exploit Archives — Page 10 of 11

Zechat 1.5 – SQL Injection / Cross-Site Request Forgery

May 22, 2018 Admin

# Exploit Title: Zechat 1.5 – ‘hashtag’ / ‘v’ SQL Injection / Cross site request forgery # Date: 2018-05-22 # Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com # Vendor Homepage: https://bylancer.com # Version: 1.5 # […]

PaulPrinting CMS Printing 1.0 – SQL Injection

May 22, 2018 Admin

# Exploit Title: PaulPrinting CMS Printing 1.0 – SQL Injection # Exploit Date: 2018-05-19 # Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365 # Author: Mehmet Onder Key # Version: 1.0 # Tested On: Linux # 1. Description # Any […]

Nordex N149/4.0-4.5 – SQL Injection

May 22, 2018 Admin

# Exploit Title: Nordex N149/4.0-4.5 Wind Turbine Web Server – SQL Injection # Date: 21-05-2018 # Exploit Author: t4rkd3vilz # Vendor Homepage: http://www.nordex-online.com # Tested on: Windows # Version: N149/4.0-4.5 Wind Turbine # Category: webapps […]

Merge PACS 7.0 – Cross-Site Request Forgery

May 21, 2018 Admin

# Exploit Title: Merge PACS 7.0 – Cross-Site Request Forgery # Google Dork: – # Date: 2018-05-21 # Exploit Author: Safak Aslan # Vendor Homepage: http://www.merge.com/ # Version: Merge PACS 7.0 # Tested on: Windows […]

Infinity Market Classified Ads Script 1.6.2 – Cross-Site Request Forgery

May 18, 2018 Admin

# Exploit Title: Infinity Market Classified Ads Script 1.6.2 – Cross-Site Request Forgery # Date: 2018-05-18 # Exploit Author: L0RD # Vendor Homepage: https://codecanyon.net/item/classifieds-multipurpose-portal-infinity-market/16572285?s_rank=1520 # Version: 1.6.2 # Tested on: Kali linux # Description : […]

Nanopool Claymore Dual Miner 7.3 – Remote Code Execution

May 17, 2018 Admin

# Exploit Title: Nanopool Claymore Dual Miner >= 7.3 Remote Code Execution # Date: 2018/02/09 # Exploit Author: ReverseBrain # Vendor Homepage: https://nanopool.org/ # Software Link: https://github.com/nanopool/Claymore-Dual-Miner # Version: 7.3 and later # Tested on: […]

RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scriptin

May 17, 2018 Admin

SEC Consult Vulnerability Lab Security Advisory < 20180516-0 > ======================================================================= title: XXE & XSS vulnerabilities product: RSA Authentication Manager vulnerable version: 8.2.1.4.0-build1394922, < 8.3 P1 fixed version: 8.3 P1 and later CVE number: CVE-2018-1247 impact: […]

Multiplayer BlackJack Online Casino Game 2.5 – Persistent Cross-Site Scripting

May 17, 2018 Admin

# Exploit Title: Multiplayer BlackJack – Online Casino Game 2.5 – Persistent Cross-Site scripting # Date: 2018-05-16 # Exploit Author: L0RD # Vendor Homepage: https://codecanyon.net/item/multiplayer-blackjack-online-casino-game/15411706?s_rank=1628 # CVE: N/A # Version: 2.5 # Description : Multiplayer […]

MyBB Admin Notes Plugin 1.1 – Cross-Site Request Forgery

May 17, 2018 Admin

# Exploit Title: MyBB Admin Notes Plugin – CSRF # Date: 2018-05-14 # Author: 0xB9 # Contact: luxorforums.com/User-0xB9 or 0xB9[at]pm.me # Software Link: https://community.mybb.com/mods.php?action=view&pid=1106 # Version: 1.1 # Tested on: Ubuntu 18.04 # 1. Description: […]

WordPress Plugin Metronet Tag Manager 1.2.7 – Cross-Site Request Forgery

May 17, 2018 Admin

<!– Details ================ Software: Metronet Tag Manager Version: 1.2.7 Homepage: https://wordpress.org/plugins/metronet-tag-manager/ Advisory report: https://advisories.dxw.com/advisories/csrf-metronet-tag-manager/ CVE: Awaiting assignment CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N) Description ================ CSRF in Metronet Tag Manager allows anybody to do almost anything an […]