Menu

Monthly Archive:: February 2019

Psychological Facts of JEALOUSY

1=>A Person who seems jealous or dingy is actually someone who cares most or more sensitive towards others. 2=>Jealousy occurs most often when you are unhappy with your existing situation. Consider it your subconscious’s way of trying to motivate you. 3=>Jealousy is a complex emotion that encompasses feelings ranging from fear of abandonment to rage

WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter-CVE-2019-7441

# Exploit Title: cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price # Date: 27.01.2019 # Product Title :Woocommerce Paypal gateway Plugin # Vendor Homepage: https://wordpress.org # Software Link :

JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings-CVE-2019-7440

# Exploit Title: JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi) # Exploit Author: Vikas Chaudhary # Date: 21-01-2019 # Vendor Homepage: https://www.jio.com/ # Hardware Link: https://www.amazon.in/JioFi-Hotspot-M2S-Portable-Device/dp/B075P7BLV5/ref=sr_1_1?s=computers&ie=UTF8&qid=1531032476&sr=1-1&keywords=JioFi+M2S+Wireless+Data+Card++%28Black%29 # Version: JioFi 4G Hotspot M2S 150 Mbps Wireless Router #

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter-CVE-2019-7439

# Exploit Title: cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter # Exploit Author: Vikas Chaudhary # Date: 21-01-2019 # Vendor Homepage: https://www.jio.com/ # Hardware Link: https://www.amazon.in/JioFi-Hotspot-M2S-Portable-Device/dp/B075P7BLV5/ref=sr_1_1?s=computers&ie=UTF8&qid=1531032476&sr=1-1&keywords=JioFi+M2S+Wireless+Data+Card++%28Black%29 # Version: JioFi 4G Hotspot M2S 150 Mbps Wireless Router # Category: Hardware # Contact: https://www.facebook.com/profile.php?id=100011287630308 # Web: https://gkaim.com/ #

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS via the mask POST parameter-CVE-2019-7438 (XSS)

# Exploit Title: cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS Injection via the mask POST parameter. # Exploit Author: Vikas Chaudhary # Date: 21-01-2019 # Vendor Homepage: https://www.jio.com/ # Hardware Link: https://www.amazon.in/JioFi-Hotspot-M2S-Portable-Device/dp/B075P7BLV5/ref=sr_1_1?s=computers&ie=UTF8&qid=1531032476&sr=1-1&keywords=JioFi+M2S+Wireless+Data+Card++%28Black%29 # Version: JioFi 4G Hotspot M2S 150 Mbps Wireless Router # Category: Hardware # Contact: https://www.facebook.com/profile.php?id=100011287630308 # Web: https://gkaim.com/ # Tested

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has HTML injection via the mask POST parameter-CVE-2019-7438 (HTML)

# Exploit Title: cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has HTML injection via the mask POST parameter. # Exploit Author: Vikas Chaudhary # Date: 21-01-2019 # Vendor Homepage: https://www.jio.com/ # Hardware Link: https://www.amazon.in/JioFi-Hotspot-M2S-Portable-Device/dp/B075P7BLV5/ref=sr_1_1?s=computers&ie=UTF8&qid=1531032476&sr=1-1&keywords=JioFi+M2S+Wireless+Data+Card++%28Black%29 # Version: JioFi 4G Hotspot M2S 150 Mbps Wireless Router # Category: Hardware # Contact: https://www.facebook.com/profile.php?id=100011287630308 # Web: https://gkaim.com/ # Tested

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting-CVE-2019-7437

******************************************************************************************* # Exploit Title: PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected Cross-Site Scripting (XSS) via the Search field # Date: 30.12.2018 # Site Title : Opensource Classified Ads Script # Vendor Homepage: https://www.phpscriptsmall.com/ #Vendor Software: https://www.phpscriptsmall.com/product/professional-classified-ads-script/ # Software Link: http://198.38.86.159/~classic/ # Category: Web Application # Version: 3.2.2 # Exploit Author: Vikas Chaudhary

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal-CVE-2019-7436

******************************************************************************************* # Exploit Title: PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has directory traversal via a direct request for a listing of an uploads directory # Date: 30.12.2018 # Site Title : Opensource Classified Ads Script # Vendor Homepage: https://www.phpscriptsmall.com/ #Vendor Software: https://www.phpscriptsmall.com/product/professional-classified-ads-script/ # Software Link: 198.38.86.159/~classic/ # Category: Web Application # Version: 3.2.2

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection-CVE-2019-7435

******************************************************************************************* # Exploit Title: PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form # Site Title : Opensource Classified Ads Script # Vendor Homepage: https://www.phpscriptsmall.com/ # Software Link: http://198.38.86.159/~classic/ # Category: Web Application # Version: 3.2.2 # Exploit Author: Vikas Chaudhary # Contact: https://www.facebook.com/profile.php?id=100011287630308 # Web: https://gkaim.com/ #

PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal-CVE-2019-7434

******************************************************************************************* # Exploit Title:PHP Scripts Mall Rental Bike Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory. # Date: 30.12.2018 # Site Title : Image Sharing Script # Vendor Homepage: https://www.phpscriptsmall.com/ # Software Link: http://under24usd.com/demo/rental-bike # Category: Web Application # Version: 2.0.3 # Exploit Author: Vikas Chaudhary #