Skip to content

Search:

  • DVWA
    • DVWA – Setup
    • DVWA – File Upload + Bonus XSS
    • DVWA – Command Injection
    • DVWA – SQL injection + Blind + Bonus XSS
    • DVWA – XSS Reflected
  • Exploits
    • WP Marketplace 2.4.0 Remote Code Execution (Add WP Admin)
    • WordPress Download Manager Remote Code Execution (Add WP Admin)
    • WordPress WP Symposium 14.11 Shell Upload Vulnerability
    • WordPress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability
    • Joomla HD FLV Player Arbitrary File Download Vulnerability
    • Joomla HD FLV Player 2.1.0.1 and belowSQL Injection Vulnerability
    • Joomla RD Download Sql Injection
    • WordPress and Joomla Creative Contact Form Unauthenticated Shell Upload
    • Drupal 7 Sql Injection SA-CORE-2014-005 CVE-2014-3704
    • IPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection exploit
    • Gnu Bash 4.3 and below Cgi Scan + Remote Command Injection Exploit
    • Joomla Face Gallery 1.0 Multiple Vulnerabilities
    • Joomla Mac Gallery 1.5 and below Arbitrary File Download vulnerability
    • WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit + Demo
    • Joomla Spider Contacts 1.3.6 Injection vulnerability
    • Joomla Spider Calendar 3.2.6 SQL Injection Exploit + Demo
    • NRPE <= 2.15 Remote Command Execution Exploit
  • Vuln. discovered
    • WP Fast Cache 1.4 and below CSRF Stored/Reflected XSS
    • WordPress Video Gallery 2.8 Unprotected Mail Page
    • WordPress NEX-Forms 3.0 SQL Injection Vulnerability
    • WordPress Ajax Store Locator SQL Injection Vulnerability
    • WordPress Video Gallery 2.8 SQL Injection Vulnerability
    • WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability
    • WordPress Duplicator 0.5.14 SQL Injection Vulnerability
    • WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability
    • WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability
    • WordPress Video Gallery 2.7 SQL Injection
    • WordPress WP Symposium 14.11 Shell Upload Vulnerability
    • WordPress Ajax Store Locator Arbitrary File Download Vulnerability
    • WordPress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability
    • WordPress wpDataTables SQL Injection Vulnerability
    • Joomla HD FLV Player Arbitrary File Download Vulnerability
    • Joomla HD FLV Player 2.1.0.1 and belowSQL Injection Vulnerability
    • Joomla RD Download Sql Injection
    • WordPress CP Multi View Event Calendar 1.01 Sql Injection
    • Joomla Face Gallery 1.0 Multiple Vulnerabilities
    • Joomla Mac Gallery 1.5 and below Arbitrary File Download vulnerability
    • Joomla Spider Contacts 1.3.6 SQL Injection vulnerability
    • Joomla Spider Calendar 3.2.6 SQL Injection Exploit + Demo
    • WordPress Spider Facebook 1.0.8 Authenticated SQL Injection
    • WordPress Huge-IT Image Gallery 1.0.1 SQL Injection
    • WordPress Slideshow Gallery 1.4.6 Shell Upload Vulnerability
    • Joomla Spider video player 2.8.3 SQL Injection
    • WordPress GB Gallery Slideshow 1.5 Authenticated SQL Injection
    • WordPress 3.x, 4.x Path Traversal + Directory Listing + File Deletion
    • WordPress Gmedia Gallery 1.2.1 Shell Upload Vulnerability
    • WordPress Slider <= 4.1.4 Arbitrary File Download vulnerability
    • WordPress Video Gallery 2.5 SQL Injection/XSS Vulnerabilities
    • WordPress Gallery Objects 0.4 SQL Injection
    • WordPress Tidio Gallery 1.1 Shell Upload and XSS Vulnerabilities
    • WordPress Download Manager 2.6.8 Shell Upload Vulnerability
    • WordPress BSK PDF Manager 1.3.2 SQL Injection
    • WordPress Compfight <= 1.4 Authenticated Reflected XSS Vulnerability
  • Tools
    • WordBRUTEpress v1.1 – WordPress Brute Force
    • aLFIscanner v1.0 – An0th3r LFI sC4Nn3r
  • Penetration Testing
  • Security
  • Recommended Links
    • Decoder’s Blog
    • Fabio Natalucci
    • Andrea Draghetti
    • Voidsec
    • KNX Security
    • g0blin Research

