what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 4 of 4

Files from Simon Waters

CivicRM 4.7b3 SQL Injection

Posted Apr 10, 2016

Authored by Simon Waters

CivicRM version 4.7b3 suffers from a remote blind SQL injection vulnerability.

tags | exploit, remote, sql injection

SHA-256 | b46c1c9644858cd9f5157a2a8c9b025f2d88d4276e0161fedcc1aa49d74ea152

Download | Favorite | View

Open Real Estate 1.15.1 XSS / SQL Injection / Weak Hashing

Posted Feb 8, 2016

Authored by Simon Waters

Open Real Estate version 1.15.1 suffers from weak password hashing, cross site scripting, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, xss, sql injection

SHA-256 | 5056163ea8c485c04c1bc20b6a2ada1433509338178bc12d85a7d117dcaa4188

Download | Favorite | View

OpenFire XMPP 3.9.3 Certificate Handling

Posted Apr 24, 2015

Authored by Simon Waters, Kim Alvefur

OpenFire XMPP versions 3.9.3 and below incorrectly accepts self-signed certificates potentially allowing for spoofing attacks.

tags | advisory, spoof

advisories | CVE-2014-3451, CVE-2015-2080

SHA-256 | d26c2fe0c0cc3b4027d438b3b2eba60b5fcea46aa1cc48496aed16c4a47ece9e

Download | Favorite | View

Berta CMS File Upload Bypass

Posted Mar 26, 2015

Authored by Simon Waters

Berta CMS versions prior to 0.8.10b suffer from an issues where images with a ".php" extension can be uploaded and all that is required is that they pass the PHP getimagesize() function and have suitable dimensions.

tags | exploit, php, file upload

SHA-256 | e48ff1b6047e08c0020b9a706603986a8de01a2d4214892be753857895596f7d

Download | Favorite | View