php-revista <= 1.1.2 Multiple Remote SQL Injection Vulnerabilities

No description provided by source. php-revista = 1.1.2 Remote SQL Injection Exploit Found by & contact : Cold z3ro , [email protected] script : http://downloads.sourceforge.net/php-revista/revista-1.1.2.tgz?modtime=1025654400&bigmirror=0 Exploits :...

[Full-disclosure] Mercur SP4 IMAPD

The attached exploits several signedness bugs in the NTLM implementation of Mercur IMAPD www.atrium-software.com to give the attacker complete control over a memcpy to a stack variable... non-authenticated In this case, memcpybuf, src+a, b with 'a', and 'b' being user controlled and buf 7208 byte...

php-revista <= 1.1.2 Multiple Remote SQL Injection Vulnerabilities

No description provided by source. php-revista = 1.1.2 Remote SQL Injection Exploit Found by & contact : Cold z3ro , [email protected] script : http://downloads.sourceforge.net/php-revista/revista-1.1.2.tgz?modtime=1025654400&bigmirror=0 Exploits :...

PHP-revista 1.1.2 - Multiple SQL Injections

php-revista = 1.1.2 Remote SQL Injection Exploit Found by & contact : Cold z3ro , [email protected] script : http://downloads.sourceforge.net/php-revista/revista-1.1.2.tgz?modtime=1025654400&bigmirror=0 Exploits : ==============================================================================...

KLA10093 Multiple vulnerabilities in CA software

Multiple serious vulnerabilities have been found in ARCserve Backup. Malicious users can exploit these vulnerabilities to execute arbitrary code or cause denial of service. Below is a complete list of vulnerabilities 1. A buffer overflow can be exploited remotely via specially designed RPC...

softnews-rfi.txt

By Hasadya Raed Contact : [email protected] ------------------------------------ Script : SoftNews Media Group Dork : "Copyright © 2004,2006 SoftNews Media Group" Greetz : Only To Security Focus ------------------------------------ B.Files : init.php editnews.php ----------------------------------...

aBitWhizzy - whizzypic.php?d Traversal Arbitrary Directory Listing

aBitWhizzy - whizzypic.php?d Traversal Arbitrary Directory Listing source: https://www.securityfocus.com/bid/23167/info aBitWhizzy is prone to multiple cross-site scripting and directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An...

copperminepg-rfi.txt

By Hasadya Raed Contact : [email protected] ------------------------------------ Script : Coppermine Photo Gallery Expl : Remote Include File Dork : "Copyright c 2003-2006 Coppermine Dev Team" ------------------------------------ B.Files : imageprocessor.php functions.php picmgmt.inc.php...

MS05-047: Plug and Play Remote Code Execution and Local Privilege Elevation (905749) (uncredentialed check)

The remote host contains a version of the Plug and Play service that contains a vulnerability in the way it handles user-supplied data. An authenticated attacker may exploit this flaw by sending a malformed RPC request to the remote service and execute code with SYSTEM privileges. Note that...

Remote File Include In Script Premod SubDog 2

By Hasadya Raed Contact : [email protected] ------------------------------------ Script : Premod SubDog 2 Dork : "Premod SubDog 2" ------------------------------------ B.Files : functionskb.php themenportalmitte.php loggerengine.php ------------------------------------ Exploits :...

Remote File Include In Script Coppermine Photo Gallery

By Hasadya Raed Contact : [email protected] ------------------------------------ Script : Coppermine Photo Gallery Expl : Remote Include File Dork : "Copyright c 2003-2006 Coppermine Dev Team" ------------------------------------ B.Files : imageprocessor.php functions.php picmgmt.inc.php...

dbimage-rfi.txt

Remote File Include In DBImageGallery 1.2.2 Discovered By : Hasadya Raed Contact Me : [email protected] Download Script : http://www.dbscripts.net/download/?file=1 B.Files: admin/attributes.php - requireonce $donsimgbasepath admin/images.php - requireonce $donsimgbasepath admin/scan.php -...

mycal-xss.txt

MyCalendar multiple XSS By : sn0oPy Risk : medium site : http://abledesign.com/programs/MyCalendar/ exploit : XSS on the search menu : http://www.target.ma/calendar/index.php?go=search XSS on the url : http://www.target.ma/calendar/index.php?go="alertdocument.cookie XSS on the username and passwo...

ZebraFeeds 1.0 (zf_path) Remote File Include Vulnerabilities

No description provided by source. To ConTacT mE @ wWw.Asb-May.net/bb ScRiPt:-http://cazalet.org/zebrafeeds/releases/zebrafeeds-current.zip Discovered By:- ThE dE@Th aggregator.php:- requireonce$zfpath . 'includes/feed.php'; requireonce$zfpath . 'includes/view.php'; requireonce$zfpath...

Mac OS X Multiple Vulnerabilities (Security Update 2007-002)

The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2007-002 applied. This update fixes security flaws in the following applications : - Finder - iChat - UserNotification C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include"compat.inc";...

MS07-009: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)

The remote host contains a version of the ADODB.Connection ActiveX control that is vulnerable to a security flaw that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web page. Tenable Network Security, Inc...

Default Password (oracle) for 'oracle' Account

The password for the account 'oracle' on the remote host is 'oracle'. An attacker may leverage this to gain access to the affected system and launch further attacks against it. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "oracle"; password = "oracle";...

MySQL 4.x/5.0 (Windows) - User-Defined Function Command Execution

-- raptorwinudf.sql - A MySQL UDF backdoor kit for Windows -- Copyright c 2007 Marco Ivaldi -- -- This is a MySQL backdoor kit for Windows based on the UDFs User Defined -- Functions mechanism. Use it to spawn a reverse shell netcat UDF on port -- 80/tcp or to execute single OS commands exec UDF...

Forum Livre 1.0 (SQL Injection / XSS) Multiple Remote Vulnerabilities

No description provided by source. Title : Forum Livre 1.0 Multiple Remote Vulnerabilities Author : ajann Contact : : $$ : Free SQL--------------------------------------------------------- Login Before..- http://target/path//infouser.asp?user=SQL Example:...

CA BrightStor ARCserve Backup for Laptops & Desktops Server Multiple Vulnerabilities (QO83833)

According to its version, the installation of BrightStor ARCserve Backup for Laptops & Desktops Server on the remote host is affected by multiple buffer overflows and denial of service vulnerabilities that can be exploited by a remote attacker to execute arbitrary code on the affected host with...