7699 matches found
MKPortal 1.2.1 XSS / SQL Injection / File Upload
waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind "waraxe" Date: 15. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-70.html Description of vulnerable software...
MKPortal <= 1.2.1 () Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ==================================================== MKPortal = 1.2.1 Multiple Remote Vulnerabilities ==================================================== waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1...
DMXReady Blog Manager XSS / SQL Injection
--------------------------------------------------------- Portal Name: DMXReady Blog Manager SQL/XSS Vendor : http://www.galaxyscripts.com Author : PouyaServer , [email protected] Aria-Security.Net Vulnerability : SQL/XSS --------------------------------------------------------- SQL:...
MKPortal 1.2.1 - Multiple Vulnerabilities
waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind "waraxe" Date: 15. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-70.html Description of vulnerable software...
MKPortal 1.2.1 - Multiple Vulnerabilities
MKPortal 1.2.1 - Multiple Vulnerabilities waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind "waraxe" Date: 15. January 2009 Location: Estonia, Tartu Web:...
DMXReady Blog Manager 1.1 File Deletion
Title : DMXReady Blog Manager ajann Exp Delete File : Form Action: http://target/path/includes/sharedscripts/wysiwygeditor/assetmanager/assetmanager.asp?ffilter= Delete File Path: etc...
DMXReady Blog Manager 1.1 - Remote File Delete
DMXReady Blog Manager 1.1 - Remote File Delete Title : DMXReady Blog Manager ajann Exp Delete File : Form Action: http://target/path/includes/sharedscripts/wysiwygeditor/assetmanager/assetmanager.asp?ffilter= Delete File Path: etc...
DMXReady Blog Manager <= 1.1 Remote File Delete Vulnerability
No description provided by source. Title : DMXReady Blog Manager = 1.1 Remote Files Delete Vulnerability Author : "ajann" from Turkey Contact : : S.Page : http://www.dmxready.com $$ : 199.97 $ Dork : inurl:incwebblogmanager.asp DorkEx :...
DMXReady Blog Manager 1.1 - Remote File Delete
Title : DMXReady Blog Manager ajann Exp Delete File : Form Action: http://target/path/includes/sharedscripts/wysiwygeditor/assetmanager/assetmanager.asp?ffilter= Delete File Path: etc...
DMXReady Blog Manager <= 1.1 Remote File Delete Vulnerability
Exploit for unknown platform in category web applications ============================================================= DMXReady Blog Manager ajann Exp Delete File : Form Action: http://target/path/includes/sharedscripts/wysiwygeditor/assetmanager/assetmanager.asp?ffilter= Delete File Path:...
Microsoft HTML Workshop 4.74 - Universal Buffer Overflow
!/usr/bin/perl Microsoft HTML Workshop...
Microsoft HTML Workshop <= 4.74 Universal Buffer Overflow Exploit
No description provided by source. !/usr/bin/perl Microsoft HTML Workshop = 4.74 Universal Buffer Overflow Exploit ----------------------------------------------------------------- Discovered/Exploit by SkD [email protected] ----------------------------------------------------------------- This ...
CSDN Blog 文章评论处 XSS Bug
CSDN Blog 文章评论处由于对“主 页”信息过滤不严导致跨站漏洞。 这个漏洞比较容易利用,危害相对其它XSS要大些,攻击者可以在任何人的CSDN Blog上发恶意代码的评论,可以进行盗取Cookie,挂马BS之等行为。 测试链接:http://blog.csdn.net/zerosoul/archive/2009/01/10/3743912.aspx http://hi.csdn.net 等待官方修补 在文章评论处的“主 页”一栏中输入以下代码 dork1: http://zerosoul"/ascriptalert"zerosoul"/scripta" dork2:...
CSDN Blog XSS Bug
CSDN是中国最大的IT技术社区,CSDN blog是面向中文地区IT专业技术人员的Blog门户,有不少IT牛人在上面开博。 在CSDN博客发表文章的时候,如果用“设计视图”模式编辑正文,不会产生跨站,测试代码scriptalert'zerosoul'/script会被转义成scriptalert'zerosoul'/script转义了左尖括号。 但是如果我们点击“源视图”模式进行编辑正文并发帖的话,就不会再对左尖括号转义,造成跨站漏洞。 测试链接:http://blog.csdn.net/zerosoul/ http://hi.csdn.net 等待官方修补...
CVE-2008-5845
Multiple cross-site scripting XSS vulnerabilities in Six Apart Movable Type MT before 4.23 allow remote attackers to inject arbitrary web script or HTML via a 1 MTEntryAuthorUsername, 2 MTAuthorDisplayName, 3 MTEntryAuthorDisplayName, or 4 MTCommenterName field in a Profile View template; a 5...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Six Apart Movable Type MT before 4.23 allow remote attackers to inject arbitrary web script or HTML via a 1 MTEntryAuthorUsername, 2 MTAuthorDisplayName, 3 MTEntryAuthorDisplayName, or 4 MTCommenterName field in a Profile View template; a 5...
CVE-2008-5845
Multiple cross-site scripting XSS vulnerabilities in Six Apart Movable Type MT before 4.23 allow remote attackers to inject arbitrary web script or HTML via a 1 MTEntryAuthorUsername, 2 MTAuthorDisplayName, 3 MTEntryAuthorDisplayName, or 4 MTCommenterName field in a Profile View template; a 5...
Windows/x86 (XP SP3) (Turkish) - cmd.exe Shellcode (52 bytes)
Windows/x86 XP SP3 Turkish - cmd.exe Shellcode 52 bytes. Shellcode exploit for Windowsx86 platform. Tags: Metasploit Framework MSF Title : win32/xp sp3 Tr cmd.exe Shellcode 52 bytes Proof : http://img59.imageshack.us/img59/6499/proofc.png Author : ZoRLu / http://inj3ct0r.com/author/577 mail-msn :...
PT-2009-14: BLOG CMS Cross-Site Scripting Vulnerability
BLOG CMS is a content management system CMS software, usually implemented as a Web application, for creating and managing HTML content. It is used to manage and control a large, dynamic collection of Web material HTML documents and their associated images. Vulnerability Description Positive...
Linux/x86 - Force Reboot Shellcode (36 bytes)
Linux/x86 - Force Reboot Shellcode 36 bytes. Shellcode exploit for Linuxx86 platform Linux/x86 Force Reboot shellcode 36 bytes Author: Hamza Megahed Twitter: @HamzaMega blog: hamza-megadotblogspotdotcom E-mail: hamzadotmegahedatgmaildotcom xor %eax,%eax push %eax push $0x746f6f62 push $0x65722f6e...