PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version

?php www.bugreport.ir Title: PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version Vendor: http://www.php.net Vulnerable Version: PHP up to version 5.3.12 and 5.4.2 Exploitation: Remote Original Advisory: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ Original Exploit URL:...

Active Collab "chat module" 2.3.8 Remote PHP Code Injection

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Active Collab "chat module" %q This...

CVE-2010-5098

The CVE-2010-5098 entry documents a Cross-Site Scripting (XSS) vulnerability in TYPO3’s FORM content object, affecting TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5. The impact is that remote authenticated users can inject arbitrary web script or HTML via unspecified vecto...

CVE-2012-2911

Cross-site scripting XSS vulnerability in backupDB.php in SiliSoftware backupDB 1.2.7a allows remote attackers to inject arbitrary web script or HTML via the onlyDB parameter...

Active Collab "chat module" Remote PHP Code Injection Exploit

This module exploits an arbitrary code injection vulnerability in the chat module that is part of Active Collab versions 2.3.8 and earlier by abusing a pregreplace using the /e modifier and its replacement string using double quotes. The vulnerable function can be found in...

PHP Enter 4.1.2 - 'banners.php' PHP Code Injection

source: https://www.securityfocus.com/bid/53426/info PHP Enter is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the...

WebCalendar 1.2.4 - Remote Code Injection (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "WebCalendar 1.2.4...

WebCalendar 1.2.4 Pre-Auth Remote Code Injection

Exploit for linux platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

CVE-2012-0471

CVE-2012-0471 is documented in multiple connected advisories as a Cross-site Scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9. The root cause is a vulnerabi...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

CVE-2012-0872

CVE-2012-0872 concerns OxWall 1.1.1 and earlier, with multiple cross-site scripting (XSS) vulnerabilities. The issues arise from insufficient input sanitization in various parameters across the application (e.g., join: captchaField, email, form_name, password, realname, repeatPassword, username; ...

Cross site scripting

Cross-site scripting XSS vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry...

CVE-2012-1262

CVE-2012-1262 is a cross-site scripting (XSS) vulnerability in Movable Type’s cgi-bin/mt/mt-wizard.cgi. It affects Movable Type releases prior to 4.38, 5.0x prior to 5.07, and 5.1x prior to 5.13 when the product is incompletely installed. The issue allows remote attackers to inject arbitrary web ...

LDAP Account Manager Pro v3.6 - Multiple Vulnerabilities

Document Title: =============== LDAP Account Manager Pro v3.6 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=458 Release Date: ============= 2012-03-01 Vulnerability Laboratory ID VL-ID: ==================================== 45...

CVE-2012-1211

CVE-2012-1211: XSS in Powie pFile 1.02 via pfile/kommentar.php (filecat parameter). Affected component: Powie pFile 1.02; vulnerability described as cross-site scripting, enabling remote script/HTML injection. CVSS v2 base score 4.3 (Medium) with network attack vector, no authentication, partial ...

ProFTPD FTP Server TELNET_IAC Stack Buffer Overflow (CVE-2010-4221)

A remote code injection and execution vulnerability has been reported in ProFTPD FTP Server. The vulnerability is due to an error in the way boundary checks are implemented when processing Telnet escape sequences. A remote attacker may exploit this issue by sending a specially crafted FTP command...

CVE-2011-4923

Cross-site scripting XSS vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than...

CVE-2012-0767

Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via...

Cross site scripting

Cross-site scripting XSS vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the valuetitle parameter, as demonstrated using the "Front" field in the shirt module...

CVE-2011-4511

Cross-site scripting XSS vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 aka TIA portal before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime...