Showing 1 - 25 of 32

Files from Andrey Stoykov

First Active	2019-07-15
Last Active	2024-11-22

fronsetia 1.1 Cross Site Scripting: Posted Nov 22, 2024; Authored by Andrey Stoykov; fronsetia version 1.1 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | bbfd522cfd5160099d31a809ca9257e08bb97dcc37b7bf13572eb09dcfd1ed25; Download | Favorite | View

fronsetia 1.1 XML Injection: Posted Nov 22, 2024; Authored by Andrey Stoykov; fronsetia version 1.1 suffers from an XML external entity injection vulnerability.; tags | exploit; SHA-256 | 172877845afd1a0942227a2a28e855668aafeacdb04ad37754aebeccf82f3a9d; Download | Favorite | View

Booked Scheduler 2.8.5 Cross Site Scripting / Open Redirection: Posted Oct 29, 2024; Authored by Andrey Stoykov; Booked Scheduler version 2.8.5 suffers from cross site scripting and open redirection vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | d3d9005e2a6e24e94ad011793b6cdb8a9d7d946e48d81aeec76d221cdc3c47d9; Download | Favorite | View

htmly 2.9.9 Cross Site Scripting: Posted Sep 19, 2024; Authored by Andrey Stoykov | Site msecureltd.blogspot.com; htmly version 2.9.9 suffers from multiple persistent cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | b19a6a9192ab7fdb974bbaace4e6310aa155520d7f2a2c087e43a0e209b862b0; Download | Favorite | View

HTMLy 2.9.9 Cross Site Scripting: Posted Sep 17, 2024; Authored by Andrey Stoykov | Site msecureltd.blogspot.com; HTMLy version 2.9.9 suffers from a persistent cross site scripting vulnerability that can lead to account takeover.; tags | exploit, xss; SHA-256 | 6bb08fb3fda4692b34b179dbafc8e6a3f67eca89052852c0d0f06bb6f11cdaa8; Download | Favorite | View

Simple Machines Forum 2.1.4 Code Injection: Posted Aug 20, 2024; Authored by Andrey Stoykov; Simple Machines Forum version 2.1.4 suffers from an authenticated code injection vulnerability.; tags | exploit; SHA-256 | 5b1fd0910e2bd48c0826ea39984cc8e3a3f91f47ca1adbd1800aace768d2f620; Download | Favorite | View

Dolphin 7.4.2 Blind SQL Injection: Posted Aug 5, 2024; Authored by Andrey Stoykov; Dolphin version 7.4.2 suffers from a remote blind SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 8248fa7dd2014942fa684fcf3a8e321be37bb5444685be1d6befc1212eec50e8; Download | Favorite | View

SPA-CART CMS 1.9.0.6 Username Enumeration / Business Logic Flaw: Posted Jun 17, 2024; Authored by Andrey Stoykov; SPA-CART CMS version 1.9.0.6 suffers from business logic and user enumeration flaws.; tags | exploit; SHA-256 | c07ecb52014c29ee2ae79ddc27279f57e1299334d6615202ed7fd43f0bfec058; Download | Favorite | View

FengOffice 3.11.1.2 SQL Injection: Posted Jun 10, 2024; Authored by Andrey Stoykov; FengOffice version 3.11.1.2 suffers from a remote blind SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | a4d631d58217a0dbbc02735845f2ba3b26d4f99ae6e147a480b6f0cfcdae05fe; Download | Favorite | View

Concrete CMS 9.2.7 Cross Site Scripting / Open Redirect: Posted Apr 11, 2024; Authored by Andrey Stoykov; Concrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, info disclosure; SHA-256 | a4e09ec269b6fd6e7d21fa37778ad6cc59fa7c6ed21097b3b6e52c179ba94e14; Download | Favorite | View

BoidCMS 2.0.1 Cross Site Scripting: Posted Mar 4, 2024; Authored by Andrey Stoykov; BoidCMS version 2.0.1 suffers from multiple cross site scripting vulnerabilities. Original discovery of cross site scripting in this version is attributed to Rahad Chowdhury in December of 2023, though this advisory provides additional vectors of attack.; tags | exploit, vulnerability, xss; SHA-256 | 399c7d150c74e14ff960b4352508c5f4a2a59bf2bfe1f4f390b71685d91640df; Download | Favorite | View

XAMPP 5.6.40 SQL Injection: Posted Mar 4, 2024; Authored by Andrey Stoykov; XAMPP version 5.6.40 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 388ddb4dde51e1972477265a1ca501e1b0ccc13ac7cdae3357edbf821cc9e47b; Download | Favorite | View

Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload: Posted Feb 14, 2024; Authored by Andrey Stoykov; Adapt CMS version 3.0.3 suffers from persistent cross site scripting and remote shell upload vulnerabilities.; tags | exploit, remote, shell, vulnerability, xss; SHA-256 | ec4109d350da52c327fa8e68529d724cdbaf75ad4605a394f2c19b7289932d0a; Download | Favorite | View

Introduction To Web Pentesting: Posted Aug 2, 2023; Authored by Andrey Stoykov; This archive holds a whitepaper called Introduction to Web Pentesting. It provides basic configuration for Burpsuite Proxy along with basic exploitation cross site scripting, SQL injection, cross site request forgery, and open redirects. Two copies of the whitepaper are included. One is in English and one is in Bulgarian.; tags | paper, web, xss, sql injection, csrf; SHA-256 | 1f0745a5f6bf458420ce54f01247d5149ab58cb8886e6f6c015a8dbfc0d9a6de; Download | Favorite | View

Perch CMS 3.2 Cross Site Scripting: Posted Aug 2, 2023; Authored by Andrey Stoykov; Perch CMS version 3.2 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 586bd1206b838db2276e13fced4b53256b8b848641a29e35a78967042d604683; Download | Favorite | View

Availability Booking Calendar PHP XSS / Arbitrary File Upload: Posted Jul 26, 2023; Authored by Andrey Stoykov; Availability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.; tags | exploit, arbitrary, php, vulnerability, xss, file upload; SHA-256 | e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914; Download | Favorite | View

WBCE 1.6.1 Cross Site Scripting: Posted Jul 17, 2023; Authored by Andrey Stoykov; WBCE version 1.6.1 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | c17b616715baffae3d84e0d4550487c0ddcd5bf0f23819f9fafe7404baa9ed74; Download | Favorite | View

XAMPP 8.2.4 Unquoted Service Path: Posted Jul 12, 2023; Authored by Andrey Stoykov; XAMPP version 8.2.4 suffers from an unquoted service path vulnerability.; tags | exploit; SHA-256 | 013b0dbd256f27abaa69c15d5aeec4553beac733154cfc7e150b3559ea0da2d5; Download | Favorite | View

Faculty Evaluation System 1.0 SQL Injection: Posted Jul 10, 2023; Authored by Andrey Stoykov; Faculty Evaluation System version 1.0 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | 7bc59cd66aeba7e9b21206240985c2d932ac5f46cc03f4460693c631b14c393d; Download | Favorite | View

myBB forums 1.8.26 Cross Site Scripting: Posted Mar 30, 2023; Authored by Andrey Stoykov; myBB forums version 1.8.26 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 49b4fc9b3db0a04ca44a9ec1d64e1ec281a090a818f848111b735b27147db2e9; Download | Favorite | View

Fastly Secret Disclosure: Posted Mar 13, 2023; Authored by Andrey Stoykov; Fastly suffers from the poor practice of sending a temporary password in plaintext.; tags | exploit, info disclosure; SHA-256 | 09181b45538cae9f3688cd0f1f65f20913277a3c96827c11f9df3ad8004ab8bc; Download | Favorite | View

Shopify Cross Site Scripting: Posted Mar 13, 2023; Authored by Andrey Stoykov; Shopify suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | dcca389f2f44bc6e6960d4aefe61cbb9c3906a55351986f2a658754795ce9f62; Download | Favorite | View

4images 1.9 Remote Command Execution: Posted Dec 22, 2022; Authored by Andrey Stoykov; 4images version 1.9 suffers from a remote command execution vulnerability.; tags | exploit, remote; SHA-256 | d876d4e5b40a274d6db099e265423f9f96e10557a0bc7523e13fbd5618f59557; Download | Favorite | View

Shoplazza 1.1 Cross Site Scripting: Posted Dec 14, 2022; Authored by Andrey Stoykov; Shoplazza version 1.1 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 45b096fd0c06d29314c47d3820cded151b1d0ea4c399a761b64fcc8eebcca9fe; Download | Favorite | View

4images 1.8 SQL Injection: Posted Aug 13, 2021; Authored by Andrey Stoykov; 4images version 1.8 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; SHA-256 | c9c2aa91ec745bbdba6b1c78ba101be04ed9dc59fee041d1a36097cb86d846a9; Download | Favorite | View

Page 1 of 2 Back 1 2 Next

Top Authors In Last 30 Days

Red Hat 240 files
Ubuntu 62 files
Debian 22 files
Apple 14 files
LiquidWorm 12 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,169)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,011)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,372)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,008)
UNIX (9,481)
UnixWare (188)
Windows (6,785)
Other

Files from Andrey Stoykov

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems