop Using SMS Security Codes—Even On… October 11, 2020 Apple iMessage Facebook, PayPal, Microsoft, Twitter, Sony, Uber, Dropbox, Amazon...…
A Critical Look At Nano-X Imaging – Disruptive… October 15, 2020 Editor's note: Seeking Alpha is proud to welcome Sustainable Equity…
UHS hospital network hit by ransomware attack September 28, 2020 Universal Health Services (UHS), a Fortune 500 company and one…
Hedge Funds Are Bullish On dMY Technology Group, Inc. (DMYT) October 7, 2020 The latest 13F reporting period has come and gone, and…
Members
Comments