CVE-2012-3327

CVE-2012-3327 describes a cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management (versions 6.2–7.5), Maximo Asset Management Essentials (6.2–7.5), Tivoli Asset Management for IT (6.2–7.2), Tivoli Service Request Manager (7.1–7.2), Maximo Service Desk (6.2), CCMDB (7.1–7.2), and S...

E Sms Script - Multiple SQL Injections

E SMS Script Multiple SQL Injection Vulnerability By cr4wl3r http://bastardlabs.info http://bastardlabs.info/exploits/ESMSScript.txt Good Music: http://goo.gl/TLkEs : Script: http://www.esmsscript.com/index.php?option=comcontent&view=article&id=22&Itemid=41 Dork: inurl:"smscollection.php?catid="...

Perl script jsupload.cgi.pl 0.6.4 Directory Traversal

jsupload.cgi.pl versions 0.6.4 and below suffer from a directory traversal vulnerability. ------------------------------------------------------------------------------------------------------------- Directory traversal vulnerabilities in jsupload.cgi.pl version 0.6.4 and before 29 November 2012...

Sava’s Simple Upload Script / Delete Arbitrary File

Exploit for php platform in category web applications Exploit Title: Sava’s Simple Upload Script / Delete Arbitrary File Date: 03/07/2012 Author: Daniel Godoy Author Mail: DanielGodoyatGobiernoFederaldotcom Author Web: www.delincuentedigital.com.ar Sofware web:...

Wordpress custom-background plugin file upload vulnerability

Exploit for php platform in category web applications +----------------------------------------------------------------------+ Exploit Title: wordpress custom-background plugin file upload vulnerability Google Dork: inurl:/wp-content/plugins/custom-background Date: 10/06/2012 Author: Tunisian...

CVE-2010-4955

SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078...

CVE-2011-3864

Cross-site scripting XSS vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter...

bash security update

CentOS Errata and Security Advisory CESA-2011:1073 An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common...

Persian Sharetronix Portal Source Code Disclosure

=========================================================== Persian Sharetronix portal Remote Source Code Disclosure Vulnerability ----------------------------------------------------------- foun by :kurdish hackers team group : kurd-team contact : [email protected] site : kurdteam.org...

RHEL 5 : bash (RHSA-2011:1073)

An updated bash package that fixes one security issue, several bugs, and adds one enhancement is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives...

CVE-2011-2754

Cross-site scripting XSS vulnerability in the PageBuilder2 aka Page Builder theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager WCM and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Arbitrary file deletion

The configure script in D-Bus aka DBus 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/...

Built2Go PHP Shopping - SQL Injection

Script Name: Built2Go PHP Shopping version = 1.7 Site: http://built2go.com/ Script Demo: http://demos.built2go.com/shopping/1/ Found: Br0ly Google Dork: "Powered by Built2Go PHP Shopping" p0c: http://server.com/product.php?cat=16'%20UNION%20ALL%20SELECT%201,@@version,3/ xPloit:...

Microsoft Internet Explorer local file reading and detection vulnerability-vulnerability warning-the black bar safety net

Microsoft IE in the handling of local file access when there are some problems, combined with the Microsoft windows characteristics may be able to read the local of certain special files that may have other use. As the browser is inevitable to deal with cross-domain resource access issues, then t...

Cross site scripting

Cross-site scripting XSS vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Good subtle Bo system upload vulnerability-vulnerability warning-the black bar safety net

Good subtle Bo system using the upload program when it is submitted to verify the local path, causing the file name to determine the error upload 1. asp;xxx. jpg the special file name. Caused by IIS6. 0 parse error, thereby executing the asp script vulnerability. There is vulnerability file:...

Photo Sharing Script SQL Injection

Exploit Title: photo sharing script SQL injection Vulnerability Date: 24/06/2010 Author: JaMbA Script url: http://www.2daybiz.com/photosharingscript.html Version: N/A Tested on: Windows CVE : ::::::::::::::::::::::::: ::::::::::::::::::::::::: =================Exploit====== ============ EXPL0!T...

PenPals Authentication Bypass

Exploit for asp platform in category web applications ============================= PenPals Authentication Bypass ============================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /...

EgO v0.7b (fckeditor) Remote File Upload

Exploit for php platform in category web applications ======================================== EgO v0.7b fckeditor Remote File Upload ======================================== Title: EgO v0.7b fckeditor Remote File Upload Download: http://sourceforge.net/projects/vairux-ego/ AUTHOR: ITSecTeam Emai...

gitWeb 1.5.2 - Remote Command Execution

gitWeb 1.5.2 - Remote Command Execution Exploit Title: gitWeb remote command execution Date: 2009.06.19 Author: S2 Crew Hungary Software Link: - Version: GIT 1.5.2 Tested on: debian linux, GIT 1.5.2 CVE: CVE-2008-5516 - CVE-2008-5517 Code: The cgi script doesn't show the command output blind...