VMWAre vCloud Director 9.7.0.15498291 – Remote Code Execution
June 6th, 2020 📆 | 2074 Views ⚑
*] *]# Exploit Title: VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution # Exploit Author: Tomas Melicher # Technical Details:
Browsing the "webapps" Tag
Tagged with: 15498291 • code • director • execution • Java • remote • vcloud • vmware • webapps
Navigate CMS 2.8.7 – Cross-Site Request Forgery (Add Admin)
June 6th, 2020 📆 | 5615 Views ⚑
# Exploit Title: Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin) # Date: 2020-06-04 # Exploit Author: Gus Ralph
Tagged with: Add • admin • cms • cross • CrossSite • forgery • navigate • php • request • webapps
Oriol Espinal CMS 1.0 – ‘id’ SQL Injection
June 6th, 2020 📆 | 8577 Views ⚑
# Exploit Title: Oriol Espinal CMS 1.0 - 'id' SQL Injection # Google Dork: inurl:/eotools_share/ # Date: 2020-06-03 # Exploit
Tagged with: cms • espinal • injection • oriol • php • SQL • webapps
Online Course Registration 1.0 – Authentication Bypass
June 6th, 2020 📆 | 2480 Views ⚑
# Exploit Title: Online Course Registration 1.0 - Authentication Bypass # Google Dork: N/A # Date: 2020-06-05 # Exploit Author:
Tagged with: authentication • bypass • course • online • php • registration • webapps
Online-Exam-System 2015 – ‘feedback’ SQL Injection
June 6th, 2020 📆 | 6036 Views ⚑
# Exploit Title: Online-Exam-System 2015 - 'feedback' SQL Injection # Date: 2020-06-04 # Exploit Author: Gus Ralph # Vendor Homepage:
Tagged with: feedback • injection • online • OnlineExamSystem • php • SQL • system • webapps
Navigate CMS 2.8.7 – ”sidx’ SQL Injection (Authenticated)
June 4th, 2020 📆 | 6162 Views ⚑
# Exploit Title: Navigate CMS 2.8.7 - ''sidx' SQL Injection (Authenticated) # Date: 2020-06-04 # Exploit Author: Gus Ralph #
Tagged with: authenticated • cms • injection • navigate • php • sidx • SQL • webapps
Clinic Management System 1.0 – Unauthenticated Remote Code Execution
June 4th, 2020 📆 | 7699 Views ⚑
# Exploit Title: Clinic Management System 1.0 - Unauthenticated Remote Code Execution # Google Dork: N/A # Date: 2020-06-02 #
Tagged with: clinic • code • execution • management • php • remote • system • unauthenticated • webapps
Hostel Management System 2.0 – ‘id’ SQL Injection (Unauthenticated)
June 4th, 2020 📆 | 7309 Views ⚑
# Exploit Title: Hostel Management System 2.0 - 'id' SQL Injection (Unauthenticated) # Date: 2020-06-02 # Exploit Author: Selim Enes
Tagged with: hostel • injection • management • php • SQL • system • unauthenticated • webapps
VMware vCenter Server 6.7 – Authentication Bypass
June 2nd, 2020 📆 | 5324 Views ⚑
# Exploit Title: VMware vCenter Server 6.7 - Authentication Bypass # Date: 2020-06-01 # Exploit Author: Photubias # Vendor Advisory:
Tagged with: authentication • bypass • CVE-2020-3952 • multiple • server • vcenter • vmware • webapps
QuickBox Pro 2.1.8 – Authenticated Remote Code Execution
June 2nd, 2020 📆 | 1600 Views ⚑
*] *]# Exploit Title: QuickBox Pro 2.1.8 - Authenticated Remote Code Execution # Date: 2020-05-26 # Exploit Author: s1gh #
Tagged with: authenticated • code • CVE-2020-13448 • execution • php • Pro • quickbox • remote • webapps
WordPress Plugin BBPress 2.5 – Unauthenticated Privilege Escalation
June 1st, 2020 📆 | 4804 Views ⚑
# Exploit Title: WordPress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation # Date: 2020-05-29 # Exploit Author: Raphael Karger #
Tagged with: bbpress • CVE-2020-13693 • escalation • php • plugin • privilege • unauthenticated • webapps • wordpress
Crystal Shard http-protection 0.2.0 – IP Spoofing Bypass
May 30th, 2020 📆 | 4616 Views ⚑
# Exploit Title : Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass # Exploit Author : Halis Duraki (@0xduraki) #
Tagged with: bypass • crystal • httpprotection • multiple • protection • shard • spoofing • webapps
WordPress Plugin Multi-Scheduler 1.0.0 – Cross-Site Request Forgery (Delete User)
May 30th, 2020 📆 | 1793 Views ⚑
# Exploit Title: WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User) # Google Dork: N/A # Date: 2020-05-21
Tagged with: cross • CrossSite • delete • forgery • multi • MultiScheduler • php • plugin • request • scheduler • user • webapps • wordpress
QNAP QTS and Photo Station 6.0.3 – Remote Command Execution
May 28th, 2020 📆 | 6075 Views ⚑
