Find Metadata

Added: 06/04/2009 Background This tool searches the Internet for PDF and Microsoft Office files in the given domain, and extracts the metadata from those files. This metadata often contains the names or aliases of the document's authors or contributors, which can be used to guess valid e-mail...

ZeeCareers 2.0 (addadminmembercode.php) Add Admin Exploit

Exploit for unknown platform in category web applications ========================================================= ZeeCareers 2.0 addadminmembercode.php Add Admin Exploit ========================================================= ZeeCareers v2.0 addadminmembercode.php Add Admin function...

Microsoft IIS 6.0 - WebDAV Remote Authentication Bypass (1)

...

CVE-2009-0518

VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 before Update 4, and VMware ESX 3.5 before Update 4 retains the VirtualCenter Server password in process memory, which might allow local users to obtain this password...

CVE-2008-3866

The Trend Micro Personal Firewall service aka TmPfw.exe in Trend Micro Network Security Component NSC modules, as used in Trend Micro OfficeScan 8.0 SP1 Patch 1 and Internet Security 2007 and 2008 17.0.1224, relies on client-side password protection implemented in the configuration GUI, which...

Upload command to Startup folder

Added: 01/20/2009 Background Each user's Startup folder on Windows systems contains programs which run at start-up time. This tool attempts to upload a command connection to a user's Startup folder. If successful, the connection will be established the next time the computer starts. Limitations A...

Linux/x86-64 - Bind TCP (1337/TCP) Shell + Password (pAzzW0rd) + Egghunter Using sys_access() Shellcode (49 bytes)

Linux/x86-64 - Bind TCP 1337/TCP Shell + Password pAzzW0rd + Egghunter Using sysaccess Shellcode 49 bytes. Shellcode exploit for Linuxx86-64 platform ; Author Doreth.Z10 ; ; Linux x8664 Egghunter using sysaccess ; Shellcode size 49 bytes ; global start section .text start: xor rsi, rsi ; Some pre...

CVE-2008-5099

Sun Logical Domain Manager aka LDoms Manager or ldm 1.0 through 1.0.3 displays the value of the OpenBoot PROM OBP security-password variable in cleartext, which allows local users to bypass the SPARC firmware's password protection, and gain privileges or obtain data access, via the "ldm ls -l"...

belkin-bypass.txt

html code to bypass the webinterface password protection of the Belkin wireless G router + adsl2 modem. It worked on model F5D7632-4V6 with upgraded firmware 6.01.08. Change dns nameservers ip's can't be the same Clear log file Change time, pwdif you have old pwd, remote management, UPnP: and...

PT-2008-5134 · Newsoft · Folder Lock

Name of the Vulnerable Software and Affected Versions: Folder Lock versions 5.9.5 and earlier Description: The issue concerns the use of weak encryption, specifically ROT-25, for password protection. This weakness allows local administrators to access sensitive information by reading and decrypti...

CVE-2008-2724

Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions...

CVE-2008-2724

Menalto Gallery before 2.2.5 does not enforce permissions for non-album items that have been protected by a password, which might allow remote attackers to bypass intended access restrictions...

Aria-Security.Net: Joomla Com_publication "pid" Remote SQL Injection

Aria-Security Team Persian Security Network http://Aria-Security.Net ------------------------------- Shoutz: Aura, imm02tal, Kinglet, iM4n Joomla Compublication "pid" Remote SQL Injection...

Microsoft Expression Media Plaintext Password Storage Weakness

CVE-2007-5470 Microsoft Expression Media is prone to a weakness because passwords are stored in plain-text format. This issue stems from a design error in the catalog password-protection feature. Attackers could use this issue in conjunction with other vulnerabilities in a host to gain access to...

wconnect-xss.txt

HSC WCONNECT WC.DLL Cross-Site Scripting Vulnerability West Wind Web Connection is a tool for building Web applications using the Visual FoxPro environment but is also Vulnerable to Cross-Site scripting attacks. Admins need to password protect the application since its installed with out password...

wpQuiz 2.7 Multiple Remote SQL Injection Vulnerabilities

Exploit for unknown platform in category web applications ======================================================== wpQuiz 2.7 Multiple Remote SQL Injection Vulnerabilities ======================================================== Tytul: wpQuiz 2.7 Remote SQL Injection Vulnerability...

CVE-2007-6130

gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions...

CVE-2007-6130

The CVE-2007-6130 issue affects gnump3d 2.9final, where password protection is not applied to plugins, potentially allowing remote attackers to bypass intended access restrictions. The vulnerability concerns plugin-level access controls rather than core authentication, with the NVD and SUSE entri...

CVE-2007-6130

gnump3d 2.9final does not apply password protection to its plugins, which might allow remote attackers to bypass intended access restrictions...

CVE-2003-1454

Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access...