HomeLab IT

Security Blog by Claudio Viviani

21 aprile 201521 aprile 2015

WordPress NEX-Forms 3.0 SQL Injection Vulnerability

Posted in archive_exploit, Vuln. discovered, Wordpress by claudio 1 commento su WordPress NEX-Forms 3.0 SQL Injection Vulnerability

Wordpress NEX-Forms Ultimate Form builder 3.0 suffers from SQL Injection Vulnerability

Read More
18 aprile 2015

CoinVault ransomware: come (provare a) recuperare i files criptati

Posted in Security, windows by claudio Leave a Comment on CoinVault ransomware: come (provare a) recuperare i files criptati

Siete stati infetti dal ransomware Coinvault e state cercando il modo di recuperare i files criptati? Questa guida passo passo fa proprio al caso vostro.
Buona lettura e soprattutto…Buona Fortuna!

Read More
17 aprile 201517 aprile 2015

MS15-034 HTTP.sys (IIS) DoS And Possible Remote Code Execution – AGGIORNAMENTO CRITICO

Posted in Security by claudio Leave a Comment on MS15-034 HTTP.sys (IIS) DoS And Possible Remote Code Execution – AGGIORNAMENTO CRITICO

IL 14 Aprile Microsoft ha rilasciato la patch MS15-034 per correre ai ripari a una nuova vulnerabilità che affligge la libreria HTTP.sys

Read More
16 aprile 201516 aprile 2015

Simple WordPress Xml-rpc Brute Force written in bash with cURL

Posted in Linux, Penetration Testing, Security, Tools, Wordpress by claudio Leave a Comment on Simple WordPress Xml-rpc Brute Force written in bash with cURL

This is a simple Wordpress Xml-rpc Brute Force written in bash (cURL)

Read More
15 aprile 201515 aprile 2015

WordPress Ajax Store Locator SQL Injection Vulnerability

Posted in archive_exploit, Vuln. discovered, Wordpress by claudio Leave a Comment on WordPress Ajax Store Locator SQL Injection Vulnerability

Wordpress Ajax Store Locator 1.2 and below suffers from Arbitrary SQL Injection Vulnerability

Read More
13 aprile 201515 aprile 2015

WordPress Video Gallery 2.8 SQL Injection Vulnerability

Posted in archive_exploit, Vuln. discovered, Wordpress by claudio 2 commenti su WordPress Video Gallery 2.8 SQL Injection Vulnerability

Wordpress Video Gallery 2.8 suffers from SQL Injection vulnerability.

Read More
12 aprile 201515 aprile 2015

WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

Posted in archive_exploit, Senza categoria, Vuln. discovered, Wordpress by claudio 1 commento su WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

Wordpress N-Media Website Contact Form with File Upload 1.3.4 suffers from Shell Upload Vulnerability

Read More
10 aprile 201515 aprile 2015

WordPress Duplicator 0.5.14 SQL Injection Vulnerability

Posted in archive_exploit, Vuln. discovered, Wordpress by claudio Leave a Comment on WordPress Duplicator 0.5.14 SQL Injection Vulnerability

Wordpress Duplicator 0.5.14 SQL Injection Vulnerability

Read More
7 aprile 201515 aprile 2015

WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability

Posted in archive_exploit, Senza categoria, Vuln. discovered, Wordpress by claudio 1 commento su WordPress All In One WP Security & Firewall 3.9.0 SQL Injection Vulnerability

Wordpress All In One WP Security & Firewall 3.9.0 sufferse from SQL Injection Vulnerability

Read More
4 aprile 201515 aprile 2015

WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability

Posted in archive_exploit, Vuln. discovered, Wordpress by claudio Leave a Comment on WordPress Work the flow file upload 2.5.2 Shell Upload Vulnerability

Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability

Read More

Navigazione articoli

Articoli meno recenti
Articoli seguenti

Supporta il Blog, acquista i prodotti Amazon da qui:

HomeLab IT Amazon Banner

About

Questo blog nasce con l'intento di archiviare i miei appunti/TEST.
I post tratteranno principalmente di sicurezza informatica ma con lo sguardo verso tutto il panorama IT .

Internet è condivisione, non scordiamolo mai....
↑
Proudly powered by imrohan