# Exploit Title: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution # Exploit Author: Yunus YILDIRIM (Th3Gundy) #
Tagged with: command • execution • photo • php • QNAP • QTS • remote • station • webapps
Online-Exam-System 2015 – ‘fid’ SQL Injection
May 28th, 2020 📆 | 2108 Views ⚑
# Exploit Title: Online-Exam-System 2015 - 'fid' SQL Injection # Exploit Author: Berk Dusunur # Google Dork: N/A # Type:
Tagged with: fid • injection • online • OnlineExamSystem • php • SQL • system • webapps
EyouCMS 1.4.6 – Persistent Cross-Site Scripting
May 28th, 2020 📆 | 2138 Views ⚑
# Exploit Title: EyouCMS 1.4.6 - Persistent Cross-Site Scripting # Date: 2020-05-28 # Exploit Author: China Banking and Insurance Information
Tagged with: cross • CrossSite • eyoucms • persistent • php • scripting • webapps
NOKIA VitalSuite SPM 2020 – ‘UserName’ SQL Injection
May 28th, 2020 📆 | 7526 Views ⚑
# Exploit Title: NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection # Exploit Author: Berk Dusunur # Google Dork: N/A
Tagged with: injection • multiple • nokia • spm • SQL • username • vitalsuite • webapps
WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 – Remote Code Execution
May 28th, 2020 📆 | 2617 Views ⚑
# Exploit Title: WordPress Plugin Drag and Drop File Upload Contact Form 1.3.3.2 - Remote Code Execution # Date: 2020-05-11
Tagged with: code • contact • Drag • Drop • execution • File • Form • php • plugin • remote • upload • webapps • wordpress
Pi-hole 4.4.0 – Remote Code Execution (Authenticated)
May 28th, 2020 📆 | 4304 Views ⚑
# Exploit Title: Pi-hole 4.4.0 - Remote Code Execution (Authenticated) # Date: 2020-05-22 # Exploit Author: Photubias # Vendor Advisory:
Tagged with: authenticated • code • CVE-2020-11108 • execution • linux • Pihole • remote • webapps
Joomla! Plugin XCloner Backup 3.5.3 – Local File Inclusion (Authenticated)
May 28th, 2020 📆 | 2874 Views ⚑
# Exploit Title: Joomla! Plugin XCloner Backup 3.5.3 - Local File Inclusion (Authenticated) # Date: 2020-05-10 # Exploit Author: Mehmet
Tagged with: authenticated • backup • File • inclusion • joomla • local • php • plugin • webapps • xcloner
OXID eShop 6.3.4 – ‘sorting’ SQL Injection
May 28th, 2020 📆 | 6087 Views ⚑
# Exploit Title: OXID eShop 6.3.4 - 'sorting' SQL Injection # Date: 2019-07-29 # Exploit Author: VulnSpy # Vendor Homepage:
Tagged with: eshop • injection • OXID • php • sorting • SQL • webapps
osTicket 1.14.1 – ‘Saved Search’ Persistent Cross-Site Scripting
May 28th, 2020 📆 | 6765 Views ⚑
# Exploit Title: osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting # Date: 2020-06-26 # Exploit Author: Matthew Aberegg #
Tagged with: cross • CrossSite • osticket • persistent • php • saved • scripting • search • webapps
osTicket 1.14.1 – ‘Ticket Queue’ Persistent Cross-Site Scripting
May 28th, 2020 📆 | 5156 Views ⚑
# Exploit Title: osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting # Date: 2020-05-26 # Exploit Author: Matthew Aberegg #
Tagged with: cross • CrossSite • osticket • persistent • php • queue • scripting • ticket • webapps
LimeSurvey 4.1.11 – ‘Permission Roles’ Persistent Cross-Site Scripting
May 28th, 2020 📆 | 3730 Views ⚑
# Exploit Title: LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting # Date: 05/26/2020 # Exploit Author: Matthew Aberegg #
Tagged with: cross • CrossSite • limesurvey • permission • persistent • php • roles • scripting • webapps
Popular
Twitter warns of legacy site theme shutting down on June 1 May 8, 2020 Twitter is warning users impersonating unsupported browsers to enable the…
Turla hacker group steals antivirus logs to see if… May 26, 2020 Cyberwar and the Future of Cybersecurity Today's security threats have…
Fired scientist back to peddling anti-vaxx COVID-19… May 8, 2020 Enlarge / After her research career effectively ended, Dr. Judy…
New ‘Aria-body’ backdoor gets advanced hackers back… May 7, 2020 An advanced hacker group running cyber-espionage campaigns since at least 2010…
Microsoft Windows – ‘SMBGhost’… June 2, 2020 #!/usr/bin/env python ''' # EDB Note ~ Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48537.zip #…
Where I get my DARK WEB LINKS! May 23, 2020 Yes, this is the video where I show you how…
Activate Microsoft Office 2019 & Office365 With… May 24, 2020 Activate Microsoft Office 2019 (CMD) ================= Press Here !!! IF…
Members
Comments