Arab Portal 2.2 - Blind Cookie Authentication Bypass

Arab Portal 2.2 - Blind Cookie Authentication Bypass !/usr/bin/ruby ============================================= Arab Portal v2.2 Exploit , Blind SQL Injection / Authentication Bypass Discovered & written by: Jafer Al-Zidjali Email: [email protected] Website: www.scorpionds.com...

LoveCMS 1.6.2 Final Update Settings Remote Exploit

Exploit for unknown platform in category web applications ================================================== LoveCMS 1.6.2 Final Update Settings Remote Exploit ================================================== !/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- LoveCMS Exploit Series...

LoveCMS 1.6.2 Final - Update Settings

LoveCMS 1.6.2 Final - Update Settings !/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- pomdapimpatgmaildotcom LoveCMS Exploit Series Episode 3: changing site settings ... Description: Simply change the site settings ! Usage: ./LoveCMS3settings.rb Ex: ./LoveCMS2themes.rb...

LoveCMS 1.6.2 Final - Remote Code Execution

!/usr/bin/ruby Exploit by PoMdaPiMp! --------------------- pomdapimpatgmaildotcom LoveCMS Exploit Series Episode 1: adding a side block Description: add some php into a block container on the side of the site. phpinfo is called. Usage: ./LoveCMS1blocks.rb Ex: ./LoveCMS1blocks.rb...

Fedora 7 : ruby-1.8.6.114-1.fc7 (2008-2458)

Tue Mar 4 2008 Akira TAGOH - 1.8.6.114-1 - Security fix for CVE-2008-1145. - Improve a spec file. 226381 - Correct License tag. - Fix a timestamp issue. - Own a arch-specific directory. - Tue Feb 19 2008 Fedora Release Engineering - 1.8.6.111-9 - Autorebuild for GCC 4.3 - Tue Feb 19 2008 Akira...

Fedora 8 : ruby-1.8.6.114-1.fc8 (2008-2443)

Tue Mar 4 2008 Akira TAGOH - 1.8.6.114-1 - Security fix for CVE-2008-1145. - Improve a spec file. 226381 - Correct License tag. - Fix a timestamp issue. - Own a arch-specific directory. - Tue Feb 19 2008 Fedora Release Engineering - 1.8.6.111-9 - Autorebuild for GCC 4.3 - Tue Feb 19 2008 Akira...

SquirrelMail G/PGP Plugin deletekey() Command Injection Exploit

Exploit for unknown platform in category web applications =============================================================== SquirrelMail G/PGP Plugin deletekey Command Injection Exploit =============================================================== !/usr/local/bin/ruby puts"http://backdoored.net\n...

SquirrelMail G/PGP Encryption Plugin - 'deletekey()' Command Injection

!/usr/local/bin/ruby puts"http://backdoored.net\n" puts "SquirrelMail G/PG deletekey command injection exploit\n" puts "http://backdoored.net Visit Us\n" puts "Coded by Backdoored member. \n" puts "--------------------------------------------------\n" if ARGV0 == nil && ARGV1 == nil && ARGV2 == n...

Fedora 7 : ruby-1.8.6.110-1.fc7 (2007-2406)

Thu Oct 4 2007 Akira TAGOH - 1.8.6.110-1 - New upstream release. - ruby-r12567.patch: removed. - ruby-1.8.6-CVE-2007-5162.patch: security fix for Net::HTTP that is insufficient verification of SSL certificate. 313791 - Wed Jul 25 2007 Akira TAGOH - 1.8.6.36-3 - ruby-r12567.patch: backport patch...

CVE-2007-5162

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

Cross site request forgery (csrf)

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

CVE-2007-5162

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

CVE-2007-5162

CVE-2007-5162 affects Ruby 1.8.5/1.8.6: Net::HTTP and Net::HTTPS do not verify the server certificate CN against the requested domain, enabling MITM or spoofed sites. The connected MiracleLinux advisory ( AXSA-2007-63:01 ) reiterates the flaw across multiple Net modules (including Net::HTTP/Net::...

Ruby Net::HTTPS library does not validate server certificate CN

The connect method in lib/net/http.rb in the 1 Net::HTTP and 2 Net::HTTPS libraries in Ruby 1.8.5 and 1.8.6 does not verify that the commonName CN field in a server certificate matches the domain name in an HTTPS request, which makes it easier for remote attackers to intercept SSL transmissions v...

twiki20030201.pl.txt

!/usr/bin/perl TWiki 20030201 VIEW string remote command execution vulnerability Exploit coded by runvirus GeekZatWorldDefacersd0tNeT root@localhost perls$ perl twikiview.pl -h www.victim.com -p twiki/bin/view/TWiki/ -c "uname -a;id" -= TWiki :- view string remote command execution exploit =- -=...