PDF Album v1.7 iOS - File Include Web Vulnerability

No description provided by source. Document Title: =============== PDF Album v1.7 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1255 Release Date: ============= 2014-04-11 Vulnerability Laboratory ID VL-ID:...

Joomla Component Jgrid 1.0 - Local File Inclusion Vulnerability

No description provided by source. Jgrid 1.0 Joomla Component Local File Inclusion Vulnerability Name Jgrid Vendor http://datagrids.clubsareus.org Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date...

Ninja Blog 4.8 - Remote Information Disclosure Vulnerability

No description provided by source. Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/index.php?s=ad&id=6 ---- Due to insufficient validation of client-side data, we can alt...

Content-Builder (CMS) <= 0.7.2 - Multiple Include Vulnerabilities

No description provided by source. $$$$$$$$$$$$$$$ DEVIL TEAM THE BEST POLISH TEAM $$$$$$$$$$$$$$$ $$ $$ ContentBuilder = 0.7.2 Remote File Include Vulnerability $$ script site: http://www.content-builder.net/ $$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$ $$ Find by: Kacpe...

Ipswitch WS_FTP Server 5.0.x CD Command Malformed File Path Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11065/info WSFTP Server is reported prone to a remote denial of service vulnerability. This issue presents itself when the application processes a malformed file path through the 'cd' command. WSFTP Server version 5.0.2 i...

Media In Spot CMS - Local File Inclusion Vulnerability

No description provided by source. Name : Media In Spot LFI Vulnerability Date : May,16 2011 Vendor Url :http:http://www.mediainspot.com/ Dork: Powred By Media In Spot Author : wlhaan haker iitathotmail.com Exploit:...

Abtp Portal Project 0.1.0 LFI Exploit

No description provided by source. !/usr/bin/perl =about ---------------------------------------------------------------------------------------------------- Name : Abtp Portal Project = 1.0 Site : http://sourceforge.net/projects/abtpportal/ Down :...

Pollen CMS 0.6 (index.php, p param) - Local File Disclosure

No description provided by source. Title: Pollen CMS = 0.6 - Local File Disclosure Google Dork: intext:Powered by Pollen CMS Date: 25 Mars 2013 Exploit Author: MizoZ Vendor Homepage: pollencms.com BROKEN Software Link: https://code.google.com/p/pollencms/ Version: 0.6 Tested on: Ubuntu Desktop...

Intruder Client 1.00 Remote Command Execution & DoS Exploit

No description provided by source. !/usr/bin/perl Intruder Command Execution DOS Exploit -------------------------------------- Infam0us Gr0up - Securiti Research ? Version: libwww-perl-5.76 + Connecting to 127.0.0.1.. + Connected + Backup for files..DONE + Build malicious pages..DONE + Open CDRo...

Gradman <= 0.1.3 (agregar_info.php) Local File Inclusion Exploit

No description provided by source. --==+=================== Spanish Hackers Team www.spanish-hackers.com =================+==-- --==+ Gradman = 0.1.3 agregarinfo.php?tabla= Local File Inclusion Exploit +==--...

DouPHP轻量级企业建站系统后台任意文件删除缺陷

简要描述： 某处未验证删除的文件路径，导致可以删除任意文件。 官网演示站测试通过 详细说明： 漏洞文件: /admin/backup.php 第161行 / +---------------------------------------------------------- 备份删除 +---------------------------------------------------------- / if $REQUEST'rec' == 'del' $sqlfilename = $GET'sqlfilename'; if $POST'confirm' if...

Linux Kernel 3.13 - SGID Privilege Escalation

Linux Kernel 3.13 - SGID Privilege Escalation / CVE-2014-4014 Linux Kernel Local Privilege Escalation PoC Vitaly Nikolenko http://hashcrack.org Usage: ./poc filepath where filepath is the file on which you want to set the sgid bit / define GNUSOURCE include include include include include include...

Linux Kernel 3.13 - SGID Privilege Escalation

/ CVE-2014-4014 Linux Kernel Local Privilege Escalation PoC Vitaly Nikolenko http://hashcrack.org Usage: ./poc filepath where filepath is the file on which you want to set the sgid bit / define GNUSOURCE include include include include include include include include include define STACKSIZE 1024...

PT-2014-3429 · Foreman · Foreman

Name of the Vulnerable Software and Affected Versions: Foreman versions prior to 1.4.5 Foreman versions 1.5.x prior to 1.5.1 Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to the "tftp/fetch boot file" endpoint...

Files Desk Pro 1.4 iOS - Local File Inclusion

Document Title: =============== Files Desk Pro v1.4 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1266 Release Date: ============= 2014-05-16 Vulnerability Laboratory ID VL-ID: ====================================...

FineCMS v1.8任意文件下载

简要描述： 代码审计是个技术活，需要很好的耐心.. o︶︿︶o 详细说明： 出现问题的版本是FineCMS V1.8.0 最新版。 1.顺藤摸瓜 漏洞文件：controllers/ApiController.php downAction方法 public function downAction $data = fnauthcodebase64decode$this-get'file', 'DECODE'; $file = isset$data'finecms' && $data'finecms' ? $data'finecms' : ''; if empty$file...

Files Desk Pro v1.4 iOS - File Include Web Vulnerability

Document Title: =============== Files Desk Pro v1.4 iOS - File Include Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1266 Release Date: ============= 2014-05-15 Vulnerability Laboratory ID VL-ID: ====================================...

python-django: MySQL typecasting

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

python-django: MySQL typecasting

The 1 FilePathField, 2 GenericIPAddressField, and 3 IPAddressField model field classes in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 do not properly perform type conversion, which allows remote attackers to have unspecified impact and vectors, relate...

Ian Dunn: Multiple Path Disclosure

Hi Ian, I have downloaded all the latest version's of plugin's from your wp profile and did a quick check for FPD. I know you may point out that WP does'nt consider it as a issue however i personally for plugin i look at it as a miss on best practice from plugin developers part. I do not expect a...