Mi-Dia 1.0.6 Cross Site Scripting

Title: Mi-Dia Blog 1.0.6 XSS Vendor: http://www.mi-dia.co.uk Dork: "Powered by Mi-Dia Blog v1.0.6" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability33.htm Thanks:...

Joomla! Component SVMap 1.1.1 - Local File Inclusion

Joomla! Component SVMap 1.1.1 - Local File Inclusion ================================================================================================ Title : Joomla Component comsvmap v1.1.1 LFI Vulnerability Vendor : http://www.la-souris-verte.com Date : Monday, 05 April 2010 Indonesia Author :...

Joomla! Component com_wisroyq 1.1 - Local File Inclusion

Joomla! Component comwisroyq 1.1 - Local File Inclusion ============================================================================================================================ o Joomla Component WISro Yahoo Quotes Local File Inclusion Vulnerability Software : comwisroyq version 1.1.x...

e107 Plugin Blog (macgurublog.php) Remote SQL Injection Vulnerability

Exploit for php platform in category web applications ===================================================================== e107 Plugin Blog macgurublog.php Remote SQL Injection Vulnerability ===================================================================== @Title: e107 Plugin Blog...

Mi-Dia Blog 1.0.6 XSS Vulnerability

Exploit for php platform in category web applications =================================== Mi-Dia Blog 1.0.6 XSS Vulnerability =================================== Title: Mi-Dia Blog 1.0.6 XSS Vendor: http://www.mi-dia.co.uk Dork: "Powered by Mi-Dia Blog v1.0.6" AUTHOR: ITSecTeam Email:...

DSEmu 0.4.10 Proof Of Concept

!/usr/bin/env python DSEmu 0.4.10 .nds local crash Software Link: http://double.co.nz/nintendods/dsemu-0.4.10.zip Author: l3D Sites: http://xraysecurity.blogspot.com, http://nullbyte.org.il IRC: irc://irc.nix.co.il Email: [email protected] Open the file, and after 4 seconds the application shou...

Microsoft Readies Emergency IE Patch to Thwart Attacks

In the face of an uptick in hacker attacks targeting a zero-day flaw in its Internet Explorer browser, Microsoft has announced plans to ship an emergency IE patch tomorrow March 30, 2010. The out-of-band update comes exactly 21 days after Microsoft said it was aware of targeted attacks against...

Vbulletin Blog 4.0.2 XSS Vulnerability

Exploit for php platform in category web applications ====================================== Vbulletin Blog 4.0.2 XSS Vulnerability ====================================== Author: FormatXformat Version: Vbulletin 4.0.2 Dork: Powered by vBulletin Version 4.0.2 Copyright 2010 vBulletin Solutions, In...

vBulletin Blog 4.0.2 - Title Cross-Site Scripting

vBulletin Blog 4.0.2 - Title Cross-Site Scripting Vbulletin Blog 4.0.2 XSS Vulnerability Author: FormatXformat Version: Vbulletin 4.0.2 Dork: Powered by vBulletin™ Version 4.0.2 Copyright © 2010 vBulletin Solutions, Inc. All rights reserved. The script is affected by Permanent XSS vulnerability, ...

CVE-2010-1049

Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the 1 noentryid parameter to blog/index.php and the 2 p parameter to index2.php...

CVE-2010-1048

CVE-2010-1048 describes a Cross-site Scripting (XSS) vulnerability in the Uiga Business Portal, specifically in the blog/index.php page. The issue is exploitable through the textcomment parameter (the Comment Box) in a noentryid action, enabling remote attackers to inject arbitrary web script or ...

QuickZip 0day detailed write-up

In case some of you missed it - I published 2 articles on the Offensive Security Blog last one was published a few hours ago, explaining the process of building a not so typical SEH based exploit for a QuickZip 0day vulnerability. Part 1 :...

phpBB2 Plus 1.53 SQL Injection

phpBB2 Plus 1.53 kb.php?mode SQL Injection Vulnerability Author : Gamoscu Homepage : http://www.1923turk.com Blog : http://gamoscu.wordpress.com/ Dork : inurl:kb.php?mode=cat&cat= Vulnerable File kb.php?mode=cat&cat= SQL XpL -1+union+select+1,concatuserid,char58,username,...

TopDownloads MP3 Player 1.0 - .m3u Crash

TopDownloads MP3 Player 1.0 - .m3u Crash !/usr/bin/env python MP3 player 1.0 Local Crash Author: l3D Software Link: http://files.brothersoft.com/mp3audio/players/td-mp3.exe Site: http://xraysecurity.blogspot.com IRC: irc://irc.nix.co.il Email: [email protected] bad=open'crash.mp3', 'w'...

InTerra Blog Machine <= 1.70 Shell Upload Vulnerability

Exploit for unknown platform in category web applications ======================================================= InTerra Blog Machine Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-1 +...

Microsoft Re-Releases Security Bulletin MS10-015

Microsoft has re-released the security update described in Microsoft Security Bulletin MS10-015. This release contains an updated installation package that does not allow the security update to be installed on computers infected with malicious code. Microsoft has also released a Fix-It Tool to...

Blax Blog 0.1 - &#039;girisyap.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/38465/info Blax Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify dat...

Blax Blog 0.1 - girisyap.php SQL Injection

Blax Blog 0.1 - girisyap.php SQL Injection source: https://www.securityfocus.com/bid/38465/info Blax Blog is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Blax Blog 0.1 SQL Injection

Blax Blog = 0.1 Auth Bypass SQL Injection Vulnerability By cr4wl3r Download: http://www.proje3x.com/indir/blax.rar PoC: path/admin/girisyap.php Username: ' or '1=1 password: ' or '1=1...

ShortCMS 1.11F(B) (con) - SQL Injection

ShortCMS 1.11FB con - SQL Injection ShortCMS v. 1.11FB con SQL Injection Vulnerability Author : Gamoscu Homepage : http://www.1923turk.com Blog : http://gamoscu.wordpress.com/ Script : ShortCMS Download : http://www.shortcms.de/index.php?dwnldct Vulnerable File printview.php?func=con&pvid= SQL Xp...