Valve Steam Local Lift Vulnerability

Valve Steam is a Linux-based operating system for living room gaming from the American company Valve. A local lift vulnerability exists in Valve Steam version 3.42.16.13, which stems from a program that assigns weak permissions to the Steam directory. An attacker can use this vulnerability to...

GTLVote 1.1 SQL Injection

Exploit Title: GTLVote 1.1 SQLi Injection Vulnerability. + Discovered By: Jackson Security Engineer @ Panel Solutions + Worried about being attacked by a 0day? We secure your web applications before an attack occurs @ Secure Hosting Solutionhttp://panelsec.com/ + My Homepage: http://panelsec.com/...

SGI IRIX <= 6.5.4 midikeys Root Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/262/info The setuid root midikeys executable can be used to edit arbitrary files via its graphical user interface. This grants malicious users root access to the system. Running the midikeys application, clicking in sound...

SQL-Ledger <= 2.8.33 Post-authentication Local File Include/Edit Vulnerability

No description provided by source. Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz Version: 2.8.33...

CVE-2012-3872

Multiple cross-site scripting XSS vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to data/file/edit.php, 2 the q parameter to confirm.php, or 3 the keyword parameter to users/users.php...

CVE-2012-3873

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

Sql injection

Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to 1 data/gallery/edit.php, 2 data/guestbook/edit.php, 3 data/file/edit.php, 4 data/htmltext/edit.php, 5 data/publication/edit.php, or 6...

CVE-2012-3872

Multiple cross-site scripting XSS vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to data/file/edit.php, 2 the q parameter to confirm.php, or 3 the keyword parameter to users/users.php...

Xtemplate Shell Upload

Exploit Title: Xtemplate shell upload Date: 4/6/12 Author: Th3-Skywalk3r Email : [email protected] Category:: webapps Google dork: /xtemplates/eng/ Tested on: Windows 7 & BT5r2 Demo site: http://www.deadseashop.co.il/inc/xtemplates/eng/fileedit.php...

Indexu 7 PHP Code Injection

--------------------------------------- Author : L3b-r1'z Title : Indexu 7 Php Code Injection Date : 5/30/2012 Email : [email protected] Site : Sec4Ever.com & Exploit4arab.com Google Dork : allintext: "Listing by GooglePR" Version : N\A --------------------------------------- 1 Bug 2 PoC...

w-CMS 2.0.1 - Multiple Vulnerabilities

w-CMS 2.0.1 - Multiple Vulnerabilities +----------------------------------------------------------------------+ | | | | | | | | | | \ | | | | | | | | | | | | | | | | | | |/ |/ | |/ / ||| | | | | | | | | | | | | | | | || || | | | |/||,|||\ ||/ | | | |/| | | | x Exploit Title: w-CMS 2.0.1...

JEECMS后台任意文件编辑漏洞and官方漏洞及拿shell

简要描述： JEECMS后台任意文件编辑漏洞以及官方的demo站、官方服务器安全问题 详细说明： 2.x后台： login/Jeecms.do 3.x后台： jeeadmin/jeecms/index.do 默认账户：admin 默认密码：password 获取tomcat密码： /jeeadmin/jeecms/template/vedit.do?root=../../conf/&name=../../conf/tomcat-users.xml 获取JDBC数据库账号密码：...

w-CMS 2.01 Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: W-Cms Multiple Vulnerability Date: 2012-01-09 Author: th3.g4m30v3r Site:http://w-cms.info/ Software Link: http://code.google.com/p/wcms/ Dork: intext:"Powered by w-CMS" Version : 2.01 Tested on: Window 7 Yogesh Kashyap, shubneet...

autositephp 2.0.3 - Local File Inclusion Cross-Site Request Forgery Edit File

autositephp 2.0.3 - Local File Inclusion Cross-Site Request Forgery Edit File + AutositePHP v2.0.3 LFI/CSRF/Edit File Multiple Remote Vulnerabilities + Discovered By SirGod + Greetz : All my friends + Download Script : http://sourceforge.net/projects/autositephp/ + Local File Inclusion PoC 1 :...

WeBid 0.5.4 Multiple Remote Vulnerabilities

No description provided by source. || || | || o,7 || . o7 || 4||| ow, : / / . ================================ ========================== ==================== |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ ...

Power Editor 2.0 Remote File Disclosure / Edit Vulnerability

No description provided by source. ..:::::Power Editor LOCAL FILE INCLUSION Vulnerbility ::::... Virangar Security Team www.virangar.net -------- Discoverd By :Virangar Security Team hadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all iranian hackerz...

Arbitrary file edit, Local file include, Directory traversal and Full path disclosure in WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Arbitrary file edit, Local file include, Directory traversal и Full path disclosure уязвимостях в WordPress. Дыры в файле templates.php в параметрах file и page и файлах edit-pages.php, categories.php, edit-comments.php, moderation.php, post.php и...