643 matches found
BookmarkX script 2007 - topicid SQL Injection
BookmarkX script 2007 - topicid SQL Injection BookmarkX scriptPowered by GengoliaWebStudioSQL Injection AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DorKs 1 : "2007 BookmarkX script" DORKS 2 : Powered by GengoliaWebStudio DORK 3 : allinurl :"index.php?menu=showtopic" EXPLOIT :...
patchlink-pwn.txt
PatchLink Update Unix Client File clobbering vulnerability Larry W. Cashdollar Vapid Labs 1/17/2008 Overview From the vendor: PatchLink Update provides rapid, accurate and secure patch management, allowing you to proactively manage threats by automating the collection, analysis and delivery of...
CVE-2008-0398
Cross-site scripting XSS vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form...
CVE-2008-0239
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the 1 cntry or lang parameters to /idm/login.jsp, 2 resultsForm parameter to /idm/account/findForSelect.jsp, or...
Tribisur <= 2.0 Remote SQL Injection Exploit
No description provided by source. !/usr/bin/php -q ?php echo "Tribisur = 2.0 Remote SQL Injection Exploit\r\n"; echo "Coded by x0kster -x0ksterATgmailDOTcom - \r\n"; / Script Download : http://www.comscripts.com/scripts/php.tribisur-20.1211.html Bug 1 in modules/forum/liste.php : First, this...
DEBIAN-CVE-2007-5105
Cross-site scripting XSS vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the useremail parameter...
CHILKAT ASP String - 'CkString.dll 1.1 SaveToFile()' Insecure Method
----------------------------------------------------------------------------- CHILKAT ASP String CkString.dll url: http://www.chilkatsoft.com/ author: shinnai mail: shinnaiatautisticidotorg site: http://shinnai.altervista.org This was written for educational purpose. Use it at your own risk. Auth...
CVE-2007-3330
CVE-2007-3330 describes a stored cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0. The issue allows remote attackers to inject arbitrary web script or HTML via a news post that is stored in the news/ directory without proper sanitization. The root cause is the lack of input/outp...
XSS In Script deviantART
By Hasadya Raed Contact : [email protected] ------------------------------------ XSS BUGS Script : deviantART ------------------------------------ http://www.deviantart.com/deviation/48117218/?qo="s c r i p ta l e r t'RaeD';/s c r i p t http://prints.deviantart.com/?catpath=manga,cartoons&order="s...
AT Contenator <= v1.0 (Root_To_Script) Remote File Include Exploit
No description provided by source. html head meta http-equiv="Content-Type" content="text/html; charset=windows-1254" titleAT Contenator = v1.0 RootToScript Remote File Include Exploit/title script language="JavaScript"...
FD Script 1.3.x - 'FName' Information Disclosure
source: https://www.securityfocus.com/bid/22265/info FD Script is prone to an information-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the...
Cacti graph_view.php Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the Raxnet Cacti 'graphview.php' script. All versions of Raxnet Cacti prior to 0.8.6-d are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...
PostNuke <= 0.763 (PNSV lang) Remote Code Execution Exploit
No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...
PHP Forge <= 3 beta 2 (cfg_racine) Remote File Inclusion Vulnerability
No description provided by source. \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ phpforge3b2cfgracine Remote File Inclusion Vulnerability ------------------------ Virangar Security Team www.virangar.org public www.virangar.net priv8 -------- Discoverd By : Snake...
HostingController: An attacker can gain reseller privileges and after that can gain admin privileges
Hi, I'm Soroush Dalili from GrayHatz Security Group GSG. I publish the most important bugs of hosting controller program, after 3 weeks from reporting to the main company for more security Title: An attacker can gain reseller privileges and after that can gain admin privileges Version: 6.1 Hotfix...
DreamAccount <= 3.1 (auth.api.php) Remote File Include Exploit
No description provided by source. !/usr/bin/perl use HTTP::Request; use LWP::UserAgent; ---------------------------------------------------- DREAMACCOUNT V3.1 Remote Command Execution Exploit ---------------------------------------------------- Discovered By CrAshoVeRrIdEArabian Security Team...
Amrtalk.txt
SaVSaK.CoM | SpC-x - TheBeKiR | Amr Talkbox talkbox.PHP - Remote File Include Vulnerabilities Risk : High Class: Remote Script : Amr Talkbox Credits : SpC-x Thanks : TheBeKiR - Ejder - FasTBoY - ERNE - RMx Code : if $lang == "eng" include "$direct/langeng.txt"; elseif $lang =="ita" include...
Design/Logic Flaw
An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid 1 perso or 2 aide parameters...
Community Link Pro webeditor login.cgi remote command execution
The remote host is running Community Link Pro, a web-based application written in Perl. The remote version of this software contains a flaw in the script 'login.cgi' which may allow an attacker to execute arbitrary commands on the remote host. OpenVAS Vulnerability Test $Id:...
[SECURITY] [DSA 933-1] New hylafax packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 933-1 [email protected] http://www.debian.org/security/ Michael Stone January 9, 2006 http://www.debian.org/security/faq -...