• DVWA
    • DVWA – Setup
    • DVWA – File Upload + Bonus XSS
    • DVWA – Command Injection
    • DVWA – SQL injection + Blind + Bonus XSS
    • DVWA – XSS Reflected
  • Exploits
    • WP Marketplace 2.4.0 Remote Code Execution (Add WP Admin)
    • WordPress Download Manager Remote Code Execution (Add WP Admin)
    • WordPress WP Symposium 14.11 Shell Upload Vulnerability
    • WordPress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability
    • Joomla HD FLV Player Arbitrary File Download Vulnerability
    • Joomla HD FLV Player 2.1.0.1 and belowSQL Injection Vulnerability
    • Joomla RD Download Sql Injection
    • WordPress and Joomla Creative Contact Form Unauthenticated Shell Upload
    • Drupal 7 Sql Injection SA-CORE-2014-005 CVE-2014-3704
    • IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection exploit
    • Gnu Bash 4.3 and below Cgi Scan + Remote Command Injection Exploit
    • Joomla Face Gallery 1.0 Multiple Vulnerabilities
    • Joomla Mac Gallery 1.5 and below Arbitrary File Download vulnerability
    • WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit + Demo
    • Joomla Spider Contacts 1.3.6 Injection vulnerability
    • Joomla Spider Calendar 3.2.6 SQL Injection Exploit + Demo
    • NRPE <= 2.15 Remote Command Execution Exploit
  • Vuln. discovered
    • WP Fast Cache 1.4 and below CSRF Stored/Reflected XSS
    • WordPress Video Gallery 2.8 Unprotected Mail Page
    • WordPress NEX-Forms 3.0 SQL Injection Vulnerability
    • WordPress Ajax Store Locator SQL Injection Vulnerability
    • WordPress Video Gallery 2.8 SQL Injection Vulnerability
    • WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability
    • WordPress Duplicator 0.5.14 SQL Injection Vulnerability
    • WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability
    • WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability
    • WordPress Video Gallery 2.7 SQL Injection
    • WordPress WP Symposium 14.11 Shell Upload Vulnerability
    • WordPress Ajax Store Locator Arbitrary File Download Vulnerability
    • WordPress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability
    • WordPress wpDataTables SQL Injection Vulnerability
    • Joomla HD FLV Player Arbitrary File Download Vulnerability
    • Joomla HD FLV Player 2.1.0.1 and belowSQL Injection Vulnerability
    • Joomla RD Download Sql Injection
    • WordPress CP Multi View Event Calendar 1.01 Sql Injection
    • Joomla Face Gallery 1.0 Multiple Vulnerabilities
    • Joomla Mac Gallery 1.5 and below Arbitrary File Download vulnerability
    • Joomla Spider Contacts 1.3.6 SQL Injection vulnerability
    • Joomla Spider Calendar 3.2.6 SQL Injection Exploit + Demo
    • WordPress Spider Facebook 1.0.8 Authenticated SQL Injection
    • WordPress Huge-IT Image Gallery 1.0.1 SQL Injection
    • WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability
    • Joomla Spider video player 2.8.3 SQL Injection
    • WordPress GB Gallery Slideshow 1.5 Authenticated SQL Injection
    • WordPress 3.x, 4.x Path Traversal + Directory Listing + File Deletion
    • WordPress Gmedia Gallery 1.2.1 Shell Upload Vulnerability
    • WordPress Slider <= 4.1.4 Arbitrary File Download vulnerability
    • WordPress Video Gallery 2.5 SQL Injection/XSS Vulnerabilities
    • WordPress Gallery Objects 0.4 SQL Injection
    • WordPress Tidio Gallery 1.1 Shell Upload and XSS Vulnerabilities
    • WordPress Download Manager 2.6.8 Shell Upload Vulnerability
    • WordPress BSK PDF Manager 1.3.2 SQL Injection
    • WordPress Compfight <= 1.4 Authenticated Reflected XSS Vulnerability
  • Tools
    • WordBRUTEpress v1.1 – WordPress Brute Force
    • aLFIscanner v1.0 – An0th3r LFI sC4Nn3r
  • Penetration Testing
  • Security

HomeLab IT

Security Blog by Claudio Viviani

Supporta il Blog, acquista i prodotti Amazon da qui:

HomeLab IT Amazon Banner
 

Menu

Skip to content
  • DVWA
    • DVWA – Setup
    • DVWA – File Upload + Bonus XSS
    • DVWA – Command Injection
    • DVWA – SQL injection + Blind + Bonus XSS
    • DVWA – XSS Reflected
  • Exploits
    • WP Marketplace 2.4.0 Remote Code Execution (Add WP Admin)
    • WordPress Download Manager Remote Code Execution (Add WP Admin)
    • WordPress WP Symposium 14.11 Shell Upload Vulnerability
    • WordPress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability
    • Joomla HD FLV Player Arbitrary File Download Vulnerability
    • Joomla HD FLV Player 2.1.0.1 and belowSQL Injection Vulnerability
    • Joomla RD Download Sql Injection
    • WordPress and Joomla Creative Contact Form Unauthenticated Shell Upload
    • Drupal 7 Sql Injection SA-CORE-2014-005 CVE-2014-3704
    • IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection exploit
    • Gnu Bash 4.3 and below Cgi Scan + Remote Command Injection Exploit
    • Joomla Face Gallery 1.0 Multiple Vulnerabilities
    • Joomla Mac Gallery 1.5 and below Arbitrary File Download vulnerability
    • WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit + Demo
    • Joomla Spider Contacts 1.3.6 Injection vulnerability
    • Joomla Spider Calendar 3.2.6 SQL Injection Exploit + Demo
    • NRPE <= 2.15 Remote Command Execution Exploit
  • Vuln. discovered
    • WP Fast Cache 1.4 and below CSRF Stored/Reflected XSS
    • WordPress Video Gallery 2.8 Unprotected Mail Page
    • WordPress NEX-Forms 3.0 SQL Injection Vulnerability
    • WordPress Ajax Store Locator SQL Injection Vulnerability
    • WordPress Video Gallery 2.8 SQL Injection Vulnerability
    • WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability
    • WordPress Duplicator 0.5.14 SQL Injection Vulnerability
    • WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability
    • WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability
    • WordPress Video Gallery 2.7 SQL Injection
    • WordPress WP Symposium 14.11 Shell Upload Vulnerability
    • WordPress Ajax Store Locator Arbitrary File Download Vulnerability
    • WordPress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability
    • WordPress wpDataTables SQL Injection Vulnerability
    • Joomla HD FLV Player Arbitrary File Download Vulnerability
    • Joomla HD FLV Player 2.1.0.1 and belowSQL Injection Vulnerability
    • Joomla RD Download Sql Injection
    • WordPress CP Multi View Event Calendar 1.01 Sql Injection
    • Joomla Face Gallery 1.0 Multiple Vulnerabilities
    • Joomla Mac Gallery 1.5 and below Arbitrary File Download vulnerability
    • Joomla Spider Contacts 1.3.6 SQL Injection vulnerability
    • Joomla Spider Calendar 3.2.6 SQL Injection Exploit + Demo
    • WordPress Spider Facebook 1.0.8 Authenticated SQL Injection
    • WordPress Huge-IT Image Gallery 1.0.1 SQL Injection
    • WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability
    • Joomla Spider video player 2.8.3 SQL Injection
    • WordPress GB Gallery Slideshow 1.5 Authenticated SQL Injection
    • WordPress 3.x, 4.x Path Traversal + Directory Listing + File Deletion
    • WordPress Gmedia Gallery 1.2.1 Shell Upload Vulnerability
    • WordPress Slider <= 4.1.4 Arbitrary File Download vulnerability
    • WordPress Video Gallery 2.5 SQL Injection/XSS Vulnerabilities
    • WordPress Gallery Objects 0.4 SQL Injection
    • WordPress Tidio Gallery 1.1 Shell Upload and XSS Vulnerabilities
    • WordPress Download Manager 2.6.8 Shell Upload Vulnerability
    • WordPress BSK PDF Manager 1.3.2 SQL Injection
    • WordPress Compfight <= 1.4 Authenticated Reflected XSS Vulnerability
  • Tools
    • WordBRUTEpress v1.1 – WordPress Brute Force
    • aLFIscanner v1.0 – An0th3r LFI sC4Nn3r
  • Penetration Testing
  • Security

Search:

Powered by Verbosa & WordPress.

