7736 matches found
douran portal 3.9.7.55 - Multiple Vulnerabilities
=========================================================== + Douran Portal alert'ITSecTeam' 2 Remote File Upload : Note : Worked In Older 3.8.2.2 Poc : You Can Upload Your File Without Check Authorization You Can Upload : string acceptedFiles =...
Firefox Memory Corruption Proof of Concept (Simplified)
No description provided by source. Hi there, For those who still do not know .. The proof of concept that I have extracted for CVE-2010-3765 is the following: htmlbody script function Gstr var cobj=document.createElementstr; document.body.appendChildcobj; cobj.scrollWidth; function crashme...
BlogBird Platform Multiple XSS Vulnerabilities
Exploit for php platform in category web applications ============================================== BlogBird Platform Multiple XSS Vulnerabilities ============================================== Product: BlogBird Vendor: BlogBird http://www.blogbird.nl/ Vulnerable Version: Current actual version ...
Mozilla Firefox - Simplified Memory Corruption (PoC)
Mozilla Firefox - Simplified Memory Corruption PoC Hi there, For those who still do not know .. The proof of concept that I have extracted for CVE-2010-3765 is the following: function Gstr var cobj=document.createElementstr; document.body.appendChildcobj; cobj.scrollWidth; function crashme...
Pulse Pro 1.4.3 - Persistent Cross-Site Scripting
Pulse Pro 1.4.3 - Persistent Cross-Site Scripting Exploit Title: Pulse Pro 1.4.3 Persistent XSS Vulnerability Date: 24-10-2010 Author: Th3 RDX Software Link: http://pulsecms.com/ Version: 1.4.3 Tested on: Demo Site category: webapp Code : n/a...
Pulse Pro 1.4.3 - Persistent Cross-Site Scripting
Exploit Title: Pulse Pro 1.4.3 Persistent XSS Vulnerability Date: 24-10-2010 Author: Th3 RDX Software Link: http://pulsecms.com/ Version: 1.4.3 Tested on: Demo Site category: webapp Code : n/a -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= L0v3 To: R00T...
Google Releases Chrome 7.0.517.41
Google has released Chrome 7.0.517.41 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, conduct URL spoofing, or bypass security restrictions. US-CERT encourages users and...
Super Simple Blog Script Detection
The remote host is running Super Simple Blog Script, a web-based blogging application written in PHP. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid50047; scriptversion"1.9";...
Super Simple Blog Script entry Parameter SQL Injection
The remote Super Simple Blog Script install hosted on the remote web server is affected by a SQL injection vulnerability because its 'comments.php' script does not properly sanitize input to the 'entry' parameter before using it a database query. Regardless of PHP's 'magicquotesgpc' setting, an...
acs-blog turkce v1.1.3-(tr) Database Disclosure Exploit
!/usr/bin/perl -w blog turkce v1.1.3-tr Database Disclosure Exploit Found & Coded: indoushka Date: 25/07/2010 Home: http://www.hack-r1z.com/cc/ Dz-Ghost Team ===== Saoucha Star08 Cyber Sec theblind74 XproratiX onurozkan n2n Meher Assel =========================== special thanks to : r0073r...
Video Workstation Version 5.3.9.4 dll hijacking (iacenc.dll, ir50_lcs.dll)
Exploit for windows platform in category local exploits ======================================================================= Video Workstation Version 5.3.9.4 dll hijacking iacenc.dll,ir50lcs.dll ======================================================================= / Video Workstation Versio...
Quick Player 1.3 Unicode SEH Exploit
Quick Player 1.3 Unicode SEH Exploit Author Abhishek Lyall and Puneet Jain [email protected] , abhilyallatgmaildotcom, infoataslitsecuritydotcom Web - http://www.aslitsecurity.com/ Blog - http://www.aslitsecurity.blogspot.com/ Download Vulnerable application from...
Windows Mobile 6.5 TR WinCE 5.2 MessageBox Shellcode ARM
Windows Mobile 6.5 TR WinCE 5.2 MessageBox Shellcode ARM. Shellcode exploit for windows platform / Device: HTC Touch2 System: Windows Mobile 6.5 TR WinCE 5.0.2 Addresses of functions can be different on different devices so , you can edit the functions addresses. Coded by Celil Ünüver from...
OpenX Releases Security Update
OpenX has released a security update to address a vulnerability in the 2.8 downloadable version of OpenX. Exploitation of this vulnerability may allow an attacker to compromise the integrity of the server running OpenX. US-CERT encourages users and administrators to review the OpenX "Security...
Google Releases Chrome 6.0.472.59
Google has released Chrome 6.0.472.59 for Linux, Mac, and Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and apply any necessary updates...
A-Blog 'sources/search.php' SQL Injection Vulnerability
A-Blog Simple Blogging System is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent...
Virtual DJ Trial 6.1.2 Buffer Overflow
Virtual DJ Trail 6.1.2 SEH Buffer Overflow Crash POC vulnerble application link http://www.virtualdj.com/download/trial.html tested on XP SP2 author abhishek lyall - abhilyallatgmaildotcom web - http://www.aslitsecurity.com/ blog - http://www.aslitsecurity.blogspot.com/ !/usr/bin/python filename ...
A-Blog 2.0 - sourcessearch.php SQL Injection
A-Blog 2.0 - sourcessearch.php SQL Injection !/usr/bin/python Exploit Title: A-Blog v2.0 sources/search.php SQL Injection Exploit Date : 05 September 2010 Author : Ptrace Security Gianni Gnesa gnix Contact : researchatptrace-securitydotcom Software Link: http://sourceforge.net/projects/a-blog/...
A-Blog 2.0 - '/sources/search.php' SQL Injection
!/usr/bin/python Exploit Title: A-Blog v2.0 sources/search.php SQL Injection Exploit Date : 05 September 2010 Author : Ptrace Security Gianni Gnesa gnix Contact : researchatptrace-securitydotcom Software Link: http://sourceforge.net/projects/a-blog/ Version : 2.0 Tested on : EasyPHP 5.3.1.0 for...
A-Blog v2.0 (sources/search.php) SQL Injection Exploit
Exploit for python platform in category web applications ====================================================== A-Blog v2.0 sources/search.php SQL Injection Exploit ====================================================== !/usr/bin/python Exploit Title: A-Blog v2.0 sources/search.php SQL Injection...