178 matches found
Xornic Contact Us Form CAPTCHA Bypass / XSS
Hi FD, So I got bored/felt nostalgia and decided I would go through the hotscripts website and audit the top 10 most popular PHP scripts PHP being my most proficient language. Y'know, for practice or something. Unfortunately, there were a number of factors that frustrated this effort: Most of the...
CVE-2013-4469
OpenStack Compute Nova Folsom, Grizzly, and Havana, when usecowimages is set to False, does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service host file system disk consumption by transferring an image with a large virtual size that does not contai...
OpenJDK: Incorrect image attribute verification (2D, 8012438)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...
OpenJDK: Incorrect image attribute verification (2D, 8012438)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...
OpenJDK: Incorrect image attribute verification (2D, 8012438)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...
OpenJDK: Incorrect image attribute verification (2D, 8012438)
Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2...
Fedora Extras : imlib2-1.2.1-2 (2006-004)
M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary...
FORMfields Upload Vulnability
Exploit for php platform in category web applications Date: 12.03.2011 Author: PretoriaN Vendor or Software Link: Version: app version Category:: Exploit Google dork: inurl:/forms/FORMfields/ Tested on: PHP Exploit:/examples/allFields/ffceallfields.phpupload Step 1: in Text Field: type any name...
Esoftpro Online Guestbook Pro - Multiple Vulnerabilities
Exploit Title: Esoftpro Online Guestbook Pro Multiple Vulnerability Vendor url:http://www.esoftpro.com/ Version:5.1 Author: L0rd CrusAd3r aka VSN [email protected] Published: 2010-07-4 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j. Special Greetz:...
vBulletin - Denial of Service
vBulletin - Denial of Service !/c:/perl/bin VBulletin Denail of Service Exploit by 4.!.5 created : !N 7h3 DARKNESS CODED BY: R3d-D3V!L important = Image Verification in search.php is NOT Enabled. It tested on V3.6.3 Perl Script use Socket; if @ARGV \n"; print "\tex: $0 127.0.0.1 /forum/\n"; print...
vBulletin - Denial of Service
!/c:/perl/bin VBulletin Denail of Service Exploit by 4.!.5 created : !N 7h3 DARKNESS CODED BY: R3d-D3V!L important = Image Verification in search.php is NOT Enabled. It tested on V3.6.3 Perl Script use Socket; if @ARGV \n"; print "\tex: $0 127.0.0.1 /forum/\n"; print "\tex2: $0 127.0.0.1 /\n\n";...
vBulletin Denial of Service Vulnerability
No description provided by source. !/c:/perl/bin VBulletin Denail of Service Exploit by 4.!.5 created : !N 7h3 DARKNESS CODED BY: R3d-D3V!L important = Image Verification in search.php is NOT Enabled. It tested on V3.6.3 Perl Script use Socket; if @ARGV 2 &usage $rand=rand10; $host = $ARGV0; $dir...
e107-upload.txt
/ \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title e107 = 0.7.8 - Arbitrary File Upload Description "e107 is a content management system written in PHP and using the popular open source MySQL database...
e107 <= 0.7.8 (photograph) Arbitrary File Upload Vulnerability
Exploit for unknown platform in category web applications ============================================================== e107 = 0.7.8 photograph Arbitrary File Upload Vulnerability ============================================================== / \ / \ | | | | | | | | | | | / | | | | | | | ' / | |...
e107 0.7.8 - photograph Arbitrary File Upload
e107 0.7.8 - photograph Arbitrary File Upload / \ / \ | | | | | | | | | | | / | | | | | | | ' / | | ' \ / \ | | | | || | || | | | \ | | | | / | , |/ /|| ||| |||| / | |/ INFO: Program Title e107 = 0.7.8 - Arbitrary File Upload Description "e107 is a content management system written in PHP...
CVE-2006-2931
CMS Mundo prior to 1.0 build 008 is affected by CVE-2006-2931 due to an input validation error in the image upload handling that allows remote attackers to upload PHP scripts and then access them directly to execute arbitrary code. The vulnerability resides in the image gallery upload path, enabl...
Henan mobile network client server system code defect analysis and use-vulnerability and early warning-the black bar safety net
Declare Oh herein no technical content---just to prove that java can also be made hack tool China Mobile's online customer service system everyone should be very familiar, because I was moving faithful henna user, naturally from Henan mobile speaking. In the mobile Hall handled the business users...
CVE-2004-1386
CVE-2004-1386 : TikiWiki before 1.8.4.1 fails to properly verify uploaded images, enabling remote attackers to upload and execute arbitrary PHP scripts. This is a server-side code execution risk via image upload in the Wiki edit flow. The public description notes a separate issue (CVE-2005-0200) ...