blogcms => 4.0.0 Remote File Include

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hacking TeaM blogcms ...

directadmin-1281.txt

Aria-Security Team Advisory Original Advisory : http://aria-security.net/advisory/directadmin.txt ----------------------------------------------------------- Software: DirectAdmin V1.28.1 DirectAdmin level used : Admin level PoC: http://target:2222/CMDSHOWRESELLER?userXSS...

contentnow-130.txt

r0ut3r Presents... Another r0ut3r discovery! ContentNow 1.30 Local File Include & Arbitrary File Upload/Delete Vulnerabilities Software: ContentNow 1.30 Vulnerabilities Vendor: http://www.contentnow.mf4k.de/ Released: 2006/11/13 Discovered By: r0ut3r writ3r at gmail.com Criticality: Highly critic...

Exhibit Engine styles.php toroot Parameter Remote File Inclusion

The remote web server is running Exhibit Engine, a PHP based photo gallery management system. The version of Exhibit Engine installed on the remote host fails to sanitize input to the 'toroot' parameter before using it in the 'styles.php' script to include PHP code. Provided PHP's 'registerglobal...

Inventory Manager - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/21069/info Inventory Manager is prone to multiple input-validation vulnerabilities, including cross-site scripting and SQL-injection issues, because the application fails to properly sanitize user-supplied input. Successful exploits of these vulnerabiliti...

Oracle Internet Directory 10.1.2.0.2 - 'oidldapd' Remote Memory Corruption

source: https://www.securityfocus.com/bid/37833/info Oracle Internet Directory is prone to a remote memory-corruption vulnerability. Exploits may allow attackers to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in denial-of-service...

Solaris 7 (sparc) : 110531-01

The remote host is missing Sun Security Patch number 110531-01 AnswerBook 1.4.2: HTTP GET overflow allows code execution. Date this patch was last updated by Sun : Wed Nov 23 04:24:08 MST 2005 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ This...

Solaris 5.8 (sparc) : 120185-19

StarOffice 8 Solaris: Update 14. Date this patch was last updated by Sun : Sep/09/09 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...

Solaris 5.10 (sparc) : 120185-19

StarOffice 8 Solaris: Update 14. Date this patch was last updated by Sun : Sep/09/09 %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...

Solaris 10 (x86) : 119116-35 (deprecated)

Mozilla 1.7x86 patch. Date this patch was last updated by Sun : Aug/05/09 This plugin has been deprecated and either replaced with individual 119116 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@ Disabled on 2018/03/12...

FreeWebshop.org Script <= 2.2.2 Multiple Remote Vulnerabilities

Product: www.freewebshop.org Version: 2.2.x, maybe lower Critical Lvl : Highly critical Where : From Remote Exploits: Bypass Login: username:admin password:' or 'a'='a Read Files: /index.php?page=info&action=../../../../../../../../../../../../etc/passwd00 List Passwords:...

FreeWebShop.org script 2.2.2 - Multiple Vulnerabilities

FreeWebShop.org script 2.2.2 - Multiple Vulnerabilities Product: www.freewebshop.org Version: 2.2.x, maybe lower Critical Lvl : Highly critical Where : From Remote Exploits: Bypass Login: username:admin password:' or 'a'='a Read Files:...

[Full-disclosure] Fun with wireless cards...

Lorenzo's Kernel Fun project: http://kernelfun.blogspot.com/ The Metasploit 3 exploit module: http://metasploit.com/svn/framework3/trunk/modules/auxiliary/dos/wireless/daringphucball.rb Media coverage so far: http://www.securityfocus.com/brief/344...

FreeWebShop.org script 2.2.2 - Multiple Vulnerabilities

Product: www.freewebshop.org Version: 2.2.x, maybe lower Critical Lvl : Highly critical Where : From Remote Exploits: Bypass Login: username:admin password:' or 'a'='a Read Files: /index.php?page=info&action=../../../../../../../../../../../../etc/passwd%00 List Passwords:...

IRIX Multiple Buffer Overflow Exploits (LsD)

No description provided by source. / copyright by / / Last Stage of Delirium, Dec 1996, Poland/ include stdio.h include stdlib.h include fcntl.h define BUFSIZE 2068 define OFFS 800 define ADDRS 3 define ALIGN 0 define ALIGN2 4 char...

Solaris 2.4 passwd, yppasswd, and nispasswd Overflow Exploits

No description provided by source. ---------------------------- file newpass.c ------------------------------- include stdio.h include syslog.h define hiddenpasswd "/bin/hpasswd" /change here .../ define MAXLENGTH 32 void mainint argc, char argv int i; char args10; ifargc 10 args0=hiddenpasswd;...

WebAPPv0.9.9.2.1.txt

By b0rizQ Dork : inurl:"apage/apage.cgi OR powered by WebAPP v0.9.9.2.1 File : apage.cgi Exploits : http://www.exemple.com/cgi-bin/mods/apage/apage.cgi?f=training.htm.|pwd|...

Application orders Linux in WebAPP v0.9.9.2.1

By b0rizQ Dork : inurl:"apage/apage.cgi OR powered by WebAPP v0.9.9.2.1 File : apage.cgi Exploits : http://www.exemple.com/cgi-bin/mods/apage/apage.cgi?f=training.htm.|pwd|...

SchoolAlumni Portal 2.26 - 'mod.php?mod' Traversal Local File Inclusion

source: https://www.securityfocus.com/bid/20673/info SchoolAlumni portal is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. These issues include a local file-include vulnerability and a cross-site scripting...

Morcego-0.9.6.txt

===================================================================== Morcego CMS = 0.9.6 Remote File Inclue Vulnerability ===================================================================== Author : Le CoPrA ===================================================================== Download Script ...