what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 26 - 28 of 28

Files Date: 2016-03-31 to 2016-03-31

Axil CMS 0.1 SQL Injection

Posted Mar 31, 2016

Authored by T3NZOG4N, Mojtaba MobhaM

Axil CMS version 0.1 suffers from a remote SQL injection vulnerability that allows for login bypass.

tags | exploit, remote, sql injection

SHA-256 | a72259e5a0cc0fc7e03db97358db172b5f910222cde66c42f2396e56eb331e76

Download | Favorite | View

Axil CMS 3.0 Cross Site Scripting

Posted Mar 31, 2016

Authored by T3NZOG4N, Mojtaba MobhaM

Axil CMS version 3.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss

SHA-256 | 28dfa34c5386042c24410347c2d8aaacb98e1900a84886175e524c05fd4214b7

Download | Favorite | View

Apache Jetspeed Arbitrary File Upload

Posted Mar 31, 2016

Authored by wvu, Andreas Lindh | Site metasploit.com

This Metasploit module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, versions 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file upload clobbered the web interface beyond repair. No workaround has been found yet. Use this module at your own risk. No check will be implemented.

tags | exploit, web, shell, file upload

advisories | CVE-2016-0709, CVE-2016-0710

SHA-256 | f98ee50658aec27fea6e1325e83c5d9c0afefcbe8bf5d2b5dab9fa93e03887b6

Download | Favorite | View