oscom-sql.txt

osCommerce SQL Injection customertestimonials.php Author: it's my Home page: http://www.antichat.ru Dork: inurl:"customertestimonials.php" Exploit:...

Debian Security Advisory DSA 998-1 (libextractor)

The remote host is missing an update to libextractor announced via advisory DSA 998-1. Derek Noonburg has fixed several potential vulnerabilities in xpdf, which are also present in libextractor, a library to extract arbitrary meta-data from files. The old stable distribution woody does not contai...

WorkingOnWeb 2.0.1400 events.php Remote SQL Injection Vulnerability

No description provided by source. WorkingOnWeb 2.0.1400 Remote SQL Injection d0rk: Powered by WorkingOnWeb 2.0.1400 bug found by ka0x - D.O.M TEAM contact: ka0x01!gmail.com we: ka0x, an0de, xarnuz, s0cratex, Hendrix from spain 1: ? 2: $query = "SELECT cnfshortname, cnfname, cnfbegindate,...

WebChat 0.78 - 'login.php?rid' SQL Injection

webchat 0.78 Class: SQL Injection Published 28/06/2007 Remote: Yes Critical Level : Dangerous Site: http://sourceforge.net/projects/webdev-webchat/ Download: http://downloads.sourceforge.net/webdev-webchat/webchat-078.zip?modtime=1046649600&bigmirror=0 Author: r00t Vulnerable code: login.php...

HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit

Exploit for multiple platform in category remote exploits ==================================================================== HP Mercury Quality Center 9.0 build 9.1.0.4352 SQL Execution Exploit ==================================================================== !/usr/bin/perl HP Mercury Qualit...

Cell Phone Operating System Discovery

Binary data 3846.prm...

ncompress buffer overflow

Buffer overflow on data extraction...

Update Protection against Oracle Reports Arbitrary File Reading Vulnerability

Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server...

vBulletin - 'LAST.php' SQL Injection

Example: http://www.example.com/last.php?fsel=,user.password%20as%20title,user.%20%20%20%20username%20as%20lastposter%20FROM%20user,thread%20%20%20%20%20WHERE%20usergroupid=6%20LIMIT%201 milw0rm.com 2004-11-15...

NetBIOS Name Service Reply Information Disclosure

Binary data 1922.prm...

More and More SQL injection on PHP-Nuke 6.5.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 /----------------------------------------------------------------------------- | 7 A 6 9 - A d v C: 011 |-----------------------------------------------------------------------------| | | PHP-Nuke SQL injection |...

Aladdin eToken 3.3.3.x Hardware USB Key Private Data Extraction

@Stake Inc. L0pht Research Labs www.atstake.com www.L0pht.com Security Advisory Advisory Name: eToken Private Information Extraction and Physical Attack Release Date: May 4, 2000 Application: N/A Platform: Aladdin eToken USB Key 3.3.3.x Severity: An attacker can access all private information...

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability

Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3 LSA Secrets Vulnerability. Local exploit for windows platform source: http://www.securityfocus.com/bid/231/info The HKeyLocalMachine\SECURITY\Policy\Secrets\ key contains obfuscated data for various system services/resources. Clear-text usernames a...