Showing 1 - 15 of 15

Files Date: 2015-09-16

.NET MVC Denial Of Service: Posted Sep 16, 2015; Authored by Roberto Suggi Liverani | Site blog.malerisch.net; Microsoft released a security bulletin (MS15-101) describing a .NET MVC denial of service vulnerability. This post analyzes the vulnerability in detail, starting from the theory and then providing a PoC exploit against a MVC web application developed with Visual Studio 2013.; tags | exploit, web, denial of service; advisories | CVE-2015-2526; SHA-256 | 55d8209e7983e84bd1e4c26a7391e903dbc491657d32f7b08b0c81b8bfb845bd; Download | Favorite | View

Zen Cart 1.5.4 Code Execution / Information Disclosure: Posted Sep 16, 2015; Authored by Tim Coen | Site curesec.com; Zen Cart version 1.5.4 suffers from code execution and information leakage vulnerabilities.; tags | exploit, vulnerability, code execution; SHA-256 | f8866420a805576431fdb7207fffbcffe85042c52e1e73441a6a07ace4451ca4; Download | Favorite | View

Kirby CMS 2.1.0 Authentication Bypass / Traversal: Posted Sep 16, 2015; Authored by Dawid Golunski; Kirby CMS versions 2.1.0 and below suffer from an authentication bypass vulnerability via path traversal.; tags | exploit, bypass, file inclusion; SHA-256 | 1bb3efe2cbba1438b53a1927c92e2b5311bd0d77bbfc50ad60673508d8670f21; Download | Favorite | View

ZeusCart 4.0 Code Execution: Posted Sep 16, 2015; Authored by Tim Coen | Site curesec.com; ZeusCart version 4.0 suffers from a remote code execution vulnerability.; tags | exploit, remote, code execution; SHA-256 | c35ab718390825f8b42f8a4a4483a7f60476a0d3121add71c4e3f568df585dda; Download | Favorite | View

Kirby CMS 2.1.0 CSRF / Shell Upload: Posted Sep 16, 2015; Authored by Dawid Golunski; Kirby CMS versions 2.1.0 and below suffer from cross site request forgery and remote shell upload vulnerabilities.; tags | exploit, remote, shell, vulnerability, csrf; SHA-256 | 80c763cf1e6a51e5e12403863882e4c9a30a3f2bb3fed73058ff2d71eab9e308; Download | Favorite | View

Anchor CMS 0.9.2 Cross Site Scripting / Open Redirect: Posted Sep 16, 2015; Authored by Tim Coen | Site curesec.com; Anchor CMS version 0.9.2 suffers from cross site scripting and open redirect vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | e345f208ad4f6300729da8e9a40758c596baa7f9ad94e75c290b7ba80e732fac; Download | Favorite | View

ZeusCart 4.0 Cross Site Request Forgery: Posted Sep 16, 2015; Authored by Tim Coen | Site curesec.com; ZeusCart version 4.0 suffers from a cross site request forgery vulnerability.; tags | exploit, csrf; SHA-256 | 771519055f7e723be693a425f66ab32548b118fc59d70388e3cd5e72b4f840e3; Download | Favorite | View

ManageEngine EventLog Analyzer 10.6 Build 10060 SQL Query Execution: Posted Sep 16, 2015; Authored by xistence; ManageEngine EventLog Analyzer version 10.6 build 10060 suffers from a SQL query execution vulnerability.; tags | exploit, sql injection; SHA-256 | e43184b3c2e6936208082a4f3f3c97ec7847e32991323e490bc64eafefc58612; Download | Favorite | View

ManageEngine OpManager 11.5 Hardcoded Credential / SQL Bypass: Posted Sep 16, 2015; Authored by xistence; ManageEngine OpManager versions 11.5 and below suffer from SQL query protection bypass and has hard-coded credentials.; tags | exploit; SHA-256 | 14e7eded55b53f71e7a0c1efbb36f40694306d92477d8cda6fe7cfc83868d93e; Download | Favorite | View

WordPress WP-Shop 3.4.3.18 Cross Site Scripting: Posted Sep 16, 2015; Authored by Amir.ght; WordPress WP-Shop plugin version 3.4.3.18 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 8e467f8310d520fe065b659a6179c67ab26cf7b583939831ed7067137042878f; Download | Favorite | View

ZeusCart 4.0 SQL Injection: Posted Sep 16, 2015; Authored by Tim Coen | Site curesec.com; ZeusCart version 4.0 suffers from multiple remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, sql injection; SHA-256 | 697b97adaa89ee192ed007e1190e65eff68e799ae2b4593d76df1864548cf546; Download | Favorite | View

ZeusCart 4.0 Cross Site Scripting: Posted Sep 16, 2015; Authored by Tim Coen | Site curesec.com; ZeusCart version 4.0 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | a49dd4dc54a291a941b5050448afff0a8a1e9910a1cc60b6e4989cf537ec3d2f; Download | Favorite | View

WordPress xPinner Lite 2.2 Cross Site Request Forgery / Cross Site Scripting: Posted Sep 16, 2015; Authored by Amir.ght; WordPress xPinner plugin version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, csrf; SHA-256 | ded312a6c8bb5a97b7c6f891d95948a49bec9979cbf517dfa78db5d3bbfb8ffd; Download | Favorite | View

WordPress ALO EasyMail Newsletter 2.6 CSRF / Cross Site Scripting: Posted Sep 16, 2015; Authored by Amir.ght; WordPress ALO EasyMail Newsletter plugin version 2.6 suffers from cross site request forgery and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, csrf; SHA-256 | 628f45f98d4906b0043d836c1f0551d2cdbdd07a8f25c25fa382bfc7a8c259fe; Download | Favorite | View

Weeman Phishing HTTP Server: Posted Sep 16, 2015; Authored by Hypsurus; Weeman is a simple HTTP server using python that creates a phishing pages, takes data from the user, and will try to login as the user to the original website.; tags | tool, web, python; systems | unix; SHA-256 | 15ddd1b5bf4aaccca6b413b7d81a75cc1c821415ce3fcd789d5e24a0d8e5c703; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days