About

Questo blog nasce con l'intento di archiviare i miei appunti/TEST.
I post tratteranno principalmente di sicurezza informatica ma con lo sguardo verso tutto il panorama IT .

Internet è condivisione, non scordiamolo mai....

MS15-034 HTTP.sys (IIS) DoS And Possible Remote Code Execution – AGGIORNAMENTO CRITICO

claudio 17 aprile 2015 Security0 Comments

IL 14 Aprile Microsoft ha rilasciato la patch MS15-034 per correre ai ripari a una nuova vulnerabilità che affligge la libreria HTTP.sys

Continue reading
 bug / exploit / Security / windows

Simple WordPress Xml-rpc Brute Force written in bash with cURL

claudio 16 aprile 2015 Linux / Penetration Testing / Security / Tools / Wordpress0 Comments

This is a simple Wordpress Xml-rpc Brute Force written in bash (cURL)

Continue reading

WordPress Ajax Store Locator SQL Injection Vulnerability

claudio 15 aprile 2015 archive_exploit / Vuln. discovered / Wordpress0 Comments

Wordpress Ajax Store Locator 1.2 and below suffers from Arbitrary SQL Injection Vulnerability

Continue reading
 bug / exploit / Security / wordpress

WordPress Video Gallery 2.8 SQL Injection Vulnerability

claudio 13 aprile 2015 archive_exploit / Vuln. discovered / Wordpress2 Comments

Wordpress Video Gallery 2.8 suffers from SQL Injection vulnerability.

Continue reading
 bug / exploit / Security / sql injection / wordpress

WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

claudio 12 aprile 2015 archive_exploit / Senza categoria / Vuln. discovered / Wordpress1 Comment

Wordpress N-Media Website Contact Form with File Upload 1.3.4 suffers from Shell Upload Vulnerability

Continue reading
 bug / exploit / Security / wordpress

WordPress Duplicator 0.5.14 SQL Injection Vulnerability

claudio 10 aprile 2015 archive_exploit / Vuln. discovered / Wordpress0 Comments

Wordpress Duplicator 0.5.14 SQL Injection Vulnerability

Continue reading
 bug / exploit / Security / wordpress

WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability

claudio 7 aprile 2015 archive_exploit / Senza categoria / Vuln. discovered / Wordpress1 Comment

Wordpress All In One WP Security & Firewall 3.9.0 sufferse from SQL Injection Vulnerability

Continue reading
 bug / exploit / Security / sql injection

WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability

claudio 4 aprile 2015 archive_exploit / Vuln. discovered / Wordpress0 Comments

Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability

Continue reading
 bug / exploit / Security / wordpress

WP Marketplace 2.4.0 Remote Code Execution (Add WP Admin)

claudio 24 marzo 2015 archive_exploit / Exploits / Wordpress0 Comments

Wordpress plugin “WP Marketplace” 2.4.0 suffers from Remote command Execution

Continue reading
 exploit / python / rce / Security / wordpress

WordPress Video Gallery 2.7 SQL Injection

claudio 11 febbraio 2015 archive_exploit / Exploits / Vuln. discovered / Wordpress2 Comments

# Exploit Title : Wordpress Video Gallery 2.7 SQL Injection Vulnerabilitiey

# Exploit Author : Claudio Viviani

Continue reading
 bug / exploit / Security / sql injection / wordpress

Navigazione articoli

1 2 3 4 5 … 12