1410 matches found
bmforum漏洞exp
No description provided by source. ?php printr" +------------------------------------------------------------------+ Exploit For Blue Magic Forum All Version Fuck Register Global && Magic Quote BY 拖鞋王子 Mokfly 媒婆X Just For Fun : +------------------------------------------------------------------+...
WEBInsta MM <= 1.3e (absolute_path) Remote File Include Exploit
No description provided by source. !-- vulnerable code: /maillist/inc/initdb.php ----------------------------------------------------------------------- ifisset$GET'absolutepath' echo "no access from here !!"; exit; include$absolutepath.'inc/adodbt/db.inc';...
WEBInsta MM 1.3e - 'absolute_path' Remote File Inclusion
WEBInsta Mailing List Manager = 1.3e initdb.php Remote File Include Exploit function milw0rm if document.exploit.target.value=="" alert"Enter a Target"; return false; exploit.action= document.exploit.target.value; exploit.cmd.value=document.exploit.cmd.value;...
CVE-2006-3197
Cross-site scripting XSS vulnerability in Invision Power Board IPB 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a POST that contains hexadecimal-encoded HTML...
Code injection
Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipnsuccess.php...
CVE-2006-0201
Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipnsuccess.php...
CVE-2006-0201
Dave Nielsen and Patrick Breitenbach PayPal Web Services aka PHP Toolkit 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipnsuccess.php...
almondClassifieds.txt
A vulnerability discovered in Almond Classifeds http://www.almondsoft.com/alcl.html vulnerability is due omit check of password in "editform" user can edit any add in the classifieds if we post new add we can edit our add in the "editform" section there are 2 hidden fields: by changing the number...
CVE-2004-2505
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service memory consumption and crash by sending repeated GET or POST requests that trigger error messages that use long strings of data...
CVE-2004-2496
The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service service availability loss via a large number of POST requests to /Search...
EasyGuppy 4.5.44.5.5 - Printfaq.php Directory Traversal
EasyGuppy 4.5.44.5.5 - Printfaq.php Directory Traversal source: https://www.securityfocus.com/bid/14984/info EasyGuppy is prone to a directory traversal vulnerability. The application fails to properly sanitize input supplied through HTTP POST requests or cookies. Exploitation of this vulnerabili...
CVE-2004-1765
Off-by-one buffer overflow in ModSecurity modsecurity 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests...
Linksys PSUS4 PrintServer - POST Denial of Service
source: https://www.securityfocus.com/bid/12443/info Linksys PSUS4 PrintServer is reported prone to a remote denial of service vulnerability while handling certain HTTP POST requests received on TCP port 80. An attacker may exploit this condition to deny service to the affected PrintServer. $ wge...
squid -- DoS on failed PUT/POST requests vulnerability
The squid patches page notes: An inconsistent state is entered on a failed PUT/POST request making a high risk for segmentation faults or other strange errors...
CVE-2004-1765
Off-by-one buffer overflow in ModSecurity modsecurity 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests...
CVE-2004-2496
The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service service availability loss via a large number of POST requests to /Search...
SnipSnap 0.5.2 - HTTP Response Splitting
SnipSnap 0.5.2 - HTTP Response Splitting source: https://www.securityfocus.com/bid/11180/info SnipSnap is reported prone to an HTTP response splitting vulnerability. The issue exists in the 'referer' parameter. The issue presents itself due to a flaw in the application that allows an attacker to...
Axis Network Camera 2.x And Video Server 1-3 - Directory Traversal
Axis Network Camera 2.x And Video Server 1-3 - Directory Traversal source: https://www.securityfocus.com/bid/11011/info A directory-traversal vulnerability in HTTP POST requests. This attack is demonstrated by an anonymous user calling protected administration scripts. This bypasses authenticatio...
Cross-Site Scripting (XSS) in Php-Nuke 7.1.0
Affected software description: Php-Nuke is popular freeware content management system, written in php by Francisco Burzi. This CMS COntent Management System is used on many thousands websites, because its free of charge, easy to install and has broad set of features. Homepage: http://phpnuke.org...
CVE-2003-0349
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services nsiislog.dll, as